What are Technical Security Controls?
Technical security controls, also known as logic controls, use hardware, software, and other technologies to improve an organization’s security posture by reducing vulnerabilities. Technical security controls can be used to achieve many different types of goals1:
- Preventative controls aim to prevent security incidents
- Detective controls aim to detect incidents as they happen, or after the fact
- Corrective controls aim to mitigate the impact once an incident has occurred
- Deterrent controls aim to deter attackers from making an attempt
- Compensating controls can be used in case another control won’t work
Examples of technical controls include:
Access Control Lists (ACL). ACLs are network traffic filters that can control incoming or outgoing traffic; they are common in routers or firewalls.
Configuration rules. Configuration rules are instructional codes that guide the execution of the system when information is passing through it. Configuration rules are managed by network equipment vendors that manage the operation of their ACL objects.
Firewalls. Firewalls block or allow connections from the internet to access an internal network, following a specific set of rules. A firewall can be either a hardware device or a software program.
Encryption. Encryption converts plain-text information into code to make the information indecipherable to anyone who doesn’t possess the decryption key.
Email protection tools. Email protection tools use multiple security measures, such as content filtering, URL scanning, and antivirus protection, to prevent malicious emails from entering your system.
Intrusion detection and prevention system (IDS/IPS). IDSs monitor network activity for suspicious behavior, while IPSs prevent or blocks intrusions as they are identified.
Data loss prevention (DLP). DLP solutions monitor and protect sensitive data from unauthorized disclosure by proactively scanning for and detecting attempts to disclose data to third parties OR unauthorized users.
Identify and access management (IAM) software. IAM software enables companies to allow only authenticated and authorized users to access certain data and other resources.
Mobile device management (MDM). MDM solutions manage and secure the mobile devices used by employees for work.
Virtual private network (VPN). A VPN creates an encrypted tunnel between two or more computers over a public network, allowing users to access the company’s internal network remotely without compromising data security.
Network segmentation. Network segmentation divides networks into multiple segments, or sub-networks, which helps prevent cyberattackers from moving laterally across the network.
Anti-malware programs. Anti-malware programs are critical technical security controls as they detect, prevent, and remove malicious software, such as viruses, worms, Trojans, spyware, and adware, from computers.
Security information and event management (SIEM). SIEM systems collect data from multiple sources in the network to detect suspicious activities, and then takes the necessary action. It also provides reports on security-related events and can trigger alerts.
1 Heiligenstein, 2021, “Technical Security Controls: Encryption, Firewalls & More”