Cybersecurity is becoming increasingly important in today’s world. Explore our Cybersecurity 101 glossary to learn more.
Malicious software that may either use legitimate tools, or embed code in legitimate files, making detection difficult.
Software or hardware that filters network traffic to prevent unauthorized access to an organization's network. A firewall acts as an outer barrier that either allows or blocks network traffic based on a predefined set of rules. It scans specific data packets—units of communication sent over networks—for malicious code or known threats. Should a data packet be flagged, the firewall prevents it from entering the network.
Methods used by threat actors to reinstall malware on a device after it has been cleaned. Also known as “Persistence Mechanisms.”
A macOS TCC permission that allows software to access sensitive user information.
Google Cloud Platform is one of the 3 major cloud providers.
A European Union regulation on information privacy that governs how personal data of individuals in the EU can be processed and transferred.
Exploiting weaknesses in Kerberos to gain unauthorized access to Windows Active Directory controls, requiring initial system access.
A U.S. federal law established in 1996 that mandates the protection and confidential handling of individuals' medical information.
Cybersecurity mechanisms that use decoy targets to lure cybercriminals away from legitimate targets, gathering intelligence on their identity, methods, and motivations.
A form of network security that uses known intrusion signatures to detect and analyze both inbound and outbound network traffic for abnormal activities. An IDS focuses on monitoring for malicious intent or signs of compromise, and when detected, will send alerts to the system administrators or security personnel. Intrusion detection systems are designed to warn of suspicious activity taking place but they don’t prevent it. HIDS (Host-based Intrusion Detection) and NIDS (Network-based Intrusion Detection can also be used, which are IDS tools used specifically for either the endpoints (host) or network.
A unique identifier for a device connected to the internet, represented as a string of numbers and characters.
Intrusion Prevention System is a form of network security that can identify malicious activity, collect information about said activity, report it and attempt to block or stop it. An IPS works by actively scanning and analyzing network traffic for malicious activities and known attack patterns. Similar to an IDS, intrusion prevention systems are designed to warn of suspicious activity, but the key difference is that they can also take automated action and respond to active threats based on a predetermined set of rules.
Identity Threat Detection and Response (ITDR) is a cybersecurity framework that helps protect user identities and systems from cyberattacks.
A cybersecurity discipline that focuses on helping organizations and individuals protect their identity infrastructure and assist with remediation related to identity-centric attacks.
Infrastructure-as-a-Service is a type of cloud computing where the provider offers the customer the ability to create virtual networks within a cloud-based computing environment.
Strategies and procedures for responding to cyber threats and attacks in a network.
Policies and procedures to protect sensitive data from unauthorized access.
The point of entry into a network or system; Process by which an adversary gains entry (the initial foothold) to a victim’s network or system.
The capability of different computers and software systems to work together and exchange data.
Enabling something only when needed and disabling it when no longer required.
An authentication protocol that verifies the identity of users and hosts.
The software to record keystrokes remotely on a physical keyboard used by an attacker to capture passwords or critical information.
A network of electronic devices in the same physical location.
LOLBins stands for Living Off the Land Binaries. These are legitimate, pre-installed programs or tools that come with the operating system (like Windows or MacOS). Attackers exploit these legitimate tools for malicious purposes instead of introducing new, suspicious files.
Giving users the minimum access necessary to perform their job functions.
Enables computers to learn from data and make decisions or predictions without being programmed to do so.
email spam that is used to deliver malware.
Malicious software designed to harm a computer, network, or server.
The process of understanding the behavior and purpose of suspicious files or URLs to help detect and mitigate potential threats.
A type of cyber attack a threat actor uses to put themselves in the middle of two parties, normally a user and an application to intercept their communications or data exchanges to use for malicious purposes.
A cybersecurity service combining technology and human expertise to perform threat hunting, monitoring, and response. MDR technology collects and analyzes information from logs, events, networks, endpoints and user behavior—which is then paired with a team of experts who can take over to validate incidents, escalate critical events and provide recommended response actions so threats can be quickly remediated. MDR services are managed or co-managed by an outside partner to provide value to organizations that either have limited resources or lack the expertise to keep eyes on all of their potential attack surfaces.
Third-party organizations providing outsourced security services.
Enrolling business devices in a SaaS that allows for easily deploying software to a large number of devices at once. Primarily used on macOS.
An authentication method that requires users to provide two or more verification factors before granting access or signing in. These factors can include something only the user would know (e.g., password/PIN), something only the user would have (e.g., token) or something only the user is (e.g., biometric). MFA then uses these factors to confirm the identity of someone who is requesting access to an application, website or another resource. MFA is a key factor in account takeover defense.
U.S. agency advancing measurement science, standards, and technology to enhance economic security.
Endpoint firewalls that enable total control over network traffic using dynamic ACLs.
An integrated network security solution designed to detect threats and suspicious behavior on an organization's networks using non-signature-based techniques (such as machine learning and other analytical techniques). NDR solutions track north/south network traffic that crosses the perimeter, as well as east/west lateral traffic to establish a baseline of normal behavior and raise alerts when anomalous behavior is detected. NDR solutions give security teams real-time visibility and awareness over network traffic and the ability to respond to perceived threats.
An expanded version of antivirus that goes beyond performing signature-based detection—typically by incorporating some type of advanced technology—to prevent a wider range of attacks. Unlike traditional AV, next-generation AV focuses on events (files, processes, applications, network connections, etc.) to help identify malicious intent or activity. NGAV has emerged in recent years to address the proliferation of new types of malware and viruses that can easily bypass traditional AV.
Open Web Application Security Project an internet community focused on understanding web technologies and exploitations. Can also be known as the OWASP Top 10.
Understanding a system's internal state by observing its external outputs.
On-premises is a physical infrastructural setup deployed, running, and maintained within the confines of an organization typically in a datacenter or COLO (Colocation Facility).
Gathering and analyzing publicly available data for intelligence purposes.
Packet Capture is a network practice of intercepting data packets traveling over a network which are stored and analyzed by a security team.
Payment Card Industry Data Security Standard is a set of rules and guidelines for companies who handle credit card transactions to keep such information safe and secure.
Platform-as-a-Service is a complete cloud environment that includes everything developers need to build, run and manage applications.
Software that stores and protects confidential information like usernames and passwords for local applications and online services. A password manager will house a user’s passwords, as well as other information, in one convenient location with one master password. Also, it can assist in generating and retrieving complex passwords.
Penetration testing is a security exercise where a security expert attempts to find and exploit vulnerabilities on a computer system. Pen tests are different from vulnerability scans as there is an actual attempt at exploit while vulnerability scans simply report on possible vulnerable code, applications, configurations or operating systems.
See Footholds.
Malicious attempts to trick users into revealing sensitive information through deceptive emails or links.
A system or router that acts as a middleman between a user and the internet.
Advanced computing using quantum-mechanical phenomena, significantly different from classical computing.
Malicious software that encrypts data and demands payment for its release.
A group of internal or external IT experts used to simulate the actions of adversarial malicious attacks on a network, as an exercise.
Accessing network resources from a geographical distance through a network connection.
Switched Port Analyzer is a dedicated port on a switch that takes a mirrored copy of network traffic from within the core switch or firewall to be sent to a destination. Commonly used to review network traffic using software such as WireShark.
A cyberattack that injects malicious SQL code into an application to view or modify a database.
Software-as-a-Service is a software licensing model which allows access to software on a subscription basis using external servers.
SIEM stands for security, information, and event management. SIEM is a software solution that aggregates and analyzes activity from many different sources across an entire IT infrastructure. A SIEM gathers immense amounts of data from an entire networked environment, then consolidates and makes that data human accessible. With the data categorized and laid out, SIEM solutions are often used by security operation centers (SOCs) to streamline visibility across an environment, centralize data for security monitoring and investigate logs and events for incident response.
A centralized unit that deals with security issues on an organizational and technical level. SOCs are typically staffed with a team of domain experts (either in-house or outsourced) who focus on preventing, detecting, analyzing and responding to cybersecurity incidents. A SOC acts as a central command post that continuously monitors an organization’s environments and toolsets and improves its security posture. Learn more about what the Huntress SOC brings to your tech stack.
A collection of software solutions and tools that aggregate security intelligence and context from disparate systems, and applies machine intelligence to streamline (or even completely automate) the threat detection and response process. SOAR combines three software capabilities: the management of threats and vulnerabilities (orchestration), automating security operations (automation) and responding to security incidents (response). Due to its aggregation and automation capabilities, SOAR solutions are often used by security operation centers (SOCs) to collect threat-related data from a range of sources and automate the responses to certain threats.
A time-limited conversation between two or more devices over the internet.
An attack where a threat actor manipulates a session token to gain unauthorized access to information.
Targeted phishing attacks using researched information to deceive specific individuals.
An open source detection engine that acts as an IDS (Intrusion Detection System).
A protocol that computer systems use to send event data logs to a central location for storage.
A database stored locally on macOS computers designed to restrict software from accessing sensitive user information. Commonly used for applying Full Disk Access for software.
Transmission Control Protocol/Internet Protocol is a set of standardized rules that allow computers to communicate on a network such as the internet
Individuals or groups conducting cyber attacks with malicious intent.
The practice of proactively searching through environments across various telemetry for threats to detect and isolate advanced threats that evade existing security solutions. Threat hunting combines technology, threat intelligence and methodical humans to find and stop malicious activities. Generally, threat hunting is performed by security analysts, or threat hunters, who use their highly tuned skills to zero in on potential threats or attackers who have snuck into a protected environment.
Securely moving network packets from one location to another.
User and Entity Behavior Analytics is a cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of users as well as routers, servers and endpoints in a network.
Access gained by a person or entity that does not have permission to connect to or use a system and perform malicious actions.
Combining multiple logs into a single location for centralized viewing and analysis.
A virtual computer image that behaves like an actual computer that can run its own separate computing environment typically inside of a server. Common virtual machine software are
An encrypted tunnel for secure network resource access.
Typically short for voice phishing is the use of fraudulent phone calls to trick a victim into providing sensitive data such as login credentials, credit card numbers, or bank details.
Weaknesses in software or hardware that can be exploited by malicious actors.
Using non-harmful tools or documents maliciously to inflict harm.
A tool that helps protect web-based applications, mobile apps, and APIs from cyber attacks by filtering and monitoring HTTP traffic between them and the Internet.
XDR is an acronym for extended detection and response. XDRs collect and correlate data from a variety of sources, including endpoints, cloud workloads, networks, and emails to help mitigate cyber threats, unauthorized access, and other forms of misuse. XDRs are usually comprised of EDRs, NDRs, NGAVs and cloud monitoring tools, and have some ability of log aggregation and orchestration across what it detects.
A code injection attack where malicious code is inserted into a legitimate website.
Pattern-matching rules used to identify malware families by analyzing binaries.
A Zero Trust Architecture refers to the way network devices and services are structured to enable a Zero Trust security model.
ZTNA is an IT technology solution that requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Zero Trust is a security concept that requires all users to be authenticated and authorized before being granted access to applications and data.
Security vulnerabilities unknown to developers, exploited by attackers before a fix is released.
.svg)
