Cybersecurity 101: The Fundamentals of Cybersecurity

Active Directory is a directory service offered by Microsoft Windows that helps administrators configure permissions and network access.

An attack that occurs when a threat actor gains unathorized access to a user’s account creditials and takes over the account to commit malicious activity, such as fraud or data theft.

A list of permissions that controls network traffic by specifying which users or systems are granted access to specific resources.

A Microsoft Windows directory service that helps administrators configure permissions and network access to ensure security.

Adversarial AI or adversarial machine learning (ML) seeks to inhibit the performance of AI/ML systems by manipulating or misleading them. These attacks on machine learning systems can occur at multiple stages across the model development life cycle.

Saving data to a separate location to ensure its recovery in case of loss or damage, typically involving online or offsite storage.

Clandestine methods of bypassing normal authentication to gain unauthorized access to a system, akin to a secret entrance into a house.

Analyzing user behavior within networks and applications to detect unusual activity that may signify security threats.

A threat actor who uses advanced hacking skills for malicious purposes.

A security mechanism prohibiting the execution of programs on a known malicious list. Also, a firewall list created to block IPs with malicious reputations.

Physical or virtual devices mimicking other devices to lure attackers, helping study their behaviors.

Comprehensive security configuration guidelines for specific technologies developed by the Center for Internet Security to enhance an organization's ability to combat cyber threats.

A security checkpoint between cloud users and applications, managing and enforcing data security policies including authentication and encryption.

Protecting cloud-based software applications throughout their development lifecycle.

Cloud application security is the process of securing cloud-based software applications throughout the development lifecycle.

Dark web monitoring is the process of searching for, and tracking, your organization’s information on the dark web.

Continuous tracking of database activities to optimize performance and ensure security.

A security incident where data is illegally accessed, stolen, or released by an unauthorized individual or group.

Converting plain text into an encoded format to protect against unauthorized access.

The unauthorized transfer of data from a device or network.

Tools that monitor and record activities on devices, focusing on detecting and responding to suspicious activity.

Learn the differences between endpoint detection and response (EDR), managed detection and response (MDR) and extended detection and response (XDR).

Discover more about two of the most critical elements to every cybersecurity architecture – endpoint detection and response (EDR) and next-generation antivirus (NGAV) – and the points organizations should consider when selecting and integrating these tools.

Allows users to run specific applications as administrators without having admin privileges.

Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.

Malicious software that may either use legitimate tools, or embed code in legitimate files, making detection difficult.

File Integrity Monitoring is a security process that monitors and analyzes the integrity of assets including file systems, directories, databases, and the Operating System.

Software or hardware that filters network traffic to prevent unauthorized access to an organization's network.

A U.S. federal law enacted in 2002 that requires federal agencies to implement information security programs to protect their data and information systems.

Methods used by threat actors to reinstall malware on a device after it has been cleaned. Also known as “Persistence Mechanisms.”

Google Cloud Platform is one of the 3 major cloud providers.

A European Union regulation on information privacy that governs how personal data of individuals in the EU can be processed and transferred.

Exploiting weaknesses in Kerberos to gain unauthorized access to Windows Active Directory controls, requiring initial system access.

A U.S. federal law established in 1996 that mandates the protection and confidential handling of individuals' medical information.

Cybersecurity mechanisms that use decoy targets to lure cybercriminals away from legitimate targets, gathering intelligence on their identity, methods, and motivations.

Infrastructure-as-a-Service is a type of cloud computing where the provider offers the customer the ability to create virtual networks within a cloud-based computing environment.

Intrusion Detection System is a security tool to detect the presence of cyber threats in order to notify administrators. HIDS (Host-based Intrusion Detection) and NIDS (Network-based Intrusion Detection can also be used, which are IDS tools used specifically for either the endpoints (host) or network.

Strategies and procedures for responding to cyber threats and attacks in a network.

Policies and procedures to protect sensitive data from unauthorized access.

The capability of different computers and software systems to work together and exchange data.

Enabling something only when needed and disabling it when no longer required.

An authentication protocol that verifies the identity of users and hosts.

The software to record keystrokes remotely on a physical keyboard used by an attacker to capture passwords or critical information.

A network of electronic devices in the same physical location.

Giving users the minimum access necessary to perform their job functions.

Enables computers to learn from data and make decisions or predictions without being programmed to do so.

email spam that is used to deliver malware.

Malicious software designed to harm a computer, network, or server.

The process of understanding the behavior and purpose of suspicious files or URLs to help detect and mitigate potential threats.

A type of cyber attack a threat actor uses to put themselves in the middle of two parties, normally a user and an application to intercept their communications or data exchanges to use for malicious purposes.

Endpoint firewalls that enable total control over network traffic using dynamic ACLs.

U.S. agency advancing measurement science, standards, and technology to enhance economic security.

Understanding a system's internal state by observing its external outputs.

Gathering and analyzing publicly available data for intelligence purposes.

On-premises is a physical infrastructural setup deployed, running, and maintained within the confines of an organization typically in a datacenter or COLO (Colocation Facility).

Open Web Application Security Project an internet community focused on understanding web technologies and exploitations. Can also be known as the OWASP Top 10.

Platform-as-a-Service is a complete cloud environment that includes everything developers need to build, run and manage applications.

Software that stores and protects confidential information like usernames and passwords.

Packet Capture is a network practice of intercepting data packets traveling over a network which are stored and analyzed by a security team.

Payment Card Industry Data Security Standard is a set of rules and guidelines for companies who handle credit card transactions to keep such information safe and secure.

Penetration testing is a security exercise where a security expert attempts to find and exploit vulnerabilities on a computer system. Pen tests are different from vulnerability scans as there is an actual attempt at exploit while vulnerability scans simply report on possible vulnerable code, applications, configurations or operating systems.

Advanced computing using quantum-mechanical phenomena, significantly different from classical computing.

Malicious software that encrypts data and demands payment for its release.

A group of internal or external IT experts used to simulate the actions of adversarial malicious attacks on a network, as an exercise.

Accessing network resources from a geographical distance through a network connection.

Software-as-a-Service is a software licensing model which allows access to software on a subscription basis using external servers.

A time-limited conversation between two or more devices over the internet.

An attack where a threat actor manipulates a session token to gain unauthorized access to information.

SIEM stands for security, information, and event management, and it collects and analyzes data from various sources, such as logs, network traffic, and user activities.

Switched Port Analyzer is a dedicated port on a switch that takes a mirrored copy of network traffic from within the core switch or firewall to be sent to a destination. Commonly used to review network traffic using software such as WireShark.

A database stored locally on macOS computers designed to restrict software from accessing sensitive user information. Commonly used for applying Full Disk Access for software.

Transmission Control Protocol/Internet Protocol is a set of standardized rules that allow computers to communicate on a network such as the internet

Individuals or groups conducting cyber attacks with malicious intent.

Proactively searching across various telemetry for threats.

Securely moving network packets from one location to another.

User and Entity Behavior Analytics is a cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of users as well as routers, servers and endpoints in a network.

Access gained by a person or entity that does not have permission to connect to or use a system and perform malicious actions.

Combining multiple logs into a single location for centralized viewing and analysis.

A virtual computer image that behaves like an actual computer that can run its own separate computing environment typically inside of a server. Common virtual machine software are

An encrypted tunnel for secure network resource access.

Typically short for voice phishing is the use of fraudulent phone calls to trick a victim into providing sensitive data such as login credentials, credit card numbers, or bank details.

Weaknesses in software or hardware that can be exploited by malicious actors.

Using non-harmful tools or documents maliciously to inflict harm.

A tool that helps protect web-based applications, mobile apps, and APIs from cyber attacks by filtering and monitoring HTTP traffic between them and the Internet.

XDR is an acronym for extended detection and response. XDRs collect and correlate data from a variety of sources, including endpoints, cloud workloads, networks, and emails to help mitigate cyber threats, unauthorized access, and other forms of misuse.

A code injection attack where malicious code is inserted into a legitimate website.

Pattern-matching rules used to identify malware families by analyzing binaries.

Security vulnerabilities unknown to developers, exploited by attackers before a fix is released.

A Zero Trust Architecture refers to the way network devices and services are structured to enable a Zero Trust security model.

ZTNA is an IT technology solution that requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Zero Trust is a security concept that requires all users to be authenticated and authorized before being granted access to applications and data.