A

Access

The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.

Access Control

The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.

Related Term(s): access control mechanism

Access Control Mechanism

Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.

Access Log

Access logs are an essential tool for any DevOps and server operations. They provide valuable information about the requests made to your server, including information about the request, the user, and the server's response.

Account Takeover

Account takeover (ATO) is an increasingly prevalent form of cybercrime, with attackers gaining unauthorized access to online accounts by exploiting stolen credentials. The consequences of these attacks can be devastating for individuals and organizations alike, resulting in financial loss, identity theft, and damage to reputation. In this comprehensive guide, we will explore the various methods cybercriminals use to carry out ATO attacks, and most importantly, share essential strategies for protecting your organization and customers against this growing threat.

Active Attack

An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.

Related Term(s): passive attack

Advanced Persistent Threat (APT)

An advanced persistent threat is a cyberattack wherein criminals work together to steal data or infiltrate systems over a longer period of time.

Adversary-in-the-Middle (AitM)

AitM attacks involve threat actors eavesdropping, intercepting, or manipulating data traffic before actively engaging or hijacking.

Adware

Learn about adware, what it is, why it's dangerous, how you can protect yourself from it. By following the tips in this post, you can help protect your computer from being infected with adware.

Air Gap

The physical separation or isolation of a system from other systems or networks.

Alert

A notification that a specific attack has been detected or directed at an organization’s information systems.

Antispyware Software

A program that specializes in detecting and blocking or removing forms of spyware.

Related Term(s): spyware

Application Allowlisting

Application whitelisting is a one form of endpoint security. It’s aimed at preventing malicious programs from running on a network.

Artificial Intelligence (AI)

AI systems can perform tasks requiring human intelligence, such as problem-solving, pattern recognition, and decision-making.

Asset

Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.

Attack Surface

An information system’s characteristics that permit an adversary to probe, attack, or maintain a presence in the information system.

Azure Kubernetes Service (AKS)?

Azure Kubernetes Service (AKS) is the fully managed Kubernetes container orchestration service from Microsoft Azure. With AKS, you can quickly create and deploy containerized applications on a large scale, with built-in security and monitoring capabilities, making it easier for developers and IT professionals to focus on innovation and accelerate the delivery of applications to customers.
B

Behavior Monitoring

Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.

Synonym(s): behavior monitoring

Blue Team

A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).

Bot

A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.

Synonym(s): zombie

Related Term(s): botnet

Botnet

What is a Botnet? Botnets are behind many types of attacks and hacks. Read about some real life examples of Botnets and learn about how they are executed.

Brute Force Attacks

Brute force attacks involve systematically trying every possible combination of passwords until the correct one is found.

Bulletproof Hosting

Bulletproof hosting services are actively used by platforms such as online casinos, spam distribution sites, and pornographic resources. Learn more here.

Business Email Compromise (BEC)

Business Email Compromises cost companies over $1.7bn last year, far outstripping ransomware. What is BEC and how can you avoid being the next victim?

Business process outsourcing (BPO)

Business process outsourcing (BPO) is a type of outsourcing that involves the transfer of specific business functions or processes to a third-party service provider. A successful attack on a BPO company can provide access to a large amount of sensitive data from multiple clients.

BYOD

BYOD (Bring Your Own Device) is a policy or practice that allows employees to use their personal devices, such as smartphones or laptops, for work purposes.
C

Ciphertext

Data or information in its encrypted form.

Related Term(s): plaintext

Cloud Computing

A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cloud Encryption

Cloud encryption is a security measure used to protect sensitive data stored or transmitted through cloud services. It involves converting plaintext data into ciphertext using encryption algorithms, making it unreadable to unauthorized users. In cloud computing, encryption can be applied to data at rest (stored data) or data in transit (data being transmitted between systems or users).

Cloud Ransomware

Cloud ransomware is a type of malware that infiltrates cloud-based systems and encrypts data, rendering it inaccessible to users. The attackers then demand a ransom, typically in the form of cryptocurrencies like Bitcoin, to decrypt and release the affected data. The shift to cloud computing has made this an increasingly prevalent threat, as businesses move more of their data and operations to cloud-based services.

Cloud Security

Cloud Security helps enterprises handle challenges when storing data in the cloud. Learn about securing cloud workloads, remote work infrastructure & more.

Cloud Shared Responsibility Model

The Cloud Shared Responsibility Model is a vital concept in cloud security that defines the responsibilities of both cloud service providers and their customers. This model ensures both parties understand their roles in securing cloud assets and prevents confusion and misunderstandings.

Cloud-Native Application Protection Platform (CNAPP)

A Cloud Native Application Protection Platform (CNAPP) is a security solution to protect cloud-native applications. These applications are built using microservices architecture and run on containerized environments like Kubernetes, OpenShift, or Docker. A CNAPP offers a holistic approach to cloud security, protecting the entire application lifecycle from development to production.

Cobalt Strike

Cobalt Strike is a commercial penetration testing tool used by security professionals to assess the security of networks and systems. It can be used for malicious purposes but is not malware in the traditional sense.

Command & Control (C2) Servers

C2 servers are commonly used by threat actors to coordinate attacks, such as data breaches, malware dissemination, and ransomware.

Content Delivery Networks (CDN)

A CDN is a globally distributed server network that works together to deliver internet content more quickly and efficiently. By caching content at multiple locations around the world, CDNs reduce the distance between the user and the content, resulting in faster load times, improved performance, and enhanced user experience. CDNs also help protect websites from malicious traffic and DDoS attacks by serving as a secure proxy between users and the origin server.

Cookie Logging

Cookie logging is the process of capturing and storing HTTP cookies that are exchanged between a web server and a user's browser. Cookies are small data files that contain information about a user's activity on a website, such as login credentials, session IDs, historical actions, and more.

Credential Theft

Cybercriminals steal usernames and passwords using tactics varying from phishing attacks and data breaches to malware and social engineering.

Cross-Platform Security

Cross-platform security refers to a comprehensive approach to safeguarding an organization's digital assets across multiple operating systems, devices, and environments. In today's diverse IT landscape, where Windows, macOS, Linux, and various cloud-based systems coexist, ensuring consistent and reliable protection against cyber threats is crucial. Cross-platform security solutions provide a unified defense strategy, enabling businesses to manage and maintain the security of their infrastructure more efficiently, regardless of the platforms being used.

Crypto Malware

Crypto malware is a type of malicious software that targets digital wallets and cryptocurrency exchanges. It is designed to steal cryptocurrency by infecting a user's computer or device and gaining access to their digital wallet or exchange account. Once the malware has access, it can transfer cryptocurrency to the attacker's account, steal private keys or passwords, or even encrypt files and demand a ransom.

Cryptographic Algorithm

A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.

Related Term(s): key, encryption, decryption, symmetric key, asymmetric key

Cryptography

The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.

Related Term(s): plaintext, ciphertext, encryption, decryption

Cyber Infrastructure

The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information.

Cyber Kill Chain

A Cyber Kill Chain, also known as a Cyber Attack Lifecycle, is the series of stages in a cyberattack, from reconnaissance through to exfiltration of data and assets.

Cyber Operations

In the NICE Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.

Cyber Risk Management

Cyber Risk Management is a crucial process that helps organizations identify, assess, and mitigate potential risks to their digital assets. It involves analyzing potential threats, vulnerabilities, and impacts on an organization's information technology infrastructure, networks, and data. By adopting Cyber Risk Management strategies, organizations can improve their security posture, comply with regulatory requirements, ensure business continuity, and allocate resources effectively.

Cyber Threat Intelligence

Threat intelligence, or cyber threat intelligence, involves analyzing any and all threats to an organization. The process begins with gathering as much information as possible in order to have the knowledge that allows your organization to prevent or mitigate potential attacks.

Cybersecurity

Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

Cybersecurity Training

Cybersecurity training is essential for professionals looking to protect their organization's sensitive data and systems. Many resources are available to learn the latest security best practices, from online courses to in-person workshops.

Cyberspace

The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

D

Dark Web

The dark web is a part of the internet that is not indexed by search engines and can only be accessed using special software, such as the TOR browser. It is often used to facilitate illegal activities, such as the sale of illegal goods and services.

Darknets & Dark Markets

Darknets and dark markets are covert online spaces designed to operate beyond the reach of law enforcement and ethical oversight.

Data Aggregation

The process of gathering and combining data from different sources, so that the combined data reveals new information.

Related Term(s): data mining

Data Breach

A data breach is when sensitive or confidential information is accessed or stolen without authorization. This can be done through hacking, malware, or other means and can significantly damage individuals, businesses, and organizations.

Data Integrity

The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.

Related Term(s): integrity, system integrity

Data Loss Prevention (DLP)

DLP (Data Loss Prevention) is a security technique that helps prevent sensitive data from being lost or stolen. It uses policies and technologies to monitor and protect data in motion, at rest, and in use.

Decryption

The process of converting encrypted data back into its original form, so it can be understood.

Synonym(s): decode, decrypt, decipher

Deepfakes

With most of us consuming news from social media, how much of a cybersecurity threat is fake news created by Deepfake content? What can we do about it?

Denial of Service (DoS)

A denial of service (DoS) attack is a type of cyber attack that uses a single system to send a high volume of traffic or requests to a targeted network or system, disrupting its availability to legitimate users.

DevOps

DevOps is a set of practices that brings together software development (Dev) and IT operations (Ops) to enable the continuous delivery of high-quality software applications. It involves collaboration, automation, and communication between software developers and IT professionals to streamline the software development process and improve software delivery's overall efficiency and reliability. DevOps practices include continuous integration and deployment, automated testing, infrastructure as code, monitoring and logging, and agile methodologies. The ultimate goal of DevOps is to deliver software applications faster, with higher quality, and at a lower cost.

DevSecOps

DevSecOps is a software development methodology that integrates security as a shared responsibility throughout the IT lifecycle. The term "DevSecOps" is derived from the words "development," "security," and "operations." It emphasizes the importance of security in the development of software applications and aims to prevent security issues from being an afterthought. DevSecOps is an approach to culture, automation, and platform design that focuses on integrating security into the development process from the outset.

DFIR (Digital Forensics and Incident Response)

DFIR (Digital Forensics and Incident Response) is a rapidly growing field in cybersecurity that helps organizations uncover evidence and investigate cyberattacks. It combines digital investigation and incident response to help manage the complexity of cybersecurity incidents. DFIR includes forensic collection, triage and investigation, notification and reporting, and incident follow-up. Digital forensics focuses on collecting and analyzing data from IT systems to determine the root cause of a cybersecurity incident, while incident response involves taking immediate actions following a security compromise or breach, including identifying the scope and impact of the incident and recovering from it. DFIR is valuable for computer security incident response teams and can be used for remote investigation and proactive threat hunting.

Digital Forensics

In the NICE Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations.

Synonym(s): computer forensics, forensics

Digital Signature

A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.

Related Term(s): electronic signature

Distributed Denial of Service (DDoS)

A DDoS attack is a type of cyber attack that uses multiple systems to send high traffic or requests to a targeted network or system, disrupting its availability to legitimate users.

DNS Hijacking

An attacker that gains control over your DNS gains control over your entire domain. How can you know, and what can you do to stop, DNS hijacking?

Double Extortion

Double extortion combines traditional ransomware with data exfiltration that occurs before data encryption and demanding the ransom.
E

EDR (Endpoint Detection and Response)

Endpoint Detection and Response (EDR) is a cybersecurity approach that focuses on detecting and investigating security incidents on endpoints like desktops, laptops, servers, and mobile devices. EDR solutions collect and analyze endpoint data, network traffic, and user behavior to detect anomalous activities that could indicate a security breach.

Elastic Kubernetes Service (EKS)

Elastic Kubernetes Service (EKS) is Amazon Web Services' (AWS) fully managed Kubernetes service, designed to simplify the deployment and management of containerized applications at scale

Electronic Signature

Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.

Related Term(s): digital signature

Encryption

The generic term encompassing encipher and encode.

Synonym(s): encipher, encode

Endpoint Management

Ensures network security by formally screening, authenticating, and monitoring endpoints with an endpoint management tool. Endpoint management tools are primarily used to manage devices and provide support, giving administrators the ability to oversee endpoint activities.

Endpoint Security

Endpoint security is the process of protecting user endpoints (desktop workstations, laptops, and mobile devices) from threats such as malware, ransomware, and zero-days.

Exploit

A technique to breach the security of a network or information system in violation of security policy.

Exploitation Analysis

In the NICE Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.

Extended Berkeley Packet Filter (eBPF)

Extended Berkeley Packet Filter (eBPF) is a powerful and versatile technology that allows developers to both safely and efficiently run custom code inside the Linux kernel. Due to its ability to enable deep visibility and control of system behavior, eBPF has seen much popularity in recent years. Developers rely on eBPF to provide a common infrastructure for a wide range of use cases, including networking, security, tracing, and performance analysis.
F

Failure (System Failure)

The inability of a system or component to perform its required functions within specified performance requirements.

Fileless Malware

As the name suggests, this type of malware is a malicious program that uses software already present on a computer in order to infect it. Since it does not rely on using files of its own, it can be notably difficult to prevent and detect. By extension, this also makes it difficult to remove.

Firewall

A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.

G

Google Kubernetes Engine (GKE)

Google Kubernetes Engine, or GKE, is a powerful tool for managing containerized applications. It is a managed environment for deploying, managing and scaling containerized applications using Kubernetes, an open-source container orchestration system. GKE provides a platform to run and manage containerized applications on the Google Cloud Platform (GCP).
H

Hacker

A hacker is a person who uses their technical skills and knowledge to gain unauthorized access to computer systems and networks and may be motivated by a variety of factors, including financial gain, political activism, or personal curiosity.

Hacktivism

What is hacktivism? Learn about its origins to the present day, its motivations and why hacktivist groups should still be on your threat assessment radar.

Hash Value

A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.

Synonym(s): cryptographic hash value

Related Term(s): hashing

Hashing

Find out what hashing is used for, how it works to transform keys and characters, and how it relates to data structure, cybersecurity and cryptography.

Honeypot

The term “honeypot” originally comes from the world of military espionage, wherein spies would use a romantic relationship to steal secrets from the enemy. By setting a “honey trap” or a “honeypot,” they aimed to attract and ensnare targets into divulging sensitive information. In cybersecurity, cyber honeypots often work fundamentally in the same way as traditional honeypots.
I

ICMP Flood (Ping Flood) DDoS Attack

ICMP Flood, also known as Ping Flood, is a type of DDoS attack that leverages the Internet Control Message Protocol (ICMP) to overwhelm a target with a large volume of network traffic. Attackers use this method to disrupt the target's online services, making them unavailable to legitimate users.

Identity Access Management (IAM)

IAM ensures that only authorized users can access the right resources at the right time by managing and controlling access.

Identity and Access Management

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

Identity Security

Identity security is the process of adopting Identity Attack Surface Management (ID-ASM) and Identity Threat Detection and Response (ITDR) tools to detect credential theft, privilege misuse, attacks on Active Directory, risky entitlements, and other methods that create attack paths.

Incident

An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

Related Term(s): event

Incident Response

Incident response (IR) is the set of actions an organization takes in response to a cyber attack or breach. It's important to have an IR plan in place to address incidents quickly and effectively, but 65% of organizations say fragmented IT and security infrastructure is a barrier to increasing cyber resilience.

Incident Response Plan

A set of predetermined and documented procedures to detect and respond to a cyber incident.

Indicator

An occurrence or sign that an incident may have occurred or may be in progress.

Related Term(s): precursor

Indicators of Compromise (IoCs)

Indicator of Compromise (IoC) is a term that refers to evidence of an intrusion into a network or system. It is a piece of information that suggests that a security breach has occurred or is currently happening. In cybersecurity, the Indicator of Compromise (IoC) is vital in detecting and mitigating cyber threats.

Information Assurance

The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.

Related Term(s): information security

Information Sharing

An exchange of data, information, and/or knowledge to manage risks or respond to incidents.

Information Technology

Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

Related Term(s): information and communication(s) technology

Insider Threats

Insider threats are security risks that originate from within an organization. These threats come from employees, contractors, or business partners who have access to sensitive information, systems, or assets. The risk of insider threats is significant, and it is essential for organizations to understand this risk and take measures to prevent or mitigate it.
J

Jailbreaking

Jailbreaking refers to removing software restrictions imposed by the manufacturer on a device, such as a smartphone or a tablet. This process allows users to fully access the device's operating system and install custom firmware, third-party applications, and otherwise unavailable tweaks.
K

Kerberoasting

Kerberoasting attacks target the Kerberos protocol to steal encrypted service tickets. Attackers can use these tickets to compromise service accounts, gaining access to sensitive information & network resources. Protect your org with strong passwords & network segmentation.

Key Pair

Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.

Related Term(s): private key, public key

Key Resource

A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.

Related Term(s): critical infrastructure

Keylogger

A keylogger is a type of software or hardware device that is used to capture and record every keystroke made on a computer or mobile device keyboard. Keyloggers are typically used for monitoring and surveillance purposes, such as in employee monitoring or parental control software. Keyloggers can be installed on a computer or device either with or without the user's knowledge or consent. Some keyloggers are designed to be invisible, running in the background and recording all keystrokes without the user's awareness. Other keyloggers may be installed intentionally by the user, for example, to track their own activity or to troubleshoot issues with their device. The recorded keystrokes can obtain sensitive information such as passwords, credit card details, and personal messages. Therefore, keyloggers can be used for malicious purposes like stealing confidential information, identity theft, or cyber espionage. It's important to note that the use of keyloggers without the user's consent is illegal in many jurisdictions.

Kubernetes

Kubernetes is an open-source platform designed to manage containerized workloads and services. It automates the deployment, scaling, and management of containerized applications. Kubernetes was first released in 2014 by Google, and now it is maintained by the Cloud Native Computing Foundation (CNCF).
L

Lateral Movement

In cybersecurity, lateral movement refers to the movement of an attacker within a victim’s network. Lateral movement is typically done in order to extend the reach of the attack and to find new systems or data that can be compromised. Lateral movement can occur at any stage of an attack but is most commonly seen during the post-compromise phase.
M

Machine Learning (ML)

ML empowers systems to learn from and adapt to data, making decisions and predictions based on patterns and insights without programming.

Macro Virus

A macro virus is a type of malicious software that is spread through macro-enabled documents, such as Microsoft Office files, and is designed to infect a computer and cause harm.

Malware

Computer malware is a type of software that is designed to cause damage to a computer, server, or computer network. It can take many forms, such as viruses, worms, Trojan horses, ransomware, and spyware.

Malware Analysis

Malware analysis is the process of taking a close look at a suspicious file or URL to detect potential threats. It is one of the first steps to identifying malware before it can infect a system and cause harm to critical assets.

Malware Detection

Malware detection is an essential aspect of cybersecurity that helps organizations identify, analyze, and mitigate threats posed by malicious software. With the increasing sophistication of cybercriminals, understanding malware detection methods and implementing robust protection measures is more critical than ever

Man in the Middle (MITM)

A man-in-the-middle (MITM) attack is a type of cyber attack in which an attacker intercepts and manipulates communication between two parties. This can allow the attacker to eavesdrop on the conversation, alter the messages being exchanged, or impersonate one of the parties to gain access to sensitive information.

Man-in-the-Middle (MitM)

In MitM attacks, threat actors work to intercept and potentially alter communication between two parties, compromising data confidentiality.

Managed Detection & Response (MDR)

Managed Detection and Response is a comprehensive cybersecurity service that combines advanced technology, expert human analysis, and rapid incident response to detect, analyze, and remediate cyber threats. By leveraging a combination of Endpoint Detection and Response (EDR) tools, threat intelligence, and skilled security analysts, MDR providers can help organizations enhance their security posture and reduce the risk of breaches.

Managed Kubernetes Services

Managed Kubernetes services provide a fully managed Kubernetes control plane, which includes the Kubernetes API server, etcd, and other essential components. The provider manages the control plane's infrastructure, scaling, upgrades, and security. The user manages the worker nodes, which run the containerized workloads.

Managed Security Service Provider (MSSP)?

An MSSP is a company that provides businesses with a range of security services, such as monitoring and protecting networks and systems from cyber threats, conducting regular assessments of a business's security posture, and providing support and expertise in the event of a security incident.

Managed Threat Hunting

Managed Threat Hunting is a proactive cybersecurity strategy that involves the proactive identification and mitigation of potential threats. It is a collaborative effort between an organization and a team of cybersecurity experts who use specialized tools and techniques to detect, investigate, and mitigate threats. This approach differs from traditional cybersecurity measures, which typically rely on reactive responses to incidents.

Mimikatz

Mimikatz continues to evade many security solutions. See why this successful password and credential stealing tool continues to be popular among attackers.

Mitigation (Risk Management)

The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.

MITRE ATT&CK Framework

Learn about the MITRE ATT&CK Framework, how it can be used to classify adversary behaviors, and what to know about the latest MITRE evaluation.

Mobile Malware

Mobile malware is a malicious software that targets smartphones, tablets, and other mobile devices with the end goal of gaining access to private data. Although Mobile Malware is not as prolific as it’s counterpart (malware that attacks traditional workstation) it's a growing threat for all organizations.

Multi-Cloud Security

Multi-cloud security is the practice of securing multiple cloud environments, each with its distinct security protocols, compliance requirements, and data privacy standards.

Multi-factor Authentication (MFA)

Multi-factor Authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity. This provides an additional layer of security to protect against unauthorized access to sensitive information.
N

Next-Generation Antivirus (NGAV)

In contrast to legacy antivirus technology, next generation antivirus (NGAV) advances threat detection by finding all symptoms of malicious behavior rather than focusing on looking only for known malware file attributes. 
O

Open Source Intelligence (OSINT)

Open Source Intelligence (OSINT) refers to the collection, analysis, and dissemination of information that is publicly available and accessible to anyone. This includes information from sources such as social media, news articles, government reports, and other publicly available data. OSINT is used by individuals and organizations to gather intelligence and insights on various topics, including cybersecurity, market research, and competitive analysis. It can also be used by law enforcement and intelligence agencies to gather intelligence for investigations and operations. OSINT is often used in conjunction with other forms of intelligence gathering, such as human intelligence (HUMINT) and signals intelligence (SIGINT).

Operations Technology

The hardware and software systems used to operate industrial control devices.

Related Term(s): Industrial Control System

P

Pass-the-Hash (PtH) and Pass-the-Ticket (PtT)

PtH and PtT techniques target authentication mechanisms. Both enable attackers to escalate privileges and gain access to resources.

Passive Attack

An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.

Related Term(s): active attack

Password Security

A password is the key to open the door to an account. Don’t let network integrity fall victim to poor password habits. Improve your password security know-how.

Patch Management

Patch management helps defend against vulnerabilities through the identification and deployment of updates or patches to fix software flaws.

Penetration

An unauthorized act of bypassing the security mechanisms of a network or information system.

Synonym(s): penetration

Penetration Testing

A penetration test, also known as a pen test, pentest, or ethical hacking is a type of security assessment that simulates cyberattacks against a computer system and is performed to evaluate how weak (or strong) the security of the system is.

Personally Identifiable Information (PII) & Personal Health Information (PHI)

PII and PHI refer to an individual's unique data. Due to their potential for identity theft and fraud, they are prime targets for criminals.

Phishing Scams

70% of ransomware attempts come from phishing scams. Learn how to recognize phishing scams and methods to avoid phishing attacks on your enterprise.

Polymorphic Malware

Polymorphic malware refers to malicious software that can change or morph its code, making it difficult for traditional antivirus solutions to detect. This ability to evolve allows polymorphic malware to evade signature-based detection methods, which rely on static patterns or signatures to identify known threats.

Precursor

An observable occurrence or sign that an attacker may be preparing to cause an incident.

Related Term(s): indicator

Principle of Least Privilege (PoLP)

PoLP advocates for granting users the minimum level of access and permissions necessary to perform their own tasks to secure access control.

Privileged Access Management (PAM)

Privileged Access Management (PAM) is a comprehensive security solution designed to manage and monitor access to privileged accounts and critical systems, ensuring that only authorized individuals can utilize these powerful privileges.
R

Ransomware

Ransomware is a type of malware that blocks access to your system or personal files until a ransom is paid. Learn actionable tips to defend yourself.

Ransomware Rollback

Ransomware rollback is a feature in some advanced XDR solutions that enables organizations to restore their encrypted files to a pre-attack state, effectively reversing the effects of a ransomware attack. This is achieved by leveraging advanced technologies such as continuous data protection, behavioral analysis, and machine learning to monitor and record changes in files over time. In a ransomware attack, the XDR solution can quickly roll back the affected files to their original state before the encryption occurs.

Ransomware-as-a-Service (RaaS)

RaaS allows cybercriminals with limited skills to launch sophisticated cyberattacks, expanding the reach and impact of ransomware campaigns.

Reconnaissance

In the cyber kill chain, threat actors perform reconnaissance to gather data about their intended victims to plan more effective cyberattacks.

Red Hat OpenShift

Red Hat OpenShift is a container application platform designed to help developers build, deploy, and manage containerized applications in any infrastructure. It provides an enterprise-grade, scalable, and secure environment for modern application development. OpenShift is based on Kubernetes, an open-source container orchestration system, and adds developer and operations-centric tools to Kubernetes.

Red Team

A red team simulates real-world cyber attacks to test an organization's defenses and identify vulnerabilities. By providing a realistic test of defenses and offering recommendations for improvement, red teams can help organizations stay safe from cyber threats.

Red Team Exercise

An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise’s information systems.

Related Term(s): cyber exercise

Redundancy

Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.

Regulatory Compliance

Regulatory compliance provides the standard laws and controls for the protection and management of sensitive data and digital systems.

Remote Code Execution (RCE)

RCE allows malicious actors to execute arbitrary code on a targeted system to gain unauthorized access and take control.

Resilience

The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.

Response

The activities that address the short-term, direct effects of an incident and may also support short-term recovery.

Related Term(s): recovery

Risk

The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.

Risk Analysis

The systematic examination of the components and characteristics of risk.

Related Term(s): risk assessment, risk

Risk Assessment

The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.

Related Term(s): risk analysis, risk

Risk Management

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.

Related Term(s): enterprise risk management, integrated risk management, risk

Role Based Access Control (RBAC)

RBAC is a systematic approach that assigns permissions and privileges to individuals or entities based on their roles and responsibilities.

Ryuk Ransomware

Ryuk is one of the first ransomware families to have the ability to identify and encrypt network drives and resources, and delete shadow copies on the victim endpoint.
S

Scam Websites

Website scams are fraudulent schemes designed to deceive, manipulate, or exploit internet users by posing as legitimate websites, services, or businesses. These scams often aim to steal sensitive information, such as personal details, financial data, or login credentials, or to trick users into downloading malicious software, making payments for non-existent products or services, or participating in other malicious activities. Being aware of common website scam tactics and practicing safe browsing habits can help protect against these online threats.

SecOps (Security Operations)

SecOps, or Security Operations, is a collaborative approach to cybersecurity that integrates security and IT operations teams' processes and tools. By bridging the gap between these traditionally separate teams, organizations can achieve a more cohesive and efficient response to security threats, enhance their overall security posture, and mitigate risks effectively.

Secret Key

A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.

Related Term(s): symmetric key

Security Automation

The use of information technology in place of manual processes for cyber incident response and management.

Security Information and Event Management (SIEM)

SIEM, or Security Information and Event Management, is a comprehensive cybersecurity approach that combines the functionalities of Security Information Management (SIM) and Security Event Management (SEM). Its primary goal is to provide organizations with a unified platform for gathering, analyzing, and correlating security event data from various sources, such as firewalls, intrusion detection systems, and antivirus software. By doing so, SIEM solutions enable real-time threat detection, alerting, and incident response, ensuring an efficient defense against potential cyberattacks.

Security Operations Center (SOC)

A Security Operations Center, or SOC, is a centralized facility where a team of cybersecurity experts works together to monitor, detect, analyze, and respond to various security incidents within an organization's digital infrastructure. The primary objective of a SOC is to minimize the impact of cyberattacks, protect sensitive data, and ensure the confidentiality, integrity, and availability of your organization's information assets.

Security Orchestration, Automation, and Response (SOAR)

SOAR (Security Orchestration, Automation, and Response) is a cybersecurity strategy that streamlines and optimizes security operations by integrating multiple security tools and automating routine tasks. It enables efficient threat detection, analysis, and response, fostering collaboration within security teams and minimizing the risk of human error.

Security Policy

A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.

Security Vulnerability

A security vulnerability is a weakness in a computer system or network that can be exploited by attackers to gain unauthorized access or cause harm.

Serverless Architecture

Serverless architecture is a cloud computing execution model where the cloud provider dynamically manages the allocation and provisioning of resources. Unlike traditional architectures, serverless allows developers to build and deploy applications without worrying about the underlying infrastructure

Shadow IT

Shadow IT is the unauthorized use of technology by employees within an organization, including software, hardware, and cloud services. This phenomenon often arises when employees bypass IT policies and procedures to use unapproved tools or services to accomplish their tasks more efficiently. While Shadow IT can sometimes lead to productivity gains, it also exposes organizations to potential security risks, compliance issues, and financial liabilities.

Shadow SaaS

Shadow SaaS, also known as "Shadow IT," refers to the unauthorized use of Software as a Service (SaaS) applications within an organization without the knowledge or approval of the IT department. This can include cloud-based services, apps, and software tools that employees access to perform their job duties more efficiently or conveniently. While these solutions may offer short-term productivity gains, they can pose significant security risks to the organization as they bypass established security policies and protocols.

SIM Swapping

SIM swapping is used by cybercriminals to take control of a victim's mobile phone number to access sensitive accounts and data.

Situational Awareness

In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.

Social Engineering

Social engineering tactics manipulate users by exploiting human emotions. Users can be tricked into giving up sensitive data or access.

Software Assurance

The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.

Spam

The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Spear Phishing

Spear phishing is a more sophisticated, coordinated form of phishing. It’s called spear phishing because it uses familiar, personalized information to infiltrate a business through one person.

Spoofing

The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.

Spyware

Spyware is a type of malicious software that is installed on a device without the user's knowledge or consent. It is used to collect sensitive information and transmit it to a third party without the user's knowledge. Spyware can compromise personal information, slow down a device, and disrupt its performance.

SRE (Site Reliability Engineering)

Site Reliability Engineering (SRE) is a discipline that combines software engineering and systems engineering principles to build and maintain reliable, scalable, and efficient software systems. SREs focus on automating infrastructure management, monitoring system performance, and proactively addressing potential issues.

Supervisory Control and Data Acquisition

A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.

Related Term(s): Industrial Control System

Supply Chain

A supply chain attack targets a company's supply chain to gain access to its systems/networks. These attacks can result in data theft, operational disruption, and damage to a company's reputation.

Supply Chain Risk Management

The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Related Term(s): supply chain

Symmetric Crytography

A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).

System Log File / Syslog

A syslog, short for System Log, is a standardized logging protocol used to record and manage log messages generated by various devices and applications within an IT infrastructure. Syslog is widely adopted across operating systems, such as Linux, Unix, and macOS, and is also supported by many network devices and applications.

Systems Development

In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.

Systems Requirements Planning

In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.

T

TCO (Total Cost of Ownership)

The total cost of ownership (TCO) in cybersecurity refers to the cost associated with implementing, maintaining, and managing a cybersecurity infrastructure. This includes the direct costs of hardware, software, and services and the indirect costs related to business continuity, staff productivity, risk management, and organizational efficiency. Understanding TCO allows organizations to make informed decisions about their cybersecurity investments and allocate resources effectively.

Threat

A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.

Threat Actor

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. Related Term(s): adversary, attacker

Threat Analysis

In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.

Threat Assessment

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.

Related Term(s): threat analysis

Threat Hunting

Curious about threat hunting? Is your security team actively searching for malicious actors & hidden threats on your network? If not, read about how they can!

Threats, Techniques & Procedures (TTPs)

TTPs are a comprehensive framework of strategies and tactics used by cyber adversaries, shedding light on their motives and methods.

Traffic Light Protocol (TLP)

TLP, or Traffic Light Protocol, is a system used to classify and handle sensitive information in cybersecurity. It consists of four colors - red, amber, green, and white - each representing a different level of sensitivity and corresponding guidelines for handling the information.

Triple Extortion

Triple extortion adds a third layer to ransomware attacks. After encryption, exfiltration and ransom, threat actors extort with DDoS attacks.

Trojan Horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

V

Virtual Private Networks (VPN)

VPNs are secure tunnels allowing users to access the internet or a private network while remaining confidential and protected from threats.

Virus

A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

Related Term(s): macro virus

Vulnerability Assessment and Management

In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

W

Weakness

A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.

Related Term(s): vulnerability

White Team

A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.

Related Term(s): Blue Team, Red Team

Whitelist

A list of entities that are considered trustworthy and are granted access or privileges.

Related Term(s): blacklist

Windows PowerShell

How can PowerShell impact your business's valuable assets? Learn the basics of PowerShell, why it's attractive to hackers & how to protect the enterprise.

Worm

A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

X

XDR

Protecting the organization across multiple layers requires an XDR platform, but what is XDR exactly? And what should you look for when choosing a solution?
Z

Zero Trust Architecture

Zero trust is a design approach that ensures that security is prioritized over any form of trust gained by users.

Zero-Day

Zero Days (0-Days) occur more than you think. Read how threat actors exploit vulnerabilities to perform Zero Day attacks & how to defend against them.