Cybersecurity is becoming increasingly important in today’s world. Explore our Cybersecurity 101 glossary to learn more.
Security that entails implementing strategies to protect data confidentiality, integrity, and availability. This includes establishing authentication and authorization protocols to ensure that only authorized users and applications can access the API.
ACLs are a list of permissions or rules that define who or what has permission to access a specific resource, such as computer systems and network resources.
An attack that occurs when a threat actor gains unathorized access to a user’s account creditials and takes over the account to commit malicious activity, such as fraud or data theft.
A Microsoft Windows directory service that helps administrators configure permissions and network access to ensure security.
A directory service offered by Microsoft Windows, Active Directory (AD) helps administrators configure permissions and network access. AD controls who can access what resources, like files and printers, and makes it easier for IT teams to manage the entire network.
A cyberattack where a hacker intercepts data by tricking a device into sending messages to the hacker instead of the intended recipient. Also referred to as ARP poisoning.
A prolonged, sophisticated cyberattack where an intruder remains undetected in a network to steal sensitive data.
Adversarial AI or adversarial machine learning (ML) looks to ruin the performance of AI/ML systems by manipulating or misleading them. These attacks on machine learning systems can occur at multiple stages across the model development life cycle.
An attack where the attacker intercepts data from a sender to the recipient and then from the recipient back to the send. AITM enables attackers to not just harvest credentials, but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. It was formerly known as a Main-in-the-Middle (MitM) attack.
Adware is software that displays unwanted advertisements on your computer or mobile device. These ads can appear as pop-ups or banners, or even take over your entire screen. While usually not as harmful as other types of malware like viruses or ransomware, adware can be annoying and intrusive, slowing down your device's performance and potentially tracking your online activity for targeted advertising purposes.
A background program that performs tasks on a computer without direct user interaction.
An air gap is a security measure that physically isolates a network or device from external networks, including the internet, to prevent unauthorized access.
A set of rules or steps a computer follows to solve problems or perform tasks, often used in encryption and data processing.
Allowlisting is a security measure that permits only pre-approved applications to run on a device or network.
Best practices and recommendations for scaling and enhancing security in AWS cloud environments.
Antivirus is a type of software that is designed to prevent, search for, detect and remove viruses and other malware from a computer. AV software is typically installed on the endpoint to block malicious software from infecting the machine, mobile device or network. It works by scanning a file, program or application and comparing a specific set of code with information stored in its database. If the software finds code that is identical or similar to a piece of known malware in the database, that code is deemed malicious and is quarantined or removed.
The process of finding, fixing and preventing security vulnerabilities at the application level, as part of the software development process.
When an application is running in an environment, it has access to everything in that environment, including sensitive files and networked devices.
The set of files and custom rules that make up a particular application.
These occur when cyber threat actors take advantage of vulnerabilities within an application, usually to gain unauthorized access.
ASOC tools are a category of application security (AppSec) solutions designed to streamline and automate key workflows and security processes. These tools assist development teams in automating vulnerability management, risk assessment, and remediation and orchestrating data from various security solutions, thereby enhancing vulnerability testing and remediation through workflow automation.
ASPM is a vital practice focused on ensuring applications meet stringent security standards and identifying vulnerabilities.
An attack vector is the method or combination of methods that cybercriminals use to breach or infiltrate a victim’s network illegally. Attack vectors are often complex and involve gathering intelligence and identifying weak points for exploitation to gain network access.
Any security-relevant occurrence within a system that is logged for review.
A file containing a collection of audit events, providing a record of system activity.
Authentication is the process of verifying a user's or device's identity. Methods include passwords, biometrics (fingerprints, facial recognition), and security tokens.
Similar to a secret entrance into a house, backdoor attacks are hidden ways of bypassing normal authentication to get unauthorized access to a system. Backdoors can be intentionally created by attackers or unintentionally left by developers during the software development process.
Typically involving online or offsite storage, a backup or backing up saves data to a separate location to ensure its recovery in case of loss or damage.
User behaviors are analyzed within networks and applications to find unusual activity that may mean “security threat”. This can involve monitoring user activities like logins, file access, and email interactions, to find deviations from typical patterns and examining the system itself for anomalies like unexpected resource consumption, unusual network traffic, or unexpected software changes.
A black hat describes a threat actor who uses advanced hacking skills for malicious purposes. They exploit vulnerabilities to steal data, disrupt services, or cause harm.
A security mechanism prohibiting the execution of programs on a known malicious list. Also, a firewall list created to block IPs with malicious reputations.
A type of malware that subverts the booting mechanism and operating system of a computer in order to avoid detection.
A collection of computers compromised by malicious code used to run a remote control agent granting an attacker the ability to take advantage of system resources. Typically used for DDOS attacks, hosting false web services or transmitting spam.
A policy allowing employees to use personal devices for work, which can introduce security risks if not properly managed.
Cyber attacks that use trial-and-error to guess login credentials and encryption keys systematically until successful.
Tools included in the basic functionality of a platform without requiring additional modifications.
A scam that uses social engineering and manipulation to trick victims into making fraudulent transactions or divulging sensitive information.
Comprehensive security configuration guidelines for specific technologies developed by the Center for Internet Security to enhance an organization's ability to combat cyber threats.
Capture The Flag, a cybersecurity exercise where participants find hidden text strings, called "flags", in vulnerable programs or websites. The Huntress CTF, is our our yearly month-long competition of daily challenges designed for experts and enthusiasts alike.
Physical or virtual devices mimicking other devices to lure attackers, helping study their behaviors.
A security checkpoint between cloud users and applications, managing and enforcing data security policies including authentication and encryption.
Cloud application security is the process of securing cloud-based software applications throughout the development lifecycle.
Protecting cloud-based software applications throughout their development lifecycle.
In-depth evaluations of cloud infrastructures to identify and mitigate security risks, ensuring a strong security posture.
Providing online access to shared pools of configurable computing resources like servers, storage, applications, and services.
Technologies and policies that protect data in the cloud from loss, leakage, misuse, breaches, and unauthorized access.
Policies and rules for managing cloud computing deployment, ensuring data security, system integration, and proper management.
Procedures to follow when a cybersecurity incident occurs in a cloud environment.
Principles and practices for building secure applications in the cloud, essential for modern software development.
The comprehensive framework of hardware, software, and infrastructure protecting cloud environments and their components.
Recommended practices for organizations to implement during cloud adoption to protect against cyberattacks.
Sets of guidelines and controls for securing data, applications, and infrastructure in cloud computing environments.
Continuous monitoring and removal of threats from cloud workloads and containers.
Systems, applications, and operations hosted or conducted over the internet.
The practice of writing and maintaining secure code, addressing vulnerabilities early in the development process to prevent them from reaching live environments.
Data stored on a database that is typically not quickly accessible and stored for a long period of time.
A computer used by attackers to communicate with and control compromised devices.
A lightweight package of application code with dependencies such as a specific version of programming language runtime and libraries required to run a software service. Common container software are
A small file generated by a webserver, that contains information about a user’s settings, and is stored by the user’s browser.
A brute force attack using real, stolen credentials from a data breach.
The act of stealing personal information such as usernames, passwords, and financial information to gain unauthorized access.
Digital or virtual currency, often demanded in ransomware attacks due to its decentralized and untraceable nature.
Any potential harm originating from an online source, aiming to damage or disrupt operations.
An attempt to infiltrate or damage an individual’s or organization’s data or information systems, often for malicious purposes.
Individuals or groups who initiate cyberattacks, also known as threat actors.
Defensive measures taken to protect data and information systems from online threats like malware and ransomware.
Registering and using an internet domain name identical or similar to trademarks, service marks, personal names, or company names with the intent of hijacking traffic for financial profit or delivering malware payloads.
Denial of Service and Distributed Denial of Service
Data Loss Prevention is a solution that detects and blocks the extraction of sensitive data by internal or external sources.
Dark web monitoring is the process of searching for, and tracking, your organization’s information on the dark web.
A security incident where data is illegally accessed, stolen, or released by an unauthorized individual or group.
Converting plain text into an encoded format to protect against unauthorized access.
The unauthorized transfer of data from a device or network.
A set of policies, practices and tools used to ensure that sensitive data is not lost, misused or accessed by unauthorized users. DLP solutions perform both content inspection and contextual analysis of data sent from or across corporate networks to provide visibility into who is accessing data and systems (and from where) and filter data streams to restrict suspicious or unidentified activity. DLP solutions are usually deployed as a way to reduce the risk of sensitive data leaking outside an organization, and some solutions can also go beyond simple monitoring and detection to provide alerts, enforce encryption and isolate data as needed.
Disguising confidential or sensitive data to protect it from unauthorized access through tactics like masking, encryption, and tokenization.
Compromising a training dataset used by an AI/ML model to manipulate its operation.
The ability to transfer personal data easily from one service provider to another.
Ensuring proper storage, access, retention, and security of sensitive data to meet regulatory requirements and protect confidentiality.
Data protection focuses on safeguarding personal data from corruption, compromise, or loss, while data security encompasses all measures to guard against unauthorized access to digital data.
Continuous tracking of database activities to optimize performance and ensure security.
A strict security policy that blocks all actions unless explicitly permitted.
Files required for software to run, such as DLLs in Windows.
Procedures to recover data and operations following a cyberattack.
Groups with administrative rights across all domains within an organization.
A type of ransomware that threatens to release sensitive data if the ransom is not paid.
Advanced ACLs requiring user authentication before accessing resources.
Tools that monitor and record activities on devices, focusing on detecting and responding to suspicious activity.
Learn the differences between endpoint detection and response (EDR), managed detection and response (MDR) and extended detection and response (XDR).
Discover more about two of the most critical elements to every cybersecurity architecture – endpoint detection and response (EDR) and next-generation antivirus (NGAV) – and the points organizations should consider when selecting and integrating these tools.
Allows users to run specific applications as administrators without having admin privileges.
Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.
Converting data into a coded format to prevent unauthorized access.
Devices like computers, mobile phones, and servers that connect to and communicate with a network.
Endpoint monitoring involves the continuous monitoring and management of devices that connect to a network, such as computers, mobile devices, and servers.
Security technologies such as antivirus, data encryption, and data loss prevention that work together to detect and prevent security threats.
Software designed to integrate multiple systems within an organization to streamline processes.
Code files or programs that instruct a computer to perform specific actions when opened.
Taking advantage of vulnerabilities in systems or software to perform malicious acts.
File Integrity Monitoring is a security process that monitors and analyzes the integrity of assets including file systems, directories, databases, and the Operating System.
A U.S. federal law enacted in 2002 that requires federal agencies to implement information security programs to protect their data and information systems.
.svg)
