Cybersecurity is becoming even more important in today’s world. From people protecting their personal information to organizations safeguarding their sensitive data, you need to understand these cybersecurity terms.
Check out Huntress's comprehensive cybersecurity glossary to learn key cybersecurity terminology and the most commonly used words and phrases of cybersecurity professionals use. Consider this your cybersecurity encyclopedia to help you make informed decisions about online security and stay updated on emerging threats.
PCAP is a network practice of intercepting data packets traveling over a network which a security team stores and analyzes.
A pen test is a security exercise where a security expert tries to find and exploit vulnerabilities on a computer system. Pen tests are different from vulnerability scans in that they involve an actual attempt to exploit vulnerabilities, while vulnerability scans simply report on possible vulnerable code, applications, configurations, or operating systems.
UEBA is a cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of users as well as routers, servers and endpoints in a network.
Security that entails implementing strategies to protect data confidentiality, integrity, and availability. This includes establishing authentication and authorization protocols to ensure that only authorized users and applications can access the API.
ACLs are a list of permissions or rules that define who or what has permission to access a specific resource, such as computer systems and network resources.
An attack that occurs when a threat actor gains unathorized access to a user’s account creditials and takes over the account to commit malicious activity, such as fraud or data theft.
A Microsoft Windows directory service that helps administrators configure permissions and network access to ensure security.
A directory service offered by Microsoft Windows, Active Directory (AD) helps administrators configure permissions and network access. AD controls who can access what resources, like files and printers, and makes it easier for IT teams to manage the entire network.
A cyberattack where a hacker intercepts data by tricking a device into sending messages to the hacker instead of the intended recipient. Also referred to as ARP poisoning.
A prolonged, sophisticated cyberattack where an intruder remains undetected in a network to steal sensitive data.
Adversarial AI or adversarial machine learning (ML) looks to ruin the performance of AI/ML systems by manipulating or misleading them. These attacks on machine learning systems can occur at multiple stages across the model development life cycle.
An attack where the attacker intercepts data from a sender to the recipient and then from the recipient back to the send. AITM enables attackers to not just harvest credentials, but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. It was formerly known as a Main-in-the-Middle (MitM) attack.
Adware is software that displays unwanted advertisements on your computer or mobile device. These ads can appear as pop-ups or banners, or even take over your entire screen. While usually not as harmful as other types of malware like viruses or ransomware, adware can be annoying and intrusive, slowing down your device's performance and potentially tracking your online activity for targeted advertising purposes.
A background program that performs tasks on a computer without direct user interaction.
An air gap is a security measure that physically isolates a network or device from external networks, including the internet, to prevent unauthorized access.
A set of rules or steps a computer follows to solve problems or perform tasks, often used in encryption and data processing.
Allowlisting is a security measure that permits only pre-approved applications to run on a device or network.
Best practices and recommendations for scaling and enhancing security in AWS cloud environments.
Antivirus is a type of software that is designed to prevent, search for, detect and remove viruses and other malware from a computer. AV software is typically installed on the endpoint to block malicious software from infecting the machine, mobile device or network. It works by scanning a file, program or application and comparing a specific set of code with information stored in its database. If the software finds code that is identical or similar to a piece of known malware in the database, that code is deemed malicious and is quarantined or removed.
The process of finding, fixing and preventing security vulnerabilities at the application level, as part of the software development process.
When an application is running in an environment, it has access to everything in that environment, including sensitive files and networked devices.
The set of files and custom rules that make up a particular application.
These occur when cyber threat actors take advantage of vulnerabilities within an application, usually to gain unauthorized access.
ASOC tools are a category of application security (AppSec) solutions designed to streamline and automate key workflows and security processes. These tools assist development teams in automating vulnerability management, risk assessment, and remediation and orchestrating data from various security solutions, thereby enhancing vulnerability testing and remediation through workflow automation.
ASPM is a vital practice focused on ensuring applications meet stringent security standards and identifying vulnerabilities.
An attack vector is the method or combination of methods that cybercriminals use to breach or infiltrate a victim’s network illegally. Attack vectors are often complex and involve gathering intelligence and identifying weak points for exploitation to gain network access.
Any security-relevant occurrence within a system that is logged for review.
A file containing a collection of audit events, providing a record of system activity.
Authentication is the process of verifying a user's or device's identity. Methods include passwords, biometrics (fingerprints, facial recognition), and security tokens.
Similar to a secret entrance into a house, backdoor attacks are hidden ways of bypassing normal authentication to get unauthorized access to a system. Backdoors can be intentionally created by attackers or unintentionally left by developers during the software development process.
Typically involving online or offsite storage, a backup or backing up saves data to a separate location to ensure its recovery in case of loss or damage.
User behaviors are analyzed within networks and applications to find unusual activity that may mean “security threat”. This can involve monitoring user activities like logins, file access, and email interactions, to find deviations from typical patterns and examining the system itself for anomalies like unexpected resource consumption, unusual network traffic, or unexpected software changes.
A black hat describes a threat actor who uses advanced hacking skills for malicious purposes. They exploit vulnerabilities to steal data, disrupt services, or cause harm.
As the name implies, a blocklist is a security mechanism that blocks or prohibits the execution of programs on a known malicious list. It’s also a firewall list created to block IPs with malicious reputations.
A type of malware that subverts the booting mechanism and operating system of a computer in order to avoid detection.
A collection of computers compromised by malicious code used to run a remote control agent granting an attacker the ability to take advantage of system resources. Typically used for DDOS attacks, hosting false web services or transmitting spam.
A policy allowing employees to use personal devices for work, which can introduce security risks if not properly managed.
Cyber attacks that use trial-and-error to guess login credentials and encryption keys systematically until successful.
Tools included in the basic functionality of a platform without requiring additional modifications.
A scam that uses social engineering and manipulation to trick victims into making fraudulent transactions or divulging sensitive information.
Developed by the Center for Internet Security, CIS benchmarks are comprehensive security configuration guidelines for specific technologies to help organizations fight cyber threats.
Capture The Flag (CTF), a cybersecurity exercise where participants find hidden text strings, called "flags", in vulnerable programs or websites. The Huntress CTF, is our our yearly month-long competition of daily challenges designed for experts and enthusiasts alike.
Named after the songbirds, Ransomware Canaries describe the physical or virtual devices that mimic other devices to lure attackers, helping study their behaviors.
A security checkpoint between cloud users and applications, CASB manages and enforces data security policies including authentication and encryption.
Cloud application security is the process of securing cloud-based software applications throughout the development lifecycle.
Protecting cloud-based software applications throughout their development lifecycle.
In-depth evaluations of cloud infrastructures to identify and mitigate security risks, ensuring a strong security posture.
Providing online access to shared pools of configurable computing resources like servers, storage, applications, and services.
Technologies and policies that protect data in the cloud from loss, leakage, misuse, breaches, and unauthorized access.
Policies and rules for managing cloud computing deployment, ensuring data security, system integration, and proper management.
Procedures to follow when a cybersecurity incident occurs in a cloud environment.
Principles and practices for building secure applications in the cloud, essential for modern software development.
The comprehensive framework of hardware, software, and infrastructure protecting cloud environments and their components.
Recommended practices for organizations to implement during cloud adoption to protect against cyberattacks.
Sets of guidelines and controls for securing data, applications, and infrastructure in cloud computing environments.
Continuous monitoring and removal of threats from cloud workloads and containers.
Systems, applications, and operations hosted or conducted over the internet.
The practice of writing and maintaining secure code, addressing vulnerabilities early in the development process to prevent them from reaching live environments.
Data stored on a database that is typically not quickly accessible and stored for a long period of time.
A computer used by attackers to communicate with and control compromised devices.
A lightweight package of application code with dependencies such as a specific version of programming language runtime and libraries required to run a software service. Common container software are
A small file generated by a webserver, that contains information about a user’s settings, and is stored by the user’s browser.
A brute force attack using real, stolen credentials from a data breach.
The act of stealing personal information such as usernames, passwords, and financial information to gain unauthorized access.
Digital or virtual currency, often demanded in ransomware attacks due to its decentralized and untraceable nature.
Cyber insurance is financial protection for businesses if a cyberattack happens. It can cover costs associated with data breaches like legal fees, reputation damage, and business interruption.
Any potential harm originating from an online source, aiming to damage or disrupt operations.
An attempt to infiltrate or damage an individual’s or organization’s data or information systems, often for malicious purposes.
Individuals or groups who initiate cyberattacks, also known as threat actors.
Defensive measures taken to protect data and information systems from online threats like malware and ransomware.
Registering and using an internet domain name identical or similar to trademarks, service marks, personal names, or company names with the intent of hijacking traffic for financial profit or delivering malware payloads.
Denial of Service and Distributed Denial of Service
Data Loss Prevention is a solution that detects and blocks the extraction of sensitive data by internal or external sources.
Dark web monitoring is the process of searching for and tracking your organization's information on the dark web. This includes leaked passwords, stolen credit card information, or even intellectual property. By detecting these breaches early on, people and organizations can take steps to mitigate the damage and prevent further harm.
A data breach describes a security incident where data is illegally accessed, stolen, or released by an unauthorized individual or group. This can include personal data like Social Security numbers and financial information, as well as corporate data like customer records and intellectual property.
Converting plain text into an encoded format to protect against unauthorized access.
Data exfiltration refers to the unauthorized transfer of data from a device or network. Cybercriminals use malware, insider threats, or exploiting vulnerabilities to steal data and transmit it to locations under their control. Threat actors can then use stolen data for malicious purposes like identity theft, espionage, or financial gain.
A set of policies, practices, and tools used to make sure sensitive data isn’t lost, misused, or accessed by unauthorized users. DLP solutions perform both content inspection and contextual analysis of data sent from or across corporate networks to give visibility into who is accessing data and systems (and from where) and filter data streams to restrict suspicious or unidentified activity.
You can use DLP solutions to reduce the risk of sensitive data leaking outside your organization, and some solutions go beyond simple monitoring and detection to give alerts, enforce encryption, and isolate data as needed.
Disguising confidential or sensitive data to protect it from unauthorized access through tactics like masking, encryption, and tokenization.
Compromising a training dataset used by an AI/ML model to manipulate its operation.
The ability to transfer personal data easily from one service provider to another.
Ensuring proper storage, access, retention, and security of sensitive data to meet regulatory requirements and protect confidentiality.
Data protection focuses on safeguarding personal data from corruption, compromise, or loss, while data security encompasses all measures to guard against unauthorized access to digital data.
Database monitoring involves continuously tracking database activities to optimize performance and ensure security. This combines performance monitoring like CPU usage and memory consumption, security monitoring for suspicious activities, and accessibility monitoring.
A strict security policy that blocks all actions unless explicitly permitted.
Files required for software to run, such as DLLs in Windows.
Procedures to recover data and operations following a cyberattack.
Groups with administrative rights across all domains within an organization.
A type of ransomware that threatens to release sensitive data if the ransom is not paid.
Advanced ACLs requiring user authentication before accessing resources.
Tools that monitor and record activities on devices, focusing on detecting and responding to suspicious activity.
Learn the differences between endpoint detection and response (EDR), managed detection and response (MDR) and extended detection and response (XDR).
Discover more about two of the most critical elements to every cybersecurity architecture – endpoint detection and response (EDR) and next-generation antivirus (NGAV) – and the points organizations should consider when selecting and integrating these tools.
Users typically have limited access to a system. To do certain tasks (like installing software or modifying system settings), they might need more privileges (like administrator rights). Elevation control lets users run specific applications as administrators without having admin privileges.
Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they’re more likely to open the email and click on things like malicious links or attachments.
Converting data into a coded format to prevent unauthorized access.
Devices like computers, mobile phones, and servers that connect to and communicate with a network.
Endpoint monitoring involves the continuous monitoring and management of devices that connect to a network, such as computers, mobile devices, and servers.
Security technologies such as antivirus, data encryption, and data loss prevention that work together to detect and prevent security threats.
Software designed to integrate multiple systems within an organization to streamline processes.
.svg)
