Computer security software or cybersecurity software is any

computer program A computer program is a sequence or set of instructions in a programming language for a computer to execute. Computer programs are one component of software, which also includes documentation and other intangible components. A computer program ...

designed to influence

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense. The defense of

computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...

s against intrusion and unauthorized use of

resources Resource refers to all the materials available in our environment which are technologically accessible, economically feasible and culturally sustainable and help us to satisfy our needs and wants. Resources can broadly be classified upon their av ...

is called ''

computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

''. Similarly, the defense of

computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...

s is called ''

network security Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...

''. The subversion of

s or their unauthorized use is referred to using the terms ''

cyberwarfare Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic war ...

'', ''

cybercrime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...

'', or ''

security hacking A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge ...

'' (later shortened to ''hacking'' for further references in this article due to issues with ''

hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

'', ''

hacker culture The hacker culture is a subculture of individuals who enjoy—often in collective effort—the intellectual challenge of creatively overcoming the limitations of software systems or electronic hardware (mostly digital electronics), to a ...

'' and differences in

white White is the lightest color and is achromatic (having no hue). It is the color of objects such as snow, chalk, and milk, and is the opposite of black. White objects fully reflect and scatter all the visible wavelengths of light. White on ...

grey Grey (more common in British English) or gray (more common in American English) is an intermediate color between black and white. It is a neutral or achromatic color, meaning literally that it is "without color", because it can be composed o ...

black Black is a color which results from the absence or complete absorption of visible light. It is an achromatic color, without hue, like white and grey. It is often used symbolically or figuratively to represent darkness. Black and white have o ...

'hat' color identification).

Types

Below, various software implementations of Cybersecurity patterns and groups outlining ways a host system attempts to secure itself and its assets from malicious interactions, this includes tools to deter both

passive Passive may refer to: * Passive voice, a grammatical voice common in many languages, see also Pseudopassive * Passive language, a language from which an interpreter works * Passivity (behavior), the condition of submitting to the influence of o ...

and active security threats. Although both security and usability are desired, today it is widely considered in computer security software that with higher security comes decreased usability, and with higher usability comes decreased security.

Prevent access

The primary purpose of these types of systems is to restrict and often to completely prevent access to computers or data except to a very limited set of users. The theory is often that if a key, credential, or token is unavailable then access should be impossible. This often involves taking valuable information and then either reducing it to apparent noise or hiding it within another source of information in such a way that it is unrecoverable. *

Cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

and

Encryption software Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over t ...

Steganography Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, ...

and

Steganography tools A steganography software tool allows a user to embed hidden data inside a carrier file, such as an image or video, and later extract that data. It is not necessary to conceal the message in the original file at all. Thus, it is not necessary to mo ...

A critical tool used in developing software that prevents malicious access is ''Threat Modeling''. Threat modeling is the process of creating and applying mock situations where an attacker could be trying to maliciously access data in

cyberspace Cyberspace is a concept describing a widespread interconnected digital technology. "The expression dates back from the first decade of the diffusion of the internet. It refers to the online world as a world 'apart', as distinct from everyday rea ...

. By doing this, various profiles of potential attackers are created, including their intentions, and a catalog of potential vulnerabilities are created for the respective organization to fix before a real threat arises. Threat modeling covers a wide aspect of cyberspace, including devices, applications, systems, networks, or enterprises. Cyber threat modeling can inform organizations with their efforts pertaining to cybersecurity in the following ways: * Risk Management * Profiling of current cybersecurity applications * Considerations for future security implementations

Regulate access

The purpose of these types of systems is usually to restrict access to computers or data while still allowing interaction. Often this involves monitoring or checking credential, separating systems from access and view based on importance, and quarantining or isolating perceived dangers. A physical comparison is often made to a shield. A form of protection whose use is heavily dependent on the system owners preferences and perceived threats. Large numbers of users may be allowed relatively low-level access with limited security checks, yet significant opposition will then be applied toward users attempting to move toward critical areas. *

Access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...

Firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spr ...

* Sandbox

Monitor access

The purpose of these types of software systems is to monitor access to computers systems and data while reporting or logging the behavior. Often this is composed of large quantities of low priority data records / logs, coupled with high priority notices for unusual or suspicious behavior. *

Diagnostic program A diagnostic program (also known as a Test Mode) is an automatic computer program sequence that determines the operational status within the software, hardware, or any combination thereof in a component, a system, or a network of systems. Diagno ...

Intrusion detection system An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...

(IDS) *

Intrusion prevention system An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...

(IPS) *

Log management software Log management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc.). Log management generally covers: * Log collection * Centralized log agg ...

Records Management Records management, also known as records and information management, is an organizational function devoted to the information management, management of information in an organization throughout its records life-cycle, life cycle, from the time of ...

Security information management Security information management (SIM) is an information security industry term for the collection of data such as log files into a central repository for trend analysis. Overview SIM products generally are software agents running on the computer s ...

* Security event management *

Security information and event management Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time ana ...

(SIEM)

Surveillance monitor

These programs use algorithms either stolen from, or provided by, the police and military internet observation organizations to provide the equivalent of a police

Radio scanner A scanner (also referred to as a radio scanner) is a radio receiver that can automatically tune, or ''scan'', two or more discrete frequencies, stopping when it finds a signal on one of them and then continuing to scan other frequencies when the ...

. Most of these systems are born out of

mass surveillance Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizati ...

concepts for internet traffic, cell phone communication, and physical systems like

CCTV Closed-circuit television (CCTV), also known as video surveillance, is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. It differs from broadcast television in that the signal is not openly t ...

. In a global perspective they are related to the fields of

SIGINT Signals intelligence (SIGINT) is intelligence-gathering by interception of ''signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly used in communication ( ...

and

ELINT Signals intelligence (SIGINT) is intelligence-gathering by interception of ''signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly used in communication ( ...

and approach

GEOINT In the United States, geospatial intelligence (GEOINT) is intelligence about the human activity on earth derived from the exploitation and analysis of imagery, signals, or signatures with geospatial information. GEOINT describes, assesses, and vis ...

in the global information monitoring perspective. Several instant messaging programs such as ICQ (founded by "former" members of Unit 8200), or

WeChat WeChat () is a Chinese instant messaging, social media, and mobile payment app developed by Tencent. First released in 2011, it became the world's largest standalone mobile app in 2018, with over 1 billion monthly active users. WeChat has bee ...

and QQ (rumored 3PLA/4PLA connections) may represent extensions of these observation apparati.

Block or remove malware

The purpose of these types of software is to remove malicious or harmful forms of software that may compromise the security of a computer system. These types of software are often closely linked with software for computer regulation and monitoring. A physical comparison to a doctor, scrubbing, or cleaning ideas is often made, usually with an "anti-" style naming scheme related to a particular threat type. Threats and unusual behavior are identified by a system such as a firewall or an intrusion detection system, and then the following types of software are used to remove them. These types of software often require extensive research into their potential foes to achieve complete success, similar to the way that complete eradication of bacteria or viral threats does in the physical world. Occasionally this also represents defeating an attackers encryption, such as in the case of data tracing, or hardened threat removal. *

Anti-keylogger An anti-keylogger (or anti–keystroke logger) is a type of software specifically designed for the detection of keystroke logger software; often, such software will also incorporate the ability to delete or at least immobilize hidden keystroke logg ...

s *

Anti-malware Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...

Anti-spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priva ...

* Anti-subversion software *

Anti-tamper software Anti-tamper software is software which makes it harder for an attacker to modify it. The measures involved can be passive such as obfuscation to make reverse engineering difficult or active tamper-detection techniques which aim to make a program ...

Antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...

References

{{reflist