Glossary
Expand your knowledge of the cybercrimes with our technical content from our very own SOC team. The Cybanetix Glossary will break down each confusing cyber security acronym one at a time. The growing library will help you to learn new concepts evolving in cybersecurity core topics. Allowing you to leverage our expertise and secure your business, people and network.
SIEM
[/siii/mmmmm] Noun – Security Information and Event Management
Security information and event management (SIEM) is a subsection within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.
Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes.
MDR
[emm/dee/arr] Noun – Managed Detect and Response
Managed detection and response (MDR) providers deliver 24/7 threat monitoring, detection and lightweight response services to customers leveraging a combination of technologies deployed at the host and network layers, advanced analytics, threat intelligence, and human expertise in incident investigation and response. MDR providers undertake incident validation, and can offer remote response services, such as threat containment, and support in bringing a customer’s environment back to some form of “known good.”
MDR services offer turnkey threat detection and response via modern, remotely delivered, 24/7 security operation centre capabilities and technologies.
SOC
[/sss/ook] Noun – Security operations center
A security operations center (SOC) is a command center facility for a team of information technology (IT) professionals with expertise in information security (infosec) who monitors, analyzes and protects an organization from cyber attacks.
In the SOC, internet traffic, networks, desktops, servers, endpoint devices, databases, applications and other systems are continuously examined for signs of a security incident. SOC staff may work with other teams or departments but are typically self-contained with employees that have high-level IT and cybersecurity skills or outsourced to third-party service providers. Most SOCs function around the clock, with employees working in shifts to constantly log activity and mitigate threats.
UEBA
[you/ee/bee/eyy] Noun – User and Entity Behaviour Analytics
UEBA stands for User and Entity Behavior Analytics and was previously known as user behaviour analytics (UBA). UEBA uses large datasets to model typical and atypical behaviours of humans and machines within a network. Defining such baselines can identify suspicious behaviour, potential threats, and attacks that traditional antivirus may not detect. This means UEBA can detect non-malware-based attacks, because it analyzes various behavioural patterns. UEBA also uses these models to assess the threat level, creating a risk score that can help guide the appropriate response. Increasingly, UEBA uses machine learning to identify normal behaviour and alert to risky deviations that suggest insider threats, lateral movement, compromised accounts and attacks.
XDR
[/ieks/dee/arr] Noun – Extended Detect and Response
Stealthy threats evade detection. They hide between security silos amid disconnected solution alerts and propagate as time passes. In the meantime, security analysts try to triage and investigate with narrow, disconnected attack viewpoints.
XDR breaks down these silos using a holistic approach to detection and response. XDR collects and correlates detections and deep activity data across multiple security layers – email, endpoint, server, cloud workloads, and network. Automated analysis of this superset of rich data detects threats faster. As a result, security analysts are equipped to do more thorough investigations and take quick action.
Anti Virus
[/ee/dee/rr] Noun – Your first line of protection
Antivirus is a kind of software used to prevent, scan, detect and delete viruses from a computer. Once installed, most antivirus software runs automatically in the background to provide real-time protection against virus attacks.
Comprehensive virus protection programs help protect your files and hardware from malware such as worms, Trojan horses and spyware, and may also offer additional protection such as customizable firewalls and website blocking.
edr
[/ee/dee/rr] Noun – Endpoint detection and response
Endpoint detection and response (EDR) is a system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and facilitating a quick response to discovered or potential threats. The term “endpoint detection and response” only describes the overall capabilities of a tool set. Therefore, the details and capabilities of an EDR system can vary greatly depending on the implementation.
The historical data collected by endpoint detection and response tools can provide peace of mind and remediation for actively exploited zero-day attacks, even when a mitigation isn’t available. The IT security industry considers EDR a form of advanced threat protection.
SOAR
[/ss/ore] Noun – Security Orchestration, Automation and Response
SOAR stands for Security Orchestration, Automation, and Response. SOAR platforms are a collection of security software solutions and tools for browsing and collecting data from a variety of sources. SOAR solutions then use a combination of human and machine learning to analyze this diverse data in order to comprehend and prioritize incident response actions.
The term is used to describe three software capabilities – threat and vulnerability management, security incident response and security operations automation. SOAR allows companies to collect threat-related data from a range of sources and automate the responses to the threat. The term was originally coined by Gartner, who also defined the three capabilities. Threat and vulnerability management (Orchestration) covers technologies that help amend cyber threats, while security operations automation (Automation) relates to the technologies that enable automation and orchestration within operations.
Email Security
[ee-mayl / suh·kyuor·ruh·tee] Verb – Electronic mail protection protocols
Email security describes different techniques for keeping sensitive information in email communication and accounts secure against unauthorised access, loss or compromise. Email is often used to spread malware, spam and phishing attacks. Attackers use deceptive messages to entice recipients to part with sensitive information, open attachments or click on hyperlinks that install malware on the victim’s device. Email is also a common entry point for attackers looking to gain a foothold in an enterprise network and obtain valuable company data.
Security Awareness Training
[uhb.ZUR.vuh.BIL.uh.tee/plat·fawm] Noun – Magnifying your issues in the cloud.
Security awareness training is a strategy used by IT and security professionals to prevent and mitigate user risk. These programs are designed to help users and employees understand the role they play in helping to combat information security breaches. Effective security awareness training helps employees understand proper cyber hygiene, the security risks associated with their actions and to identify cyber attacks they may encounter via email and the web.
Observability Platform
[uhb.ZUR.vuh.BIL.uh.tee/plat·fawm] Noun – Magnifying your issues in the cloud.
Observability is defined as the ability of the internal states of a system to be determined by its external outputs. With the unknown unknowns of our software’s failure modes, we want to be able to figure out what’s going on just by looking at the outputs: we want observability.
Typically used in cloud computing security or, more simply, cloud security. The platform refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing.
Firewall
[fai/uh/wawl] Noun – A virtual wall of fire
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.
Firewalls can either be software or hardware, though it’s best to have both. A software firewall is a program installed on each computer and regulates traffic through port numbers and applications, while a physical firewall is a piece of equipment installed between your network and gateway.
Sandboxing
[ˈsan(d)ˌbäksiNG] Noun – Virtual playground
A sandbox is an isolated testing environment that enables users to run programs or execute files without affecting the application, system or platform on which they run. Software developers use sandboxes to test new programming code. Cybersecurity professionals use sandboxes to test potentially malicious software. Without sandboxing, an application or other system process could have unlimited access to all the user data and system resources on a network.
Sandboxes are also used to safely execute malicious code to avoid harming the device on which the code is running, the network or other connected devices. Using a sandbox to detect malware offers an additional layer of protection against security threats, such as stealthy attacks and exploits that use zero-day vulnerabilities.3
MDM
[em/dee/em] Noun – Mobile device management
Mobile device management (MDM) is software that allows IT administrators to control, secure and enforce policies on smartphones, tablets and other endpoints.
MDM is a core component of enterprise mobility management, which also includes mobile application management, identity and access management, and enterprise file sync and share. The intent of MDM is to optimize the functionality and security of mobile devices within the enterprise while simultaneously protecting the corporate network.
WAN
[fai/uh/wawl] Noun -Wide Area Network
A wide area network (WAN) is a telecommunications network that extends over a large geographic area for the primary purpose of computer networking. Wide area networks are often established with leased telecommunication circuits.
Businesses, as well as schools and government entities, use wide area networks to relay data to staff, students, clients, buyers and suppliers from various locations across the world. In essence, this mode of telecommunication allows a business to effectively carry out its daily function regardless of location. The Internet may be considered a WAN.
MFA
[emm/aeff/iaa] Noun – Multi-Factor Authentication
Multifactor authentication (MFA) is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Multifactor authentication combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification methods.
In the past, MFA systems typically relied on two-factor authentication (2FA). Increasingly, vendors are using the label multifactor to describe any authentication scheme that requires two or more identity credentials to decrease the possibility of a cyber attack. Multifactor authentication is a core component of an identity and access management framework.
IDAM
[/eye/damn] Noun – Identity Access Management
Identity and access management, is a framework of policies and technologies for ensuring that the right users (in an enterprise) have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources, but also the hardware and applications employees need to access. Identity and access management solutions have become more prevalent and critical in recent years as regulatory compliance requirements have become increasingly more rigorous and complex.
Data Security
[/day-tuhh/suh·kyuor·ruh·tee] Verb – Protecting the very thing that makes your business tick
Data security refers to the process of protecting data from unauthorized access and data corruption throughout its lifecycle. Data security includes data encryption, hashing, tokenization, and key management practices that protect data across all applications and platforms.
Organizations around the globe are investing heavily in information technology (IT) cyber security capabilities to protect their critical assets. Whether an enterprise needs to protect a brand, intellectual capital, and customer information or provide controls for critical infrastructure, the means for incident detection and response to protecting organizational interests have three common elements: people, processes, and technology.
Insider Threat Detection
[uhn·sai·duh/thret/duh·tek·shn] Noun – Finding what and where you are the most vulnerable
An insider threat is a security risk to an organization that comes from within the business itself. It may originate with current or former employees, contractors or any other business associates that have – or have had – access to an organization’s data and computer systems. Because it originates from within and may or may not be intentional, an insider threat is among the costliest and hardest to detect of all attack types.
WAF
[wo/aaa/fth] Noun – Web Application Firewall
A WAF (web application firewall) is a filter that protects against HTTP application attacks. It inspects HTTP traffic before it reaches your application and protects your server by filtering out threats that could damage your site functionality or compromise data.
As companies and users increasingly rely on web applications, such as web-based email or e-commerce functionality, application-layer attacks pose a greater risk to productivity and security. Therefore, a WAF is crucial to protect against rapidly emerging web security threats.
Phishing
[fi·shuhng] Verb – A virtual animal
Phishing is a type of social engineering attack in which cybercriminals trick victims into handing over sensitive information or installing malware. More often than not they do this via malicious emails that appear to be from trusted senders.
While technical security measures continue to improve, phishing remains one of the cheapest and easiest ways for cyber criminals to gain access to sensitive information. Simply by clicking a link, victims can endanger their company’s security and put themselves at risk of identity theft. They might also compromise their personal information, login credentials such as usernames and passwords, and financial information, including credit card numbers.