Snatch Ransomware Explained - CISA Alert AA23-263A
Read More
Welcome to our cyber security glossary! This page is designed to help you navigate the complex and ever-evolving world of cyber security. With technology playing an increasingly important role in our lives, it's more important than ever to understand the terminology and concepts that underpin our digital world. Whether you're a seasoned cyber security professional or just getting started, this glossary is a valuable resource for understanding the key terms and ideas you'll encounter in the field.
An advanced persistent threat (APT) is a sophisticated adversary that utilizes stealthy attack techniques to maintain an unnoticed and enduring presence within a target network or system, enabling them to persistently accomplish their objectives over an extended period without detection.
Adversary emulation is a cybersecurity assessment method, testing an organization’s security controls against tactics, techniques, and procedures (TTPs) used by threat actors targeting its industry and region.
Attack Path Validation is the process of identifying, analyzing, managing and validating attack paths that adversaries can take within a network, providing a comprehensive view of cybersecurity risks and enabling targeted risk mitigation.
The attack path visualization is a graphical representation of possible attack paths that an adversary could take to compromise an asset from any entry point on the target system.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc nibh magna, placerat et dui vel, sagittis tempor nisi. Nam sagittis convallis mi, in rhoncus velit fermentum commodo. In lacinia ac dui eget bibendum. Ut consectetur commodo hendrerit. Phasellus semper consectetur dolor aliquam pellentesque. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Quisque mattis bibendum consequat. Suspendisse nec tellus pulvinar, mattis est quis, euismod ligula. Etiam sollicitudin in erat id congue. Aenean est magna, posuere sit amet orci quis, posuere aliquam nibh. Mauris finibus viverra magna et aliquet. Vivamus convallis lacus velit, sed blandit magna finibus in. Aenean at tempor leo, ac lobortis turpis. Suspendisse volutpat augue orci, id placerat justo auctor vel. Morbi quis purus sed nunc laoreet rutrum nec at urna.
An attack surface is the total sum of attack vectors within a system, network, or organization that an adversary could exploit to achieve their objective.
Attack surface management is a process of continuously discovering, analyzing, and mitigating potential attack vectors that sums up an organization’s digital and physical attack surface
Automated penetration testing is a cybersecurity process that uses software tools to simulate cyberattacks on a system, network, or application within an organization's IT environment to identify and remediate vulnerabilities before adversaries can exploit them.
Automated red teaming is a proactive cybersecurity approach that uses automation to simulate adversarial attack scenarios against an organization's information systems.
Automated Security Control Assessment is the process of continuously evaluating security solutions with non-destructive attack simulations.
Blue teaming is a cybersecurity process that refers to strategic and proactive engagement in safeguarding an organization's digital infrastructure.
Breach and Attack Simulation (BAS) is an automated cybersecurity assessment approach that continuously and proactively simulates real-world cyber threats to evaluate and improve the security posture of an organization.
Cloud Security Posture Management (CSPM) is a proactive cloud security approach that focuses on the identification, management, and mitigation of risks in cloud environments.
CVSS stands for Common Vulnerability Scoring System. CVSS is a widely-adopted, standardized methodology used by cybersecurity professionals to systematically evaluate, measure, and convey the severity of software vulnerabilities.
CVE stands for Common Vulnerability and Exposure. CVE is a standardized, unique identifier assigned to security vulnerabilities or exposures in software and hardware products.
Continuous Security Validation is a proactive cybersecurity approach involving consistent assessment and validation of an organization's security controls for prioritized remediation actions.
Continuous Threat Exposure Management (CTEM) is a five-step process that helps organizations continuously monitor, assess, and reduce security risks by enhancing their security posture through scoping, discovery, prioritization, validation, and mobilization.
Cyber Asset Attack Surface Management (CAASM) is an approach to asset visibility, enabling security teams to proactively manage cyber threats.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc nibh magna, placerat et dui vel, sagittis tempor nisi. Nam sagittis convallis mi, in rhoncus velit fermentum commodo. In lacinia ac dui eget bibendum. Ut consectetur commodo hendrerit. Phasellus semper consectetur dolor aliquam pellentesque. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Quisque mattis bibendum consequat. Suspendisse nec tellus pulvinar, mattis est quis, euismod ligula. Etiam sollicitudin in erat id congue. Aenean est magna, posuere sit amet orci quis, posuere aliquam nibh. Mauris finibus viverra magna et aliquet. Vivamus convallis lacus velit, sed blandit magna finibus in. Aenean at tempor leo, ac lobortis turpis. Suspendisse volutpat augue orci, id placerat justo auctor vel. Morbi quis purus sed nunc laoreet rutrum nec at urna.
Data leakage is the unintentional exposure of sensitive data either in transit, at rest, or in use.
Detection Rule Validation (DRV) is an automated solution that analyzes detection rules, identifying quality and performance issues to facilitate effective end-to-end detection for SOC teams.
Exposure management is a proactive cybersecurity approach that focuses on identifying, assessing, and addressing potential vulnerabilities and security risks before they can be exploited by adversaries.
External Attack Surface Management (EASM) is a comprehensive approach to identifying, analyzing, prioritizing, and mitigating vulnerabilities associated with an organization’s external-facing digital assets.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc nibh magna, placerat et dui vel, sagittis tempor nisi. Nam sagittis convallis mi, in rhoncus velit fermentum commodo. In lacinia ac dui eget bibendum. Ut consectetur commodo hendrerit. Phasellus semper consectetur dolor aliquam pellentesque. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Quisque mattis bibendum consequat. Suspendisse nec tellus pulvinar, mattis est quis, euismod ligula. Etiam sollicitudin in erat id congue. Aenean est magna, posuere sit amet orci quis, posuere aliquam nibh. Mauris finibus viverra magna et aliquet. Vivamus convallis lacus velit, sed blandit magna finibus in. Aenean at tempor leo, ac lobortis turpis. Suspendisse volutpat augue orci, id placerat justo auctor vel. Morbi quis purus sed nunc laoreet rutrum nec at urna.
MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK).
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is a component of the MITRE ATT&CK framework, which provides a structured approach to classifying and understanding cyber threats.
Penetration testing is a systematic process of evaluating an organization's cybersecurity posture by simulating real-world cyberattacks on its IT infrastructure, networks, applications and its human resources.
Purple Team is a mindset that combines the efforts of red and blue teams in cybersecurity, enabling them to work together to simulate attacks, identify vulnerabilities, and enhance the organization's overall security posture.
A Red Team is a group of authorized offensive security professionals who carry out real-world attack simulations that mimic the tactics, techniques, and procedures (TTPs) used by sophisticated adversaries to identify the potential attack paths that an attacker can take to compromise an organization's network and systems.
Ransomware is a type of malicious software designed to hold a computer system or data hostage until a sum of money, or ransom, is paid.
Security control effectiveness is a measure that demonstrates how effectively the existing security controls and defense measures within an organization can prevent, detect, or respond to a cyberattack.
Security Control Rationalization is a continuous process that involves evaluating and adjusting security controls to align them with business objectives, optimize their performance, and ensure they remain effective against emerging threats.
Security Control Validation is a continuous security assessment approach that evaluates the effectiveness of an organization's prevention and detection layer solutions against external threats.
A Sigma rule is an open-source, generic signature format used in cybersecurity, specifically for the creation and sharing of detection methods across Security Information and Event Management (SIEM) systems.
Vulnerability prioritization is the process of identifying vulnerabilities and prioritizing their remediation based on potential impact, exploitability, and other contextual factors such as asset information, severity, business-critical impact, and threat intelligence.