Glossary of Cyber Security Terms
Access List Control (ACL)
A list that defines who or what can access a specific resource on the network. ACLs are an important measure to protect against unauthorized access.
Advanced Encryption Standard (AES)
AES is a standard form of data encryption that is commonly used in many of today’s applications to protect digital data.
Advanced Persistent Threat (APT)
A cyber attack that “sits” in your network over time (that’s the persistent part), usually with the purpose of stealing sensitive data.
Malware that causes unwanted ads to be shown while your browser is open. Some adware also tracks your browsing activity.
The number of entrypoints within a network where a cybercriminal might enter or extract data represent the network’s attack surface.
If you think of a network connection as a pipe, bandwidth is the amount of data that can flow through that pipe in a one-second interval. For example, 1 Gbps (gigabit per second) bandwidth means that one gigabit of data can pass through a connection in one second.
To ensure that mission-critical communications have priority, network administrators can allocate specific amounts of bandwidth to an application. This is known as bandwidth control.
Sometimes referred to as user behavior analysis (UBA), this security practice looks at how a transaction or user behaves during a session to determine if the transaction is suspicious.
Border Gateway Protocol (BGP)
This is the protocol used to connect two networks for secure communications via gateways that usually sit at the border of the network.
A bogon is an IP packet that originates from a bogus IP address. Sometimes, bogons are simply misconfigured IP packets, but more often they are malicious packets because their IP address cannot be traced back to a legitimate host.
A network of “robots” – endpoints that have been hijacked and can be controlled remotely by an unauthorized party to mount large-scale attacks such as denial-of-service (DoS) attacks. Note that a compromised computer may appear normal to the user, and can mount a DoS attack while the legitimate owner is unaware.
Bring Your Own Device (BYOD)
BYOD is the practice of allowing employees to use their personal device (smartphone, tablet, laptop) for work instead of a work-provided device. BYOD creates a variety of security concerns because of the mixed business/personal nature of the device and the information stored on it.
Command and Control (C&C/C2)
In security parlance, this is the practice of controlling a compromised device (e.g., a bot or infected device) using commands from a remote device.
A digital certificate is like an electronic signature that validates the authenticity of a user, website or application.
Certificate Authority (CA)
CAs provide authentication/validation of digital identities through digital certificates, acting as a trusted third party.
A cipher is the algorithm used to encrypt and decrypt information.
Cloud Access Security Broker (CASB)
CASBs are gateways that sit between an enterprise network and the cloud to broker security policies between the two, essentially allowing enterprises to enforce their security policies in the cloud.
Cloud Access Security Inspection (CASI)
CASIs allow cloud users to enforce security policies on specific cloud applications such as Amazon, Dropbox and YouTube.
A software-based firewall deployed in the cloud. Cloud firewalls have advantage over traditional hardware-based firewalls, such as the ability to scan encrypted traffic in real time.
Cloud Governance and Compliance
A set of security policies and regulations that determine how cloud workloads and data should be protected.
The marketing practice of claiming that a solution is cloud-native or built for the cloud when, in fact, it is not.
Community Emergency Response Team (CERT)
A community-wide team, often made of volunteers, who are mobilized to respond to a community crisis, natural disaster or other emergency.
A network breach that results in data theft by an unauthorized third party.
Denial-of-Service (DoS) / Distributed DoS (DDoS) Attack
A DoS attack is a cyber attack mounted from a single endpoint (usually, a computer) that looks to flood a server with requests and, thus, deny service to other users. A DDoS attack has the same intent, but is mounted from multiple endpoints.
Data Loss Prevention (DLP)
DLP security mechanisms prevent data exfiltration by protecting data at rest and in motion and blocking attempts to steal this data.
Domain Name System (DNS)
The Domain Name System is used to map an IP address (e.g., 188.8.131.52) to an Internet domain name (www.heyimhere.com). User requests to access the domain are handled by a DNS server.
A method for converting data into an unreadable format using a special key/code.
Endpoint Detection and Response (EDR)
EDR tools scan endpoints for malware and other security issues, and respond accordingly (e.g., quarantining the endpoint, attempting to remove malware).
A security solution that protects networks from infected/compromised endpoints, particularly those from authorized users.
File Transfer Protocol (FTP)
A longstanding protocol used for transferring files from one host to another over a network.
Full Mesh Topology
A network architecture where every node connects to every other node in a complex mesh, providing network redundancy should one or more nodes fail.
Unlike standard encryption, which can be encrypted and decrypted using a key, a hash cannot be decrypted; it is a one-way form of encryption that is used for tasks such as storing passwords. There are multiple hash methods, with SHA-256 being a popular method for high-security requirements.
Health Information Portability and Accountability Act (HIPAA)
Passed by U.S. Congress in 1996, HIPAA mandates the security guidelines by which a patient’s health information may be shared, stored and secured.
Hypertext Transfer Protocol (HTTP) / Hypertext Transfer Protocol Secure (HTTPS)
HTTP is the main protocol for exchanging and accessing information on the Worldwide Web. HTTPS is an HTTP transaction encrypted with Transport Layer Security (TLS) for more protection.
Incident Response (IR)
The process by which a security incident response team (SIRT) addresses a particular threat, such as an infected endpoint or a data breach.
Internet Control Message Protocol (ICMP)
ICMP is a commonly used protocol for network communications, such as error messages. Because many firewalls will ignore ICMP tunnels, ICMP-based attacks are frequently used by cyber criminals.
Internet Key Exchange (IKE)
IKEv2 is a secure, standard protocol for exchanging keys used for encryption and authentication.
Internet Protocol security (IPsec)
IPsec is a secure suite of network protocols that are used for encrypting IP packets, such as those sent or received in a VPN.
A type of malware that covertly registers the keystrokes on a device in order to steal passwords or other information.
MAC (Media Access Control) Address
In order to communicate on a network, a device needs two addresses: an IP address for the device itself, which resides in software; and a MAC address, which is associated with the device’s network interface card (NIC).
Any software that is designed to harm a user (e.g., steal information, delete data, lock users out of their device) is referred to as malware. It’s a portmanteau of “malicious software.”
This is malware targeted specifically to mobile devices and mobile operating systems.
Multifactor Authentication (MFA)
MFA has increasingly become a security standard, requiring that users provide two sets of security credentials (e.g., password + one-time security code delivered to a trusted device) for authentication.
A cloud architecture in which a single server acts as a shared resource for multiple customers who may be separated by logical or other types of partitions.
Network Address Translation (NAT)
NAT masks internal IP addresses from the outside world by presenting a single IP address to devices outside the network, and then rerouting packets to the individual IP addresses within the network using port forwarding.
Next-Generation Antivirus (NGAV)
As its name implies, NGAV software uses next-generation security technologies such as artificial intelligence and machine learning to defend against viruses.
Next-Generation Firewall (NGFW)
An NGFW is an enhanced firewall that features application-level inspection, intrusion prevention and other capabilities beyond those of a standard firewall.
NIST (National Institute of Standards and Technology)
The NIST security standards are a non-enforced but broadly accepted system of security best practices for organizations around the world.
Any port number on a device that is set up to accept packets is called an open port, while a port that is configured to ignore/deny packets is referred to as a closed port. Cyber criminals can find out which ports are open using a technique known as port scanning.
A packet is a unit of data that is sent or received in an IP-based communication.
PCI DSS (Payment Card Industry Data Security Standard)
Any organization that transacts or stores credit card information is required by the major credit card companies to comply with the PCI DSS rules for data and information security.
This is a type of “white hat” hacking whereby authorized agents try to penetrate an organization’s cybersecurity defenses to test its strength and resilience.
A ping is simply a query from one device to another to make sure the device is available before initiating a connection.
A relatively new form of malware that seeks to encrypt data using a key that the attacker controls. In order to access the data again, victims must pay a ransom to the attacker, who then uses their key to decrypt the data.
Rootkits are malware that are designed to hide on a computer or device and may perform a variety of malicious activities such as keylogging or using the device to mount DDoS attacks.
Roots of Trust (RoT)
RoTs are those elements in a device or network that are a source of trust, such as the hardware processing module that generates trusted keys for encryption/decryption and authentication.
A newer approach to security based on the successful cloud model, software-defined perimeters protect network resources by using a trusted broker to grant access to those resources.
Secure Shell (SSH)
SSH is an encryption protocol that allows network services to be delivered securely over a non-secure network.
Security Operations Center (SOC)
A SOC is the central security intelligence hub of an organization where incident response plans are coordinated and executed.
Single Sign-On (SSO)
SSO is a method by which users need only provide a single password or set of credentials to log into multiple applications, often in concert with multifactor authentication.
SOC 2 Compliance
Service Organization Control (SOC) 2 compliance is a requirement for technology services companies that is designed to protect data stored in the cloud through auditable security policies and practices.
This is a type of malware that “spies” on user activity in order to steal information such as passwords and account numbers that are entered on browsers and apps.
The practice of searching for threats by human security agents using a mix of security data, threat intelligence, discovery tools and experienced intuition.
Threat intel is third-party information of cyber threat activity outside an organization’s network, which may include information posted by industry consortiums, government organizations and security vendors.
Diagnostic commands that are used to display the network routing path (Tracepath) and the packet delays (Tracecert) in an IP connection.
Transport Layer Security (TLS)
TLS is the standard encryption protocol used to secure network communications. TLS has largely replaced Secure Sockets Layer (SSL) as the de facto encryption standard for networked communications.
Any malware that is designed to appear as something benign.
Tunneling allows networks to carry communications with non-native protocols. VPN tunnels are a common example of network tunneling, in this case using IPsec tunnels over a standard TCP/IP network connection to provide additional security.
Virtual Private Network (VPN)
A VPN creates a private connection over a public network using the IPsec encryption method, in effect creating a “virtual” private network connection.
A piece of software code that, once it is downloaded to a device, executes an unwanted and often malicious action.
A vulnerability is any security weakness in a system that can be exploited for malicious purposes. These include vulnerabilities in software, hardware and business processes.
A worm is a virus that, once downloaded, replicates itself, spreading to other devices in the network.