Network, endpoint, and application security systems

1.2 Compare security deployments

đŸ“˜Cisco Certified CyberOps Associate (200-201 CBROPS v1.2, 2025 Update)

In cybersecurity, organizations use multiple layers of security to protect their IT environment. These layers can be grouped into three main types:

  1. Network Security
  2. Endpoint Security
  3. Application Security

Each of these plays a different role in keeping systems, data, and users safe.

1. Network Security Systems

Definition:
Network security systems protect the data moving across an organization’s network and prevent unauthorized access or attacks.

Key Components:

  1. Firewalls
    • Function: Control incoming and outgoing network traffic.
    • Example in IT Environment: A firewall blocks suspicious traffic from the internet trying to reach the company’s servers.
  2. Intrusion Detection and Prevention Systems (IDS/IPS)
    • Function: Detect malicious activity or policy violations. IDS alerts security teams; IPS can automatically block the attack.
    • Example: Detecting a hacker scanning network ports and blocking their IP automatically.
  3. Virtual Private Networks (VPNs)
    • Function: Encrypt data between remote users and the network.
    • Example: Employees working from home securely access company files via a VPN.
  4. Network Access Control (NAC)
    • Function: Ensures only authorized devices and users can connect to the network.
    • Example: A new laptop trying to join the company network is checked for antivirus and proper configuration before it can connect.
  5. Security Information and Event Management (SIEM)
    • Function: Collects, analyzes, and reports on network events and security alerts.
    • Example: SIEM aggregates logs from firewalls and servers to detect patterns like repeated failed login attempts.

Purpose for Exam:
You need to understand that network security focuses on protecting data in motion, stopping intruders, and monitoring network traffic.

2. Endpoint Security Systems

Definition:
Endpoint security protects individual devices that connect to the network, like laptops, desktops, servers, and mobile devices.

Key Components:

  1. Antivirus / Anti-Malware
    • Function: Detects and removes malicious software.
    • Example: A malware-infected USB drive is detected when plugged into a workstation.
  2. Endpoint Detection and Response (EDR)
    • Function: Monitors endpoints in real-time for suspicious activity. Can respond automatically or alert security teams.
    • Example: Detecting unusual file changes on an employee’s laptop and isolating it from the network.
  3. Host-Based Firewalls
    • Function: Filters traffic specifically for that device.
    • Example: A laptop’s firewall blocks unauthorized remote connections.
  4. Data Loss Prevention (DLP)
    • Function: Prevents sensitive data from leaving the endpoint.
    • Example: Stopping confidential documents from being emailed to personal accounts.

Purpose for Exam:
Endpoint security focuses on protecting devices themselves and stopping threats that might bypass network security.

3. Application Security Systems

Definition:
Application security protects software applications from vulnerabilities and attacks during use.

Key Components:

  1. Web Application Firewalls (WAFs)
    • Function: Protect web applications from attacks like SQL injection, cross-site scripting (XSS).
    • Example: Preventing an attacker from sending harmful queries to a web-based customer portal.
  2. Patch Management
    • Function: Keeps software updated with the latest security fixes.
    • Example: Updating a server’s database software to fix a known vulnerability.
  3. Application Control / Whitelisting
    • Function: Allows only authorized applications to run.
    • Example: A company allows only its approved accounting software on employee laptops.
  4. Runtime Application Self-Protection (RASP)
    • Function: Monitors applications in real-time for attacks while running.
    • Example: Detecting and blocking malicious input before it affects the application.

Purpose for Exam:
Application security focuses on protecting the software itself from attacks, ensuring the data and functionality are safe.

Key Differences in a Simple Table

FeatureNetwork SecurityEndpoint SecurityApplication Security
FocusProtect data in motionProtect devicesProtect software/applications
ExamplesFirewalls, IDS/IPS, VPNsAntivirus, EDR, DLPWAF, Patch Management, RASP
Primary GoalBlock intruders, monitor trafficDetect and respond to malware or attacks on devicesPrevent software vulnerabilities from being exploited

Why It Matters

  • Network, endpoint, and application security work together to provide a layered defense (defense in depth).
  • Understanding these layers helps security teams detect, respond, and prevent attacks effectively.
  • For the CBROPS exam, you need to know what each type protects, the key tools, and how they are deployed.

✅ Exam Tip:
Remember the three layers like this:

  • Network = Data moving
  • Endpoint = Devices
  • Application = Software

This simple mental model often helps in multiple-choice questions.

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by