Protect-surface inventory (static · generic composite)
JavaScript is disabled — interactive hover paths, the attack-path
simulation, and the vertical selector are unavailable. The generic
composite's four layers and their 33 components are
listed below.
● Services · 8 components
- DNS & Domain — Domain name resolution services — the first query in nearly every network connection. DNS is both critical infrastructure and an attack vector.
- Identity (Okta/Entra) — Identity provider services including SSO, MFA, directory sync, and lifecycle management — the control plane of Zero Trust.
- CDN & Edge — Content delivery and edge compute services accelerating web applications while providing DDoS protection and bot management.
- Email Security — Email filtering, anti-phishing, and email authentication services (SPF/DKIM/DMARC) protecting the #1 attack vector.
- SIEM / XDR — Security information and event management services correlating alerts across the entire protect surface for detection and response.
- Backup & DR — Backup, disaster recovery, and business continuity services ensuring data survivability against ransomware and catastrophic events.
- Secure Web Gateway — Web traffic inspection and filtering services enforcing acceptable use policies and blocking malicious content at the network edge.
- Privileged Access Mgmt — Privileged access management services controlling and auditing admin access to critical systems — a cornerstone of Zero Trust.
■ Assets · 8 components
- Laptops & Desktops — Employee workstations (Windows, macOS, Linux) used for daily operations — the primary endpoint attack surface in most enterprises.
- Mobile (iPhone/Android) — Company-owned and BYOD smartphones and tablets accessing corporate email, apps, and data through MDM-managed profiles.
- Network (Cisco/Meraki) — Routers, switches, wireless access points, and SD-WAN appliances forming the physical and logical network infrastructure.
- Firewalls (Palo Alto) — Next-generation firewalls at network perimeter and internal segmentation points enforcing traffic policies and threat prevention.
- Cloud (AWS/Azure) — IaaS and PaaS resources including EC2 instances, Lambda functions, Kubernetes clusters, and managed services across multi-cloud environments.
- Servers (On-Prem) — Physical and virtual servers in on-premises data centers running legacy applications, Active Directory, and file shares.
- Printers & IoT — Network printers, smart displays, conference room systems, HVAC controllers, and badge readers — often unmanaged and unmonitored.
- USB & Removable Media — USB drives, external hard disks, and removable media that bypass network controls and can introduce malware or exfiltrate data.
⬢ Applications · 9 components
- ERP (SAP/Oracle) — Enterprise resource planning system managing finance, supply chain, HR, and operations — the operational backbone of the enterprise.
- CRM (Salesforce) — Customer relationship management platform containing sales pipeline, customer contacts, deal history, and marketing data.
- Google Workspace — Productivity suite including Gmail, Drive, Docs, Sheets, and Meet used daily by every employee for collaboration and communication.
- Custom Web Apps — Internal line-of-business applications, customer portals, and microservices built in-house and deployed on cloud infrastructure.
- DevOps (GitHub/CI) — Source code repositories, CI/CD pipelines, container registries, and infrastructure-as-code tools forming the software delivery chain.
- HR Platform — Human resources information systems (Workday, BambooHR) managing employee lifecycle, payroll processing, and benefits administration.
- Accounting (NetSuite) — Financial management application handling invoicing, expense tracking, financial reporting, and regulatory compliance (SOX).
- Slack / Teams — Real-time messaging and collaboration platforms where sensitive discussions, file sharing, and integrations create invisible data flows.
- VPN / Remote Access — Legacy VPN concentrators and modern ZTNA solutions providing remote workforce access to internal applications and resources.
◆ Data · 8 components
- Customer PII — Personally identifiable information including names, SSNs, addresses, and payment details stored across CRM, ERP, and cloud databases.
- Financial Records — General ledger, accounts payable/receivable, payroll data, and tax records maintained in ERP and accounting systems.
- IP & Trade Secrets — Product designs, source code repositories, proprietary algorithms, and strategic plans stored in document management and version control systems.
- Employee HR Data — Personnel records, benefits information, performance reviews, and compensation data in HRIS platforms like Workday or BambooHR.
- Cloud Object Storage — AWS S3 buckets, Azure Blob Storage, and GCP Cloud Storage containing backups, media assets, logs, and application data.
- Databases (SQL/NoSQL) — Production databases including PostgreSQL, MySQL, MongoDB, and Redis instances hosting application state and business-critical data.
- Email & Messaging — Corporate email archives, Slack/Teams message history, and attached files containing sensitive business communications.
- Logs & Telemetry — Security logs, application telemetry, network flow data, and audit trails aggregated in SIEM and observability platforms.