Software applications are computer programs running on a Computer System which perform a group of functions, tasks or activities in a coordinated manner to benefit the user of the application which contrasts with System Software which perform a group of functions, tasks and activities in a coordinated manner to operate the Computer System that runs software applications.
The field of security monitoring and testing in a Computer Network is a broad area of activity which attempts to protect the performance of Software applications and Operating Systems.
Security Software includes Software installed on a Computer System to protect the Computer System from malicious damage. Security Software includes Security Enforcement Tools and Security Vulnerability Testing Tools.
Some Security Software is built into the Operating System itself, other Security Software is installed and configured by a third party and maintained and controlled remotely. Security Software does not need to have security as its focus; it just needs to deal with an aspect of the enforcement of security by having that Software installed. There are many ways the Security Software deals with the threat identified since the nature of the threat will best determine the required response. Not all security settings are applied by Security Software. Some are set by the Operating System or incorporated into applications.
Security frameworks identify many strategies for dealing with information security and represent a layered approach to Information Technology defence designed to protect Computer Systems and by extension Computer Networks to which that Computer System is connected and the data made available to them. While no single strategy can prevent malicious activity, a large proportion of incidents involving intrusion by bad actors could have been prevented if at least some of the following strategies were in place. Those strategies include, amongst others: application whitelisting; installing the latest patch of all application and Executable programs; installing the latest patch for the Operating System; restricting administrative privileges; disabling untrusted Microsoft “Office macros [”owned by Microsoft Corporation CA USA]; user application hardening; multi-factor authentication; periodic (daily at least) data back-ups; and many more, some of which are not even known yet as the threat vectors employed by bad actors continue to evolve and rely on decades of Software development that ignored or minimized data and operational security.
There are many aspects of the arrangements disclosed above which are not properly kept up to date, checked for compliance or otherwise tested.
To function as expected, Security Software relies on:                Security Software being correctly deployed, and        Security Software being correctly configured, and        Security Software being correctly maintained, and        Security Software working as intended, and        Security Software Reports being reviewed.        