Advanced Persistent Threats (APTs) are typically initiated and executed by state actors or cybercriminal organizations with plentiful resources, and these threats have more staying power than typical, everyday threats that organizations might encounter, as they are designed to have a long-term presence in a network.
Attack surface management (ASM) involves continuous discovery, rapid analysis, remediation, and ongoing monitoring of vulnerabilities within a system and across all potential attack vectors within an organization’s attack surfaces.
Cyber insurance is exactly what it sounds like: insurance coverage to help protect businesses from the losses and impacts that could result from a cyberattack. This coverage can include things like data breaches, theft of personal identifiable information (PII), theft of data, network breaches, terrorist attacks, or attacks occurring on or against global IT or physical infrastructure (i.e., not just within the United States).
Per the National Institute of Standards and Technology (NIST), cyber security is the ability to protect or defend the use of cyberspace from the effects of cyberattacks.
This is a systematic on-premise and/or cloud-based (virtual) solution used to gather logs and collect, analyze, and store that data for security purposes.
Any technology or data source that sends telemetry to a designated platform, sensor, or log.
Endpoint Detection and Response (EDR) is a cybersecurity technology that continually monitors and responds to mitigate endpoint host cyber threats.
Endpoint Management is a broad term used to describe many administrative capabilities over endpoint devices. These are defined by a variety of factors, including:
Endpoint security is designed to identify and stop the successful deployment of malware and other endpoint attack vectors from compromising endpoint system devices. Those devices typically include users' systems like PCs, laptops, and mobile devices. At a network level, this also includes virtual and hardware applications, server database, and email servers.
The process of adding relevant contextual information to improve the value of detection event/alert data.
A security source providing security-related event occurrences within a customer’s environment.
An organized approach to addressing and managing what happens after a security breach or cyberattack, also known as an IT incident, computer incident, or security incident occurs. The goal is to manage the situation to reduce and limit damage, and to minimize recovery time and costs.
The importing of relevant data files at scale from multiple sources to aid immediate or longer-term analytics results within a cloud-based platform — sometimes refers to data that has yet to be normalized.
A platform’s interaction and combining of separate internal or external components so the data, events or other information may be used by the platform.
A cybersecurity strategy or approach to secure or protect against cyberattacks targeted at physical IoT devices that are connected to a network – these can include everything from cameras and printers to TVs and home appliances — even toasters and crockpots.
Any event(s) that are used to provide meaningful support to an investigation and any decision being made.
Managed Detection and Response (MDR) is a managed service providing cooperative detection and response. Some MDR services use EDR to provide this service, while some use XDR technology to provide customers extended detection and response.
Managed Detection and Response (MDR) is a service often offered by MSSPs who are organizations that act as Managed Security Services Providers. MSSPs usually provide other security services as well as MDR.
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics, techniques and procedures (TTPs) based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the cybersecurity product and service community.
This is any ingested, unstructured data that has then been put into a standardized format so it may be used on its own or with other datasets.
An authorized simulated cyberattack on one or more computer systems, performed to evaluate the security of the systems and to check for exploitable vulnerabilities.
The process of switching from one dataset to another using a field’s value.
A holistic evaluation of your systems to determine your organizational readiness for a ransomware incident.
The critical first step when ransomware is discovered in your system, typically using malware analysis, automation, or any other technique that helps detect malicious files.
Risk-based vulnerability management is a strategy for handling the myriad of vulnerabilities on a typical enterprise network, according to the risk each individual vulnerability poses to an organization.
Risk-based vulnerability management is designed to address two key objectives:
Security Information and Event Management (SIEM) is a cybersecurity solution designed to help organizations correlate and analyze logs to uncover hidden threats, collecting event log data and identifying suspicious or abnormal activity. SIEM can also be used by organizations with specialized compliance concerns.
A Security Operations Center (or SOC) is a physical or virtual facility or platform housing an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. A SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. SOCs are typically staffed with security analysts and engineers, as well as managers who can oversee all security operations. Staff work closely with organizational Incident Response teams to ensure that security issues are addressed quickly upon discovery.
Solutions that help identify cyber threats or breaches across your systems, typically by analyzing the behavior of system users — thus helping improve overall security and stopping threats.
To proactively and iteratively discover current or historical threats that evade existing security mechanisms and then use that information to develop future countermeasures and increase cyber resilience.
Data produced, analyzed, and validated by our Counter Threat Unit™ researchers and automatically correlated against your telemetry to ensure you are protected from the latest threats and adversary behaviors.
Any notification that a 3rd party vendor considers to be a security incident.
Vulnerability management is the process of continuously identifying, evaluating, treating and reporting vulnerabilities within a particular network or environment.
Extended Detection and Response (XDR) is an advanced security analytics tool that enables organizations or MDR providers to detect advanced threats, generate accurate alerts, collaborate on and streamline investigations, and automate the correct response action(s).