iValue Center of Excellence
Your Technology. Proven. Positioned. Sold.
• Sell outcomes, not features
Enterprise Upsell Stack with Controls
Comprehensive Enterprise Security Controls Aligned with Industry Standards
| # | Security Domain | Control Area | What it Secures | Technology Category | Tools / Platforms |
|---|---|---|---|---|---|
| 1 | AppSec | SAST | Source code | Static AppSec | OpenText Fortify |
| 2 | AppSec | SCA | OSS dependencies | Supply-chain | OpenText Fortify |
| 3 | AppSec | DAST | Running web apps | Dynamic testing | OpenText Fortify (WebInspect) |
| 4 | AppSec | MAST | Mobile apps | Mobile testing | OpenText Fortify |
| 5 | AppSec | API Security – Design/Test | APIs | API testing | OpenText Fortify |
| 6 | AppSec | API Runtime Protection | Live APIs | API runtime security | Imperva, Levo |
| 7 | AppSec | WAF | Web apps | App perimeter | Thales (Imperva WAF) |
| 8 | AppSec | Bot Management | Web/API abuse | Bot protection | Thales (Imperva Bot) |
| 9 | AppSec | DDoS Protection | Availability | DDoS mitigation | Thales (Imperva DDoS) |
| 10 | AppSec | RASP | App runtime | Runtime protection | Thales (Imperva RASP) |
| 11 | AppSec | SBOM | Components | Supply-chain visibility | OpenText Fortify |
| 12 | AppSec | CI/CD Security | Pipelines | DevSecOps | OpenText Fortify, Digital.ai |
| 13 | AppSec | Secrets in Code Detection | Repos | Secret scanning | GitHub (native), CyberArk (secrets) |
| 14 | AppSec | Vulnerability Disclosure Program | External reporting | VDP workflow | OpenText Fortify (process enablement) |
| 15 | AppSec | Pen Test Management | Findings lifecycle | PT governance | GRC workflow (Whitehats) |
| 16 | AI Security | AI/LLM Asset Inventory | Models/services | AI governance | CMDB + policy (Whitehats) |
| 17 | AI Security | Prompt Injection Protection | LLM prompts | LLM firewall | Lakera and Prompt Security (SentinelOne) |
| 18 | AI Security | Prompt & Response Security | GenAI I/O | Prompt security | Prompt Security (SentinelOne) |
| 19 | AI Security | Model/API Abuse Detection | AI APIs | Abuse detection | Lakera |
| 20 | AI Security | LLM Data Leakage Control | Sensitive outputs | GenAI DLP | Forcepoint (policies), Prompt Security |
| 21 | AI Security | AI Governance & Auditability | AI risk | AI GRC | Whitehats (governance layer) |
| 22 | Container | Image Scanning | Container images | Image security | Tenable |
| 23 | Container | Kubernetes Hardening | K8s clusters | CIS enforcement | K8s native controls + hardening |
| 24 | Container | Runtime Container Protection | Pods/workloads | Runtime defense | SentinelOne |
| 25 | Container | K8s Admission Control | Deploy-time policy | Policy enforcement | Suse Rancher |
| 26 | Container | Secrets Protection | K8s secrets | Secrets vault | CyberArk |
| 27 | Container | Registry Trust | Images | Supply-chain | Trusted registries + signing |
| 28 | Cloud Security | CNAPP (umbrella) | Cloud runtime + posture | CNAPP | (Framework) CSPM+CWPP+CIEM |
| 29 | Cloud Security | CSPM | Cloud config | Posture mgmt | Native CSP tools, Wiz (not signed) |
| 30 | Cloud Security | CWPP | Workloads | Workload protection | SentinelOne |
| 31 | Cloud Security | CIEM | Cloud identities | Entitlement mgmt | Native CSP tools |
| 32 | Cloud Security | CASB | SaaS apps | SaaS security | Netskope |
| 33 | Cloud Security | SSPM | SaaS posture | SaaS posture | Netskope (capabilities) |
| 34 | Cloud Security | Cloud WAF/API Gateway Security | Cloud edge | App protection | Imperva / native |
| 35 | Cloud Security | Cloud Network Security | VPC/VNet | Segmentation | AlgoSec |
| 36 | Cloud Security | Cloud Key Management | Keys | KMS/HSM | Thales, Entrust, Utimaco |
| 37 | Cloud Security | Cloud Logging & Threat Detect | Telemetry | SIEM integration | Splunk, Google Chronicle |
| 38 | Cloud Security | DSPM | Data in cloud | Data posture | Forcepoint (classification/DLP driven) |
| 39 | Cloud Security | SaaS DLP | SaaS data | DLP | Forcepoint + Netskope (control plane) |
| 40 | Network | Next-Gen Firewall | Perimeter/DC | Threat prevention | Check Point |
| 41 | Network | IPS/Threat Prevention | Network | Inline prevention | Check Point |
| 42 | Network | Secure DNS | Phishing/malware | DNS security | (Policy via SWG/SASE) Netskope |
| 43 | Network | NDR | Network behavior | Detection | Netscout |
| 44 | Network | NBA/NBAD | Anomaly detection | Behavioral analytics | Netscout |
| 45 | Network | PCAP | Full packet capture | Forensics visibility | Netscout / Keysight |
| 46 | Network | NPB (Packet Broker) | Traffic distribution | Visibility fabric | Keysight / Netscout |
| 47 | Network | NAC | Device access | Network access control | Arista |
| 48 | Network | Micro-segmentation Policy | East-west | Policy management | AlgoSec |
| 49 | Identity | IGA | Lifecycle | Identity governance | RSA |
| 50 | Identity | SSO/Federation | Access | IDAM/SSO | RSA |
| 51 | Identity | Adaptive MFA | Auth | MFA | RSA, Yubico |
| 52 | Identity | Passwordless / FIDO2 | Auth | Strong auth | Yubico |
| 53 | Identity | PAM | Privileged access | PAM | CyberArk |
| 54 | Identity | Privileged Session Mgmt | Admin sessions | Session control | CyberArk |
| 55 | Identity | Secrets Management | App/API secrets | Vault | CyberArk |
| 56 | Identity | ITDR | Identity attacks | Identity threat detection | Tenable.AD |
| 57 | Zero Trust | ZTNA | App access | Zero Trust access | Netskope |
| 58 | Zero Trust | SASE | Users/branches | Secure access edge | Netskope |
| 59 | Zero Trust | SWG | Web access | Web security | Netskope |
| 60 | Zero Trust | CASB (enforcement) | SaaS | Policy enforcement | Netskope |
| 61 | Endpoint | EPP | Known malware | Endpoint protection | SentinelOne |
| 62 | Endpoint | EDR | Threat detection/response | Endpoint detection | SentinelOne |
| 63 | Endpoint | EPM | Least privilege on endpoints | Privilege mgmt | CyberArk EPM (if in scope) |
| 64 | Endpoint | Device Control | USB/peripherals | Device control | Forcepoint |
| 65 | Endpoint | Endpoint DLP | Data on devices | DLP | Forcepoint |
| 66 | Endpoint | Browser Isolation | Web threats | RBI/RBI-like browsing | Netskope RBI |
| 67 | Endpoint | MDM/Mobile Security | Mobile endpoints | MDM | SOTI |
| 68 | Email Security Gateway | Email threats | Email security | Forcepoint | |
| 69 | BEC Protection | Fraud/social engineering | BEC defense | Forcepoint + awareness | |
| 70 | Data Security | Data Classification | Sensitive data | Classification | Forcepoint |
| 71 | Data Security | Network/Web DLP | Data in transit | DLP | Forcepoint |
| 72 | Data Security | Cloud DLP | SaaS/IaaS | DLP | Forcepoint |
| 73 | Data Security | Encryption / Key Mgmt | Data & keys | KMS/HSM | Thales |
| 74 | Data Security | HSM | Crypto operations | HSM | Thales / Utimaco / Entrust (as needed) |
| 75 | Data Security | Digital Rights Mgmt | Doc protection | IRM/DRM | Vaultize |
| 76 | Data Security | Database Activity Monitoring | DB misuse | DAM | Imperva SecureSphere |
| 77 | Data Security | Tokenization | Sensitive fields | Tokenization | Thales (where required) |
| 78 | Exposure Mgmt | EASM | Internet-facing assets | Attack surface | CloudSEK / Mandiant |
| 79 | Exposure Mgmt | Brand Monitoring | Spoofing/phishing | Digital risk | CloudSEK |
| 80 | Exposure Mgmt | Dark Web Monitoring | Leaks/credentials | Digital risk | CloudSEK / Recorded Future |
| 81 | Exposure Mgmt | Threat Intel Feeds | Context | Threat intel | Check Point TI / Recorded Future / Google Threat Intel |
| 82 | SOC Ops | SIEM | Central detection | SIEM | Splunk / Google Chronicle / ArcSight |
| 83 | SOC Ops | UEBA | Behavior analytics | UEBA | Gurucul / Innspark |
| 84 | SOC Ops | SOAR | Automation | SOAR | Chronicle SOAR (Siemplify) / Splunk SOAR / OpenText SOAR / Innspark |
| 85 | SOC Ops | TIP | Intel mgmt | TIP | Mandiant (Google TI), Anomaly, Silient Push, Recorded Future, Checkpoitn TI |
| 86 | SOC Ops | Case Mgmt | Incident workflow | Case management | SOAR platform |
| 87 | SOC Ops | Threat Hunting | Proactive detection | Hunting | SIEM + UEBA |
| 88 | SOC Ops | BAS | Control validation | Breach simulation | Keysight / FourCore |
| 89 | SOC Ops | Deception | Early tripwires | Deception | Threacle |
| 90 | DFIR | Forensics Tooling | Evidence | DFIR | OpenText EnCase |
| 91 | DFIR | DFIR Services | Investigations | Services | KapurGaurai |
| 92 | Resilience | Backup & Recovery | Restore | BCDR | OpenText |
| 93 | Resilience | Ransomware Recovery Playbooks | Business continuity | IR/BCP | SOC + OpenText |
| 94 | Governance | GRC | Policy/risk/compliance | GRC | Whitehats / ICA |
| 95 | Governance | Compliance Evidence Mgmt | Audit artifacts | Evidence | Whitehats + SIEM/SOAR |
| 96 | Governance | Regulatory Reporting (CERT-In etc.) | Reporting | Process | SOC + Whitehats |
| 97 | IT Operations Security | Patch Management | OS, apps, middleware vulnerabilities | Patch & Update Mgmt | Opentext - Zenworks, Manage Engine |
| 98 | IT Operations Security | IT Asset Management (ITAM) | Hardware, software, licenses | Asset Lifecycle Mgmt | OpenText ITOM |
| 99 | IT Operations Security | IT Service Management (ITSM) | Incidents, changes, problems | ITSM / Workflow | Symphony Summit |
| 100 | IT Operations Security | Configuration Management (CMDB) | System dependencies & ownership | CMDB | OpenText ITOM / Symphony Summit |
| 101 | IT Operations Security | Change Management | Prevent risky/unapproved changes | Change Governance | Symphony Summit |
| 102 | Observability | Application Performance Monitoring (APM) | App health & anomalies | APM | Dynatrace |
| 103 | Observability | Infrastructure Monitoring | Servers, VMs, containers | Infra Monitoring | Dynatrace / Zabbix |
| 104 | Observability | Log Analytics (Ops + Sec) | Logs across IT & apps | Log Analytics | Elastic / Splunk |
| 105 | Observability | AIOps | Noise reduction & root cause | AIOps | Dynatrace / Splunk / OpenText ITOM |
| 106 | Observability | Business Service Monitoring | App-to-business mapping | Service Topology | Dynatrace / OpenText ITOM |
| 107 | Observability | Event Correlation | Infra + app + security events | Correlation Engine | Splunk / OpenText ITOM |
| 108 | Observability | SLO / SLA Monitoring | Service reliability | SRE Controls | Dynatrace / Zabbix |