Advanced Threat Protection (ATP)
Advanced Threat Protection (ATP) are security solutions that defend against sophisticated malware or hacking attacks targeting sensitive data. Advanced Threat Protection includes both software and managed security services.
An Attack Vector is the collection of all vulnerable points by which an attacker can gain entry into the target system, including technology as well as human behavior.
A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.
A Bot is a program that automates actions on behalf of an agent for some other program or person and is used to carry out routine tasks. Their use for malicious purposes includes spam distribution, credentials harvesting, and the launching of DDoS attacks.
A botnet, or bot network, is a network of hijacked computers and devices infected with bot malware and remotely controlled by a hacker. The bot network is used to send spam and launch Distributed Denial of Service (DDoS) attacks, and may be rented out to other cybercriminals.
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challenge response test commonly used by websites to verify the user is a real human and not a bot. They can include simple arithmetic and questions about images, that bots have difficulty answering.
CMMC stands for the Cybersecurity Maturity Model Certification. If you do business with the Department of Defense, you must be CMMC compliant. It's a standard that's placed on the Defense Industrial Base (DIB).
Code that evades detection by antivirus and anti-malware programs by injecting a malicious code into a legitimate process. The legitimate process serves as camouflage.
Brute Force Attack
This is a method for guessing a password (or the key used to encrypt a message) that involves systematically trying a high volume of possible combinations of characters until the correct one is found. One way to reduce the susceptibility to a Brute Force Attack is to limit the number of permitted attempts to enter a password.
The Dark Web is encrypted and not indexed by search engines. It is notoriously used by cybercriminals to communicate and share information without being detected or identified by law enforcement.
Data Loss Prevention (DLP)
Data Loss Prevention (DLP) is an umbrella term for a collection of security tools, processes and procedures that aim to prevent sensitive data from falling into unauthorized or malicious hands.
A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack is when one or more compromised systems launch a flooding attack on a remote target, in an attempt to overload network resources and disrupt service.
Decryption is the process of decoding cipher text to plain text, so it is readable by humans. It is the reverse of encryption, the process of converting plain text to cipher text. Cybercriminals use decryption software and techniques to ‘break’ security encryption and gain access to protected information.
An audio or video clip that has been edited and manipulated to seem real or believable.
Digital Forensics is the process of procuring, analyzing, and interpreting electronic data for the purpose of presenting it in as legal evidence in a court of law.
Domain Name Systems (DNS) Exfiltration
Domain Name System (DNS) Exfiltration is a lower-level attack on DNS servers to gain unauthorized access. Such attacks are difficult to detect and can lead to loss of data.
Drive By Download Attack
A drive-by download can take advantage of an app, operating system, or web browser that contains security flaws due to unsuccessful updates or lack of updates. Unlike many other types of cyberattack, a drive-by doesn't rely on the user to do anything to actively enable the attack.
ePHI stands for electronic personal health information and is extremely valuable to hackers due to static information such as name, SSN, and driver’s license.
Encryption is a process of maintaining data confidentiality by converting plain data into a secret code with the help of an encryption algorithm. Only users with the appropriate decryption key can unscramble and access encrypted data or cipher text.
Endpoint Protection refers to a system for network security management that monitors network endpoints, hardware devices such as workstations and mobile devices from which a network is accessed.
An exploit is taking advantage of a vulnerability or flaw in a network system to penetrate or attack it.
A Hacker is a term commonly used to describe a person who tries to gain unauthorized access into a network or computer system.
The Health Insurance Portability and Accountability Act passed in 1996 protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI).
Honeypots are computer security programs that simulate network resources in order to lure potential hackers away from real networks. A honeypot provides you advanced warning of a more concerted attack.
Identity and Access Management (IAM)
Identity and Access Management (IAM) is the process used by an organization to grant or deny access to a secure system.
An Insider Threat is when an authorized system user, usually an employee or contractor, poses a threat to an organization because they have authorized access to inside information and therefore bypass most perimeter-based security solutions.
The term Internet of Things (IoT) is used to describe everyday objects that are connected to the internet and can collect and transfer data automatically, without the need for human interaction.
A Keylogger is spyware software that records every keystroke made on a computer’s keyboard. It can record everything a user types including instant messages, email, usernames and passwords.
Pen (Penetration) Testing is the practice of intentionally challenging the security of a computer system, network or web application to discover vulnerabilities that an attacker or hacker could exploit.
Phishing is a type of internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details, and other confidential information. Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems, and other organizations. The phishing attempt will try to encourage a recipient, for one reason or another, to enter/update personal data.
Personal Identifiable Information (PII or pii) is a type of data that identifies the unique identity of an individual.
Process Hollowing is a security exploit in which an attacker removes code in an executable file and replaces it with malicious code.
Ransomware is the name given to malicious programs designed to extort money from victims by blocking access to the computer or encrypting stored data. The malware displays a message offering to restore the system/data in return for payment.
In cybersecurity, a sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network.
Scareware is malware that uses scare tactics, often in the form of pop-ups that falsely warn users they have been infected with a virus, to trick users into visiting malware containing websites.
SIEM (Security Information and Event Management)
Security Information and Event Management (SIEM) is a formal process by which the security of an organization is monitored and evaluated on a constant basis. SIEM helps to automatically identify systems that are out of compliance with the security policy as well as to notify the IRT (Incident Response Team) of any security violating events.
SIM Swapping is a scam used to intercept online banking SMS verification codes. To get hold of one-time passwords for financial transactions, cybercriminals create or fraudulently obtain a copy of the victim’s SIM card — for example, pretending to be the victim, the attacker might claim to have lost the SIM card and request a new one from the mobile operator. To protect clients from such schemes, most banks require that a replacement SIM card be re-linked to the account.
Packet sniffing allows the capture of data as it is being transmitted over a network. Packet sniffer programs are used by network professionals to diagnose network issues. Malicious actors can use sniffers to capture unencrypted data like passwords and usernames in network traffic.
SOC (Security Operation Center)
A centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents around the clock.
Social Engineering is an increasingly popular method of gaining access to unauthorized resources by exploiting human psychology and manipulating users - rather than by breaking in or using technical hacking techniques. Scams such as phishing emails and where an urgent and official-sounding message convinces victims to act quickly and respond.
Spam is the name commonly given to unsolicited email. Essentially unwanted advertising, it’s the email equivalent of physical junk mail delivered through the post.
Spear Phishing is a phishing scam that targets a specific individual or organization, usually via a personalized email, SMS or other electronic communication to defraud them under the guise of a legitimate transaction.
A Spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user. Spoofing includes any act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address.
Spyware is software that is secretly installed on a user’s device to gather sensitive data. Spyware quietly collects information such as credentials and sends it outside the network to bad actors. Spyware often comes in the form of a free download and is installed automatically, with or without user consent.
Threat Assessment is a structured process used to identify and evaluate various risks or threats that an organization might be exposed to. Cyber threat assessment is a crucial part of any organization’s risk management strategy and data protection efforts.
Cyber Threat Hunting is an active cyber defense activity where cybersecurity professionals actively search networks to detect and mitigate advanced threats that evade existing security solutions.
Threat Intelligence, or cyber threat intelligence, is intelligence proactively obtained and used to understand the threats that are targeting the organization.
Trojans are malicious programs that perform actions that are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, Trojans are unable to make copies of themselves or self-replicate.
Two-factor Authentication (2FA)
Two-factor Authentication combines a static password with an external authentication device such as a hardware token that generates a randomly-generated one-time password, a smart card, an SMS message (where a mobile phone is the token), or a unique physical attribute like a fingerprint.
A Virus is a malicious computer program that is often sent as an email attachment or a download with the intent of infecting that device. Once the device is infected, a virus can hijack the web browser, display unwanted ads, send spam, provide criminals with access to the device and contact list, disable security settings, scan, and find personal information like passwords.
A Virtual Private Network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It essentially a virtual, secure corridor.
Vulnerabilities are weaknesses in software programs that can be exploited by hackers to compromise computers.
Web Application Firewall (WAF)
A Web Application Firewall is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application’s known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration.
White Hat - Black Hat
White hat - Black Hat are terms to describe the ‘good guys’ and ‘bad guys’ in the world of cybercrime. Blackhats are hackers with criminal intentions. White-hats are hackers who use their skills and talents for good and work to keep data safe from other hackers by finding system vulnerabilities that can be fixed.
This term is used to describe exploit code that has been written to take advantage of a vulnerability before the software vendor knows about it and can publish a patch for it. The result is that would-be attackers are free to exploit the vulnerability, unless proactive exploit prevention technologies have been implemented to defend the computer being targeted by the attacker.