Cybersecurity 101: What Investors Need to Know

Cybersecurity is more important than ever, but do you know the basics of this exciting industry? For example, do you know the difference between cloud security and device security? In this Fool Live video clip, recorded on May 28, Fool analyst Tim Beyers gives chief growth officer Anand Chokkavelu a rundown of cybersecurity basics investors should know before they start analyzing stocks in the space. 

Anand Chokkavelu: Before we start with the list, I think a lot of our viewers are probably like me. Once you start getting into tech or tech folks, I know that I can't tell a front-end developer from a database administrator from a back-end developer. We lump it all into one category as people who understand code versus people who don't. I think there is a similar thing with cybersecurity. I think there are many facets of cybersecurity, but a lot of us just lump them all together. These seven companies are in all different areas. Once you start reading, even the companies themselves, not only do they have similar sounding things, but the jargon is a little different. You get words like endpoint security, cloud security, network security, virus protection, on-premise hardware solution, independent security vendors, perimeter-based security, point cloud solution provider. Tim, what's your mental framework as you think about the space and bucketing companies?

Tim Beyers: You've mentioned a lot of different descriptions and not all of them are acronyms, but they all mean something related, but different. I think one of the more helpful descriptions that I've ever heard, and I'm not a security expert, we often have security experts come on and we have members who come in and give us some some help here. A common term, it's used a little less lately, but I think it's somewhat timeless. The idea is called defense in depth. Of all the things that you talked about, there are different types of security. But taken together, you can create a defense in some depth because you're taking steps in a lot of different areas.

For example, a category of security would be identity management or identity governance and those two things are similar. All that means, honestly is Tim Beyers is who he says he is. I hate referring to myself in a third person. You all say Matt Frankel is who he says he is. The idea is that Matt has an identity. That identity has a username. There's a password. There are some permissions that go with that. Then governance is this idea of Matt can only go certain places. If he ranges beyond that, if we find that, hey, you know what? If your kids are sneaking cookies at midnight, that's a governance problem. They should be in bed. That's basically what we're talking about.

Defense in depth is this idea of an endpoint. This is an endpoint: an iPhone, a computer. That's an endpoint. What's endpoint security? It's securing devices that attach to a network, attach to the internet. Perimeter defense is classically what we call firewalls. Something stands in front of the network and does the Gandalf thing, "You shall not pass." That works until it doesn't. You want to have a lot of different ways to defend your data, and defend your users, and in a cloud-first world, that's harder because there is no defined border. Stuff is everywhere. We have a lot of different types of technologies that help us with this, but they're all interrelated. When we're in the seat of say like a chief information security officer, we build out lots of different ways to defend the data that we keep as a company. Does that make sense? Hopefully, that's more clear than where we were three minutes ago.