Cybersecurity 101: A Complete Cybersecurity Glossary

Cybersecurity is becoming even more important in today’s world. From people protecting their personal information to organizations safeguarding their sensitive data, you need to understand these cybersecurity terms. 


Check out Huntress's comprehensive cybersecurity glossary to learn key cybersecurity terminology and the most commonly used words and phrases of cybersecurity professionals use. Consider this your cybersecurity encyclopedia to help you make informed decisions about online security and stay updated on emerging threats.

Glitch effectGlitch effectGlitch effect
A
Text Link
Access Control List (ACL)

ACLs are a list of permissions or rules that define who or what has permission to access a specific resource, such as computer systems and network resources.

Text Link
Account Takeover (ATO)

An account takeover, or ATO, is an attack that occurs when a threat actor gains unauthorized access to a user’s account credentials and takes over the account to commit malicious activity, such as fraud or data theft.

Text Link
Active Directory

A Microsoft Windows directory service that helps administrators configure permissions and network access to ensure security.

Text Link
Active Directory Security

A directory service offered by Microsoft Windows, Active Directory (AD) helps administrators configure permissions and network access. AD controls who can access what resources, like files and printers, and makes it easier for IT teams to manage the entire network.

Text Link
Address Resolution Protocol (ARP) Spoofing

A cyberattack where a hacker intercepts data by tricking a device into sending messages to the hacker instead of the intended recipient. Also referred to as ARP poisoning.

Text Link
Advanced Persistent Threat (APT)

An APT is a sophisticated and long-term cyberattack where threat actors secretly gain access to a network to steal sensitive data. These attacks are often highly targeted and difficult to detect, as attackers aim to remain hidden for extended periods.

Text Link
Adversarial AI

Adversarial AI or adversarial machine learning (ML) looks to ruin the performance of AI/ML systems by manipulating or misleading them. These attacks on machine learning systems can occur at multiple stages across the model development life cycle.

Text Link
Adversary-in-the-Middle (AITM) Attack

An attack where the attacker intercepts data from a sender to the recipient and then from the recipient back to the send. AITM enables attackers to not just harvest credentials, but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. It was formerly known as a Main-in-the-Middle (MitM) attack.

Text Link
Adware

Adware is software that displays unwanted advertisements on your computer or mobile device. These ads can appear as pop-ups or banners, or even take over your entire screen. While usually not as harmful as other types of malware like viruses or ransomware, adware can be annoying and intrusive, slowing down your device's performance and potentially tracking your online activity for targeted advertising purposes.

Text Link
Agent

A background program that performs tasks on a computer without direct user interaction.

Text Link
Air Gap/Wall

An air gap is a security measure that physically isolates a network or device from external networks, including the internet, to prevent unauthorized access.

Text Link
Algorithm

A set of rules or steps a computer follows to solve problems or perform tasks, often used in encryption and data processing.

Text Link
Allowlisting

Allowlisting is a security measure that permits only pre-approved applications to run on a device or network.

Text Link
Amazon Web Services (AWS) Cloud Security

Best practices and recommendations for scaling and enhancing security in AWS cloud environments.

Text Link
Antivirus (AV)

Antivirus is a type of software that is designed to prevent, search for, detect and remove viruses and other malware from a computer. AV software is typically installed on the endpoint to block malicious software from infecting the machine, mobile device or network. It works by scanning a file, program or application and comparing a specific set of code with information stored in its database. If the software finds code that is identical or similar to a piece of known malware in the database, that code is deemed malicious and is quarantined or removed.

Text Link
API Security

Security that entails implementing strategies to protect data confidentiality, integrity, and availability. This includes establishing authentication and authorization protocols to ensure that only authorized users and applications can access the API.

Text Link
Application Access

When an application is running in an environment, it has access to everything in that environment, including sensitive files and networked devices.

Text Link
Application Definition

The set of files and custom rules that make up a particular application.

Text Link
Application Exploits

These occur when cyber threat actors take advantage of vulnerabilities within an application, usually to gain unauthorized access.

Text Link
Application Security Orchestration and Correlation (ASOC)

ASOC tools are a category of application security (AppSec) solutions designed to streamline and automate key workflows and security processes. These tools assist development teams in automating vulnerability management, risk assessment, and remediation and orchestrating data from various security solutions, thereby enhancing vulnerability testing and remediation through workflow automation.

Text Link
Application Security Posture Management (ASPM)

ASPM is a vital practice focused on ensuring applications meet stringent security standards and identifying vulnerabilities.

Text Link
AppSec

The process of finding, fixing and preventing security vulnerabilities at the application level, as part of the software development process.

Text Link
Attack Vectors

An attack vector is the method or combination of methods that cybercriminals use to breach or infiltrate a victim’s network illegally. Attack vectors are often complex and involve gathering intelligence and identifying weak points for exploitation to gain network access.

Text Link
Audit Event

Any security-relevant occurrence within a system that is logged for review.

Text Link
Audit File

A file containing a collection of audit events, providing a record of system activity.

Text Link
Authentication

Authentication is the process of verifying a user's or device's identity. Methods include passwords, biometrics (fingerprints, facial recognition), and security tokens.

B
Text Link
Backdoor Attacks

Similar to a secret entrance into a house, backdoor attacks are hidden ways of bypassing normal authentication to get unauthorized access to a system. Backdoors can be intentionally created by attackers or unintentionally left by developers during the software development process.

Text Link
Backup

Typically involving online or offsite storage, a backup or backing up saves data to a separate location to ensure its recovery in case of loss or damage.

Text Link
Behavioral Analytics

User behaviors are analyzed within networks and applications to find unusual activity that may mean “security threat”. This can involve monitoring user activities like logins, file access, and email interactions, to find deviations from typical patterns and examining the system itself for anomalies like unexpected resource consumption, unusual network traffic, or unexpected software changes.

Text Link
Black Hat

A black hat describes a threat actor who uses advanced hacking skills for malicious purposes. They exploit vulnerabilities to steal data, disrupt services, or cause harm.

Text Link
Blocklist

As the name implies, a blocklist is a security mechanism that blocks or prohibits the execution of programs on a known malicious list. It’s also a firewall list created to block IPs with malicious reputations.

Text Link
Bootkit

A type of malware that subverts the booting mechanism and operating system of a computer in order to avoid detection.

Text Link
Botnet

A collection of computers compromised by malicious code used to run a remote control agent granting an attacker the ability to take advantage of system resources. Typically used for DDOS attacks, hosting false web services or transmitting spam.

Text Link
Bring Your Own Device (BYOD)

A policy allowing employees to use personal devices for work, which can introduce security risks if not properly managed.

Text Link
Brute Force Attack

A brute force attack is a type of cyber attack that use trial-and-error to guess login credentials and encryption keys systematically until successful.

Text Link
Built-in Tools

Tools included in the basic functionality of a platform without requiring additional modifications.

Text Link
Business Email Compromise (BEC)

A scam that uses social engineering and manipulation to trick victims into making fraudulent transactions or divulging sensitive information.

C
Text Link
Canaries

Named after the songbirds, Ransomware Canaries describe the physical or virtual devices that mimic other devices to lure attackers, helping study their behaviors.

Text Link
CIS Benchmarks

Developed by the Center for Internet Security, CIS benchmarks are comprehensive security configuration guidelines for specific technologies to help organizations fight cyber threats.

Text Link
Cloud Access Security Broker (CASB)

A security checkpoint between cloud users and applications, CASB manages and enforces data security policies including authentication and encryption.

Text Link
Cloud Application Security

Cloud application security is the process of securing cloud-based software applications throughout the development lifecycle.

Text Link
Cloud Application Security

Protecting cloud-based software applications throughout their development lifecycle.

Text Link
Cloud Compromise Assessment

In-depth evaluations of cloud infrastructures to identify and mitigate security risks, ensuring a strong security posture.

Text Link
Cloud Computing

Providing online access to shared pools of configurable computing resources like servers, storage, applications, and services.

Text Link
Cloud Data Security

Technologies and policies that protect data in the cloud from loss, leakage, misuse, breaches, and unauthorized access.

Text Link
Cloud Governance

Policies and rules for managing cloud computing deployment, ensuring data security, system integration, and proper management.

Text Link
Cloud Incident Response

Procedures to follow when a cybersecurity incident occurs in a cloud environment.

Text Link
Cloud Native

Principles and practices for building secure applications in the cloud, essential for modern software development.

Text Link
Cloud Security Architecture

The comprehensive framework of hardware, software, and infrastructure protecting cloud environments and their components.

Text Link
Cloud Security Best Practices

Recommended practices for organizations to implement during cloud adoption to protect against cyberattacks.

Text Link
Cloud Security Frameworks

Sets of guidelines and controls for securing data, applications, and infrastructure in cloud computing environments.

Text Link
Cloud Workload Protection (CWP)

Continuous monitoring and removal of threats from cloud workloads and containers.

Text Link
Cloud-based

Systems, applications, and operations hosted or conducted over the internet.

Text Link
Code Security

The practice of writing and maintaining secure code, addressing vulnerabilities early in the development process to prevent them from reaching live environments.

Text Link
Cold Storage

Data stored on a database that is typically not quickly accessible and stored for a long period of time.

Text Link
Command and Control Server

A computer used by attackers to communicate with and control compromised devices.

Text Link
Container

A lightweight package of application code with dependencies such as a specific version of programming language runtime and libraries required to run a software service. Common container software are

Text Link
Cookie

A small file generated by a webserver, that contains information about a user’s settings, and is stored by the user’s browser.

Text Link
Credential Stuffing

A brute force attack using real, stolen credentials from a data breach.

Text Link
Credential Theft

The act of stealing personal information such as usernames, passwords, and financial information to gain unauthorized access.

Text Link
Cryptocurrency

Digital or virtual currency, often demanded in ransomware attacks due to its decentralized and untraceable nature.

Text Link
CTF

Capture The Flag (CTF), a cybersecurity exercise where participants find hidden text strings, called "flags", in vulnerable programs or websites. The Huntress CTF, is our our yearly month-long competition of daily challenges designed for experts and enthusiasts alike.

Text Link
Cyber Insurance

Cyber insurance is financial protection for businesses if a cyberattack happens. It can cover costs associated with data breaches like legal fees, reputation damage, and business interruption.

Text Link
Cyber Threat

Any potential harm originating from an online source, aiming to damage or disrupt operations.

Text Link
Cyberattack

An attempt to infiltrate or damage an individual’s or organization’s data or information systems, often for malicious purposes.

Text Link
Cybercriminals

Individuals or groups who initiate cyberattacks, also known as threat actors.

Text Link
Cybersecurity

Defensive measures taken to protect data and information systems from online threats like malware and ransomware.

Text Link
Cybersquatting

Registering and using an internet domain name identical or similar to trademarks, service marks, personal names, or company names with the intent of hijacking traffic for financial profit or delivering malware payloads.

D
Text Link
Dark Web Monitoring

Dark web monitoring is the process of searching for and tracking your organization's information on the dark web. This includes leaked passwords, stolen credit card information, or even intellectual property. By detecting these breaches early on, people and organizations can take steps to mitigate the damage and prevent further harm.

Text Link
Data Breach

A data breach describes a security incident where data is illegally accessed, stolen, or released by an unauthorized individual or group. This can include personal data like Social Security numbers and financial information, as well as corporate data like customer records and intellectual property.

Text Link
Data Encryption

Converting plain text into an encoded format to protect against unauthorized access.

Text Link
Data Exfiltration

Data exfiltration refers to the unauthorized transfer of data from a device or network. Cybercriminals use malware, insider threats, or exploiting vulnerabilities to steal data and transmit it to locations under their control. Threat actors can then use stolen data for malicious purposes like identity theft, espionage, or financial gain.

Text Link
Data Loss Prevention (DLP)

A set of policies, practices, and tools used to make sure sensitive data isn’t lost, misused, or accessed by unauthorized users. DLP solutions perform both content inspection and contextual analysis of data sent from or across corporate networks to give visibility into who is accessing data and systems (and from where) and filter data streams to restrict suspicious or unidentified activity. 

You can use DLP solutions to reduce the risk of sensitive data leaking outside your organization, and some solutions go beyond simple monitoring and detection to give alerts, enforce encryption, and isolate data as needed.

Text Link
Data Obfuscation

Disguising confidential or sensitive data to protect it from unauthorized access through tactics like masking, encryption, and tokenization.

Text Link
Data Poisoning

Compromising a training dataset used by an AI/ML model to manipulate its operation.

Text Link
Data Portability

The ability to transfer personal data easily from one service provider to another.

Text Link
Data Privacy

Ensuring proper storage, access, retention, and security of sensitive data to meet regulatory requirements and protect confidentiality.

Text Link
Data Protection vs. Data Security

Data protection focuses on safeguarding personal data from corruption, compromise, or loss, while data security encompasses all measures to guard against unauthorized access to digital data.

Text Link
Database Monitoring

Database monitoring involves continuously tracking database activities to optimize performance and ensure security. This combines performance monitoring like CPU usage and memory consumption, security monitoring for suspicious activities, and accessibility monitoring. 

Text Link
DDOS

Denial of Service and Distributed Denial of Service

Text Link
Default Deny

A strict security policy that blocks all actions unless explicitly permitted.

Text Link
Dependencies

Files required for software to run, such as DLLs in Windows.

Text Link
Disaster Recovery (Plan)

Procedures to recover data and operations following a cyberattack.

Text Link
DLP

Data Loss Prevention is a solution that detects and blocks the extraction of sensitive data by internal or external sources.

Text Link
Domain Admin Groups

Groups with administrative rights across all domains within an organization.

Text Link
Doxware

A type of ransomware that threatens to release sensitive data if the ransom is not paid.

Text Link
Dynamic ACLs

Advanced ACLs requiring user authentication before accessing resources.

E
Text Link
EDR vs MDR vs XDR

Learn the differences between endpoint detection and response (EDR), managed detection and response (MDR) and extended detection and response (XDR).

Text Link
Elevation Control

Users typically have limited access to a system. To do certain tasks (like installing software or modifying system settings), they might need more privileges (like administrator rights). Elevation control lets users run specific applications as administrators without having admin privileges.

Text Link
Email Spoofing

Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they’re more likely to open the email and click on things like malicious links or attachments.

Text Link
Encryption

Converting data into a coded format to prevent unauthorized access.

Text Link
Endpoint

Devices like computers, mobile phones, and servers that connect to and communicate with a network.

Text Link
Endpoint Detection and Response (EDR)

An integrated endpoint security solution designed to detect, investigate and respond to cyber threats. EDR solutions offer greater visibility into what’s happening on endpoints by recording granular endpoint activity and monitoring for signs of malicious behavior. If the EDR technology detects any of these malicious signs, it will provide security analysts with the necessary information to conduct both reactive and proactive threat investigations and minimize the impact of an attack.

Text Link
Endpoint Monitoring

Endpoint monitoring involves the continuous monitoring and management of devices that connect to a network, such as computers, mobile devices, and servers.

Text Link
Endpoint Protection Platforms (EPP)

Security technologies such as antivirus, data encryption, and data loss prevention that work together to detect and prevent security threats.

Text Link
Enterprise Solutions

Software designed to integrate multiple systems within an organization to streamline processes.

Text Link
Executables

Code files or programs that instruct a computer to perform specific actions when opened.

Text Link
Exploit

Taking advantage of vulnerabilities in systems or software to perform malicious acts.

Text Link
Extended Detection and Response (XDR)

XDRs collect and correlate data from various sources, including endpoints, cloud workloads, networks, and emails, to help mitigate cyber threats, unauthorized access, and other forms of misuse.

F
Text Link
Federal Information Security Management Act (FISMA)

FISMA is a U.S. federal law enacted in 2002 that requires federal agencies to implement information security programs to protect their data and information systems. It sets standards for how agencies should assess, manage, and mitigate cybersecurity risks.

Text Link
File Integrity Monitoring (FIM)

File Integrity Monitoring is a security process that monitors and analyzes the integrity of assets including file systems, directories, databases, and the Operating System.

Text Link
Fileless Malware

Fileless malware operates entirely within a computer's memory without ever touching the hard drive. This malicious software may either use legitimate tools or embed code in legitimate files, making detection difficult.

Text Link
Firewall

A firewall is a security system that monitors and filters incoming and outgoing network traffic to prevent unauthorized access to an organization's network. It acts as an outer barrier that either allows or blocks network traffic based on a predefined set of rules. It scans specific data packets—units of communication sent over networks—for malicious code or known threats. If a data packet is flagged, the firewall prevents it from entering the network.

Text Link
Footholds

Methods used by threat actors to reinstall malware on a device after it has been cleaned. Also known as “Persistence Mechanisms.”

Text Link
Full Disk Access (FDA)

A macOS TCC permission that allows software to access sensitive user information.

G
Text Link
General Data Protection Regulation (GDPR)

The GDPR is a European Union regulation on information privacy that governs how the personal data of people in the EU can be processed and transferred.

Text Link
Golden Ticket Attack

This type of attack refers to exploiting weaknesses in Kerberos to gain unauthorized access to Windows Active Directory controls, requiring initial system access.

Text Link
Google Cloud Platform (GCP)

Google Cloud Platform is one of the 3 major cloud providers. GCP lets businesses use Google's infrastructure and technology to build and run applications, analyze data, and power their operations.

H
Text Link
Health Insurance Portability and Accountability Act (HIPAA)

A US federal law established in 1996, HIPAA mandates the protection and confidential handling of people’s medical information.

Text Link
Honeypots

Honeypots are cybersecurity mechanisms that gather intelligence on cybercriminals' identities, methods, and motivations. They use decoy targets to lure cybercriminals away from legitimate targets.

I
Text Link
Incident Response

Incident response in cybersecurity refers to the strategies and procedures for responding to cyber threats and attacks in a network.

Text Link
Information Security or InfoSec

InfoSec is the policies and procedures put in place by the organization to protect sensitive data from unauthorized access.

Text Link
Infrastructure-as-a-Service (IaaS)

IaaS is a type of cloud computing where the provider offers the customer the ability to create virtual networks within a cloud-based computing environment.

Text Link
Initial Access

The point of entry into a network or system; Process by which an adversary gains entry (the initial foothold) to a victim’s network or system.

Text Link
Integrations

In cybersecurity, integrations describe the capability of different computers and software systems to work together and exchange data.

Text Link
Intrusion Detection System (IDS)

IDS is a security tool that detects the presence of cyber threats and notifies administrators. HIDS (Host-based Intrusion Detection) and NIDS (Network-based Intrusion Detection) can also be used, which are IDS tools used specifically for either the endpoints (host) or the network.

Text Link
IP (Internet Protocol) Address

A unique identifier for a device connected to the internet, represented as a string of numbers and characters.

Text Link
IPS (Intrusion Prevention System)

Intrusion Prevention System is a form of network security that can identify malicious activity, collect information about said activity, report it and attempt to block or stop it. An IPS works by actively scanning and analyzing network traffic for malicious activities and known attack patterns. Similar to an IDS, intrusion prevention systems are designed to warn of suspicious activity, but the key difference is that they can also take automated action and respond to active threats based on a predetermined set of rules.

Text Link
ITDR

Identity Threat Detection and Response (ITDR) is a cybersecurity framework that helps protect user identities and systems from cyberattacks.

Text Link
ITDR (Identity Threat Detection and Response)

A cybersecurity discipline that focuses on helping organizations and individuals protect their identity infrastructure and assist with remediation related to identity-centric attacks.

J
Text Link
Just-in-time (JIT)

JIT refers to enabling specific privileges only when needed and disabling it when no longer required. This significantly reduces the window of vulnerability and minimizes the risk of unauthorized access or misuse of elevated privileges.

K
Text Link
Kerberos

Using cryptography, Kerberos is an authentication protocol that verifies the identity of users and hosts.

Text Link
Keylogger

A keylogger is a software that an attacker uses to record keystrokes remotely on a physical keyboard and capture passwords or other critical information.

L
Text Link
LAN (Local Area Network)

A LAN is a grouping of electronic devices in the same physical location.

Text Link
Least Privilege

Giving users the minimum access necessary to perform their job functions, least privilege is a security measurement that limits access to sensitive data to only the people who truly need it for their work.

Text Link
LOLBins

LOLBins stands for Living Off the Land Binaries. These are legitimate, preinstalled programs or tools that come with the operating system (like Windows or MacOS).  Attackers exploit these legitimate tools for malicious purposes instead of introducing new, suspicious files.

M
Text Link
Machine Learning (ML)

Machine learning lets computers learn from data and make decisions or predictions without being programmed to do so.

Text Link
Malspam

Malspam is a spam email that delivers malware, often through malicious attachments (like infected documents or executables) or links that, when clicked, download malware onto the recipient's device.

Text Link
Malware

Malicious software designed to harm a computer, network, or server. Malware includes things like viruses, worms, Trojans, ransomware, spyware, or adware.

Text Link
Malware Analysis

Malware analysis is the process of understanding the behavior and purpose of suspicious files or URLs to help detect and mitigate potential threats.

Text Link
Man-in-the-middle

This type of cyber attack involves a threat actor putting themselves in the middle of two parties, normally a user and an application, to intercept their communications or data exchanges to use for malicious purposes.

Text Link
Managed Detection and Response (MDR)

A cybersecurity service combining technology and human expertise to perform threat hunting, monitoring, and response. MDR technology collects and analyzes information from logs, events, networks, endpoints and user behavior—which is then paired with a team of experts who can take over to validate incidents, escalate critical events and provide recommended response actions so threats can be quickly remediated. MDR services are managed or co-managed by an outside partner to provide value to organizations that either have limited resources or lack the expertise to keep eyes on all of their potential attack surfaces.

Text Link
Managed IT Services

Managed IT services are services managed outside an organization by external vendors, where these service providers give businesses the expertise and resources to manage their IT infrastructure and operations. This can include tasks like network management, cybersecurity, data backup and recovery, and software updates, freeing up internal IT staff to focus on strategic initiatives.

Text Link
Managed Security Service Providers (MSSP)

Third-party organizations providing outsourced security services.

Text Link
Mobile Device Management (MDM)

Enrolling business devices in a SaaS that allows for easily deploying software to a large number of devices at once. Primarily used on macOS.

Text Link
Multi-Factor Authentication (MFA)

An authentication method that requires users to provide two or more verification factors before granting access or signing in. These factors can include something only the user would know (e.g., password/PIN), something only the user would have (e.g., token) or something only the user is (e.g., biometric). MFA then uses these factors to confirm the identity of someone who is requesting access to an application, website or another resource. MFA is a key factor in account takeover defense.

N
Text Link
National Institute of Standards and Technology (NIST)

NIST is a US agency advancing measurement science, standards, and technology to enhance economic security.

Text Link
Network Control

Endpoint firewalls that enable total control over network traffic using dynamic ACLs.

Text Link
Network Detection and Response (NDR)

An integrated network security solution designed to detect threats and suspicious behavior on an organization's networks using non-signature-based techniques (such as machine learning and other analytical techniques). NDR solutions track north/south network traffic that crosses the perimeter, as well as east/west lateral traffic to establish a baseline of normal behavior and raise alerts when anomalous behavior is detected. NDR solutions give security teams real-time visibility and awareness over network traffic and the ability to respond to perceived threats.

Text Link
Next-Generation Antivirus (NGAV)

An expanded version of antivirus that goes beyond performing signature-based detection—typically by incorporating some type of advanced technology—to prevent a wider range of attacks. Unlike traditional AV, next-generation AV focuses on events (files, processes, applications, network connections, etc.) to help identify malicious intent or activity. NGAV has emerged in recent years to address the proliferation of new types of malware and viruses that can easily bypass traditional AV.

O
Text Link
Observability

Understanding a system's internal state by observing its external outputs.

Text Link
On-Prem

On-premises is a physical infrastructural setup deployed, running, and maintained within the confines of an organization typically in a datacenter or COLO (Colocation Facility).

Text Link
Open Source Intelligence (OSINT)

OSINT refers to the gathering and analysis of publicly available data for intelligence purposes.

Text Link
Open Web Application Security Project (OWASP)

OWASP is an internet community focused on understanding web technologies and exploitations, also known as the OWASP Top 10.

P
Text Link
Packet Capture (PCAP)

PCAP is a network practice of intercepting data packets traveling over a network which a security team stores and analyzes.

Text Link
Password Management Tool

A password management tool is software that stores and protects confidential information like usernames and passwords for local applications and online services. A password manager will house a user’s passwords, as well as other information, in one convenient location with one master password. The information is encrypted and often requires multi-factor authentication to access.

Text Link
Payment Card Industry Data Security Standard (PCI-DSS)

PCI-DSS is a set of rules and guidelines for companies that handle credit card transactions to keep this information safe.

Text Link
Penetration Testing (Pen Test)

A pen test is a security exercise where a security expert tries to find and exploit vulnerabilities on a computer system. Pen tests are different from vulnerability scans in that they involve an actual attempt to exploit vulnerabilities, while vulnerability scans simply report on possible vulnerable code, applications, configurations, or operating systems.

Text Link
Persistence

Persistence enables malware by letting the malware keep running—all while the attacker stays undetected.

Text Link
Persistent Foothold

A persistent foothold is an attacker mechanism to automatically re-trigger some malware (maybe a stub or even fully loaded malware) across potential interruptions like restarts or user logoffs.

Text Link
Phishing

Malicious attempts to trick users into revealing sensitive information through deceptive emails or links. Learn more about phishing through our guide, What is Phishing (and How Does It Affect Your Business)?

Text Link
Platform-as-a-Service (PaaS)

PaaS is a complete cloud environment that includes everything developers need to build, run and manage applications.

Text Link
Proxy

A system or router that acts as a middleman between a user and the internet.

Q
Text Link
Quantum Computing

Very different from classical computing, quantum computing refers to advanced computing using quantum-mechanical phenomena.

R
Text Link
Ransomware

Ransomware is malicious software that encrypts data and demands payment, usually in the form of cryptocurrency, for its release.

Text Link
Red Team

A red team is a group of internal or external IT experts who simulate the actions of adversarial malicious attacks on a network as an exercise.

Text Link
Remote Access

As the name implies, remote access refers to accessing network resources from a geographical distance through a network connection.

Text Link
Rogue Apps

Rogue Apps is a new Managed ITDR capability that enables Huntress to identify unsafe applications installed in a protected tenant. Rogue Apps represents Managed ITDR’s next step in wrecking hacker identity tradecraft. With this new capability, Huntress detects “Traitorware,” which are legitimate apps used badly that we detect by name, and “Stealthware,” which refers specifically to unknown apps that our algorithm marks as suspicious.

S
Text Link
Security Operations Center (SOC)

A centralized unit that deals with security issues on an organizational and technical level. SOCs are typically staffed with a team of domain experts (either in-house or outsourced) who focus on preventing, detecting, analyzing and responding to cybersecurity incidents. A SOC acts as a central command post that continuously monitors an organization’s environments and toolsets and improves its security posture. Learn more about what the Huntress SOC brings to your tech stack.

Text Link
Security Orchestration, Automation and Response (SOAR)

A collection of software solutions and tools that aggregate security intelligence and context from disparate systems, and applies machine intelligence to streamline (or even completely automate) the threat detection and response process. SOAR combines three software capabilities: the management of threats and vulnerabilities (orchestration), automating security operations (automation) and responding to security incidents (response). Due to its aggregation and automation capabilities, SOAR solutions are often used by security operation centers (SOCs) to collect threat-related data from a range of sources and automate the responses to certain threats.

Text Link
Session

A session is a time-limited conversation between two or more devices over the internet.

Text Link
Session Hijacking

Session hijacking is an attack where a threat actor manipulates a session token to gain unauthorized access to information.

Text Link

SIEM stands for security, information, and event management. SIEM is a software solution that aggregates and analyzes activity from many different sources across an entire IT infrastructure. A SIEM gathers immense amounts of data from an entire networked environment, then consolidates and makes that data human accessible. With the data categorized and laid out, SIEM solutions are often used by security operation centers (SOCs) to streamline visibility across an environment, centralize data for security monitoring and investigate logs and events for incident response.

Text Link
Software-as-a-Service (SaaS)

SaaS is a software licensing model which allows access to software on a subscription basis using external servers.

Text Link
SPAN

A switched port analyzer is a dedicated port on a switch that sends a mirrored copy of network traffic from within the core switch or firewall to a destination. People use it to review network traffic using software like Wireshark.

Text Link
Spear Phishing

Spear phishing is a targeted phishing attack using researched information to deceive specific individuals.

Text Link
SQL Injection (SQLi)

A cyberattack that injects malicious SQL code into an application to view or modify a database.

Text Link
Stealthware

Unknown and rare applications with broad permissions that provide attackers with a backdoor into the tenant environment. These globally unique, single, or multi-tenanted malicious applications often fly under the radar of traditional security tools and can be leveraged for persistent access, phishing campaigns, and data theft.

Text Link
Suricata

An open source detection engine that acts as an IDS (Intrusion Detection System).

Text Link
Syslog

A protocol that computer systems use to send event data logs to a central location for storage.

T
Text Link
TCP/IP

Transmission Control Protocol/Internet Protocol is a set of standardized rules that allow computers to communicate on a network such as the internet

Text Link
Threat Actor

Threat actor refers to people or groups conducting cyberattacks with malicious intent.

Text Link
Threat Hunting

Proactively searching across various telemetry for threats is referred to as threat hunting. This involves analyzing system logs, network traffic, and other data sources to uncover malicious activity that may have evaded existing security controls.

Text Link
Traitorware

Legitimate applications often abused by attackers, such as eM Client, PerfectData Software, and Newsletter Software Supermailer. These applications may appear harmless but can be exploited for malicious activities like phishing, data exfiltration, and financial fraud.

Text Link
Transparency, Consent, & Control (TCC)

A database stored locally on macOS computers designed to restrict software from accessing sensitive user information. Commonly used for applying Full Disk Access for software.

Text Link
Tunnel

In cybersecurity, a tunnel is a secure, encrypted connection that lets data be transmitted privately over an untrusted network.

U
Text Link
Unauthorized Access

Unauthorized or unwanted access occurs when a person or entity gains access without permission to connect to or use a system and perform malicious actions.

Text Link
Unified Audit

Unified audits combine multiple logs into a single location for centralized viewing and analysis. They comprehensively view security events across the entire IT infrastructure, including endpoints, servers, networks, and cloud environments.

Text Link
User and Entity Behavior Analytics (UEBA)

UEBA is a cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of users as well as routers, servers and endpoints in a network.

V
Text Link
Virtual Machines (VM)

A virtual computer image that behaves like an actual computer, a virtual machine can run its own separate computing environment, typically inside of a server.

Text Link
Virtual Private Network (VPN)

Remote work environments often use VPNs as an encrypted tunnel for secure network resource access.

Text Link
Vishing

Typically short for voice phishing, vishing involves fraudulent phone calls that trick a victim into giving sensitive data like login credentials, credit card numbers, or bank details.

Text Link
Vulnerability

Vulnerabilities are weaknesses in software or hardware that can be exploited by malicious actors. Examples include a flaw in software, a misconfiguration, or a human error.

W
Text Link
Weaponization

In cybersecurity, weaponization uses non-harmful tools or documents maliciously to inflict harm.

Text Link
Web Application Firewall (WAF)

WAF is a tool that helps protect web-based applications, mobile apps, and APIs from cyber attacks by filtering and monitoring HTTP traffic between them and the Internet.

X
Text Link
XSS (Cross-Site Scripting)

XSS (cross-site scripting) is a code injection attack where malicious code is inserted into a legitimate website.

Y
Text Link
Yara Rules

Yara rules define patterns using a specialized rule-writing language. When a file or process is analyzed, Yara compares it against these rules. If the file or process matches the criteria defined in a rule, it's flagged as potentially malicious.

Z
Text Link
Zero Trust Architecture

A Zero Trust Architecture refers to the way network devices and services are structured to enable a Zero Trust security model.

Text Link
Zero Trust Network Access (ZTNA)

ZTNA is an IT technology solution that requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Text Link
Zero Trust Security

Zero Trust is a security concept requiring all users to be authenticated and authorized before granting access to applications and data.

Text Link
Zero-Day Vulnerabilities

Zero-day vulnerabilities are security vulnerabilities unknown to developers, which become exploited by attackers before developers can release a fix.