A targeted, long-term cyberattack in which an unauthorized user gains access to a network and remains undetected for an extended period, typically for espionage or data theft.

Description text goes hereA software solution that aggregates and analyzes security data from various sources to provide real-time monitoring, threat detection, and incident response.

A network security system designed to monitor and analyze network traffic for signs of unauthorized access or suspicious activities.

A security system that can detect and actively block or mitigate potential threats or attacks in real-time.

Information about potential cyber threats, vulnerabilities, and attack techniques collected from various sources to help organizations better understand and defend against potential risks.

Malicious software, including viruses, worms, Trojans, and ransomware, designed to compromise and damage computer systems or steal data.

A software vulnerability that is unknown to the vendor or the public, making it a prime target for exploitation by cybercriminals.

A method of threat detection that focuses on monitoring and analyzing user and system behaviors to identify anomalies or suspicious activities.

A documented set of procedures and guidelines to follow when a security incident or data breach occurs, with the goal of minimizing damage and recovering as quickly as possible.

The proactive process of actively searching for signs of malicious activities or security threats within an organization's network, often using advanced analytics and threat intelligence.

A cybersecurity technology that monitors and responds to suspicious activities and threats on individual devices, such as computers and mobile devices.

A centralized facility or team responsible for monitoring, analyzing, and responding to security events in real-time.

A fraudulent attempt to obtain sensitive information, such as usernames, passwords, and financial data, by posing as a trustworthy entity in electronic communication, often through email.

A classification system used to categorize the severity of a security incident or breach, often used to prioritize incident response efforts.

An authentication method that requires users to provide two separate authentication factors (e.g., password and a one-time code sent to a mobile device) for increased security.

A decoy system or network designed to attract and detect unauthorized access or malicious activity in order to gather information about potential threats.

he practice of sharing information about cybersecurity threats and vulnerabilities among organizations or with government agencies to improve collective defense.

The process of regularly updating and applying security patches to software and systems to address known vulnerabilities and reduce the risk of exploitation.

An attack that overwhelms a target system or network with excessive traffic, rendering it unavailable to users.

A solution that combines security orchestration and automation to streamline incident response processes and improve efficiency.

The process of identifying the underlying causes of a security incident or breach to prevent similar incidents in the future.

A person, group, or organization responsible for initiating or carrying out a cyberattack.

Digital forensics involves the collection, analysis, and preservation of digital evidence to investigate and recover from security incidents or cybercrimes.

A security alert or warning that is generated by a detection system but does not represent an actual threat or incident.

Artifacts or pieces of information that suggest a system or network has been compromised and may be used to detect ongoing attacks.

Any event that compromises the confidentiality, integrity, or availability of data or information systems.

A group of cybersecurity experts who simulate cyberattacks to identify vulnerabilities and weaknesses in an organization's defenses.

A cyberattack in which attackers use stolen usernames and passwords from one breach to gain unauthorized access to multiple accounts, exploiting the commonality of users reusing passwords.

The overall security strength and readiness of an organization, including its policies, procedures, and security measures.

A security model that assumes no trust, even within an organization's network, and requires strict identity verification and continuous monitoring for all users and devices.

A dedicated team within an organization responsible for managing and responding to security incidents and breaches.

The practice of monitoring network traffic for patterns and behaviors that indicate potential security threats or anomalies.

An organization's ability to withstand and recover from cyberattacks while minimizing the impact on its operations.

The use of machine learning algorithms and models to identify and respond to security threats based on patterns and data analysis.

The collection and storage of all network packets for analysis, which can be useful for investigating security incidents.

A framework that describes the stages of a cyberattack, from initial reconnaissance to data exfiltration, helping organizations understand and defend against attacks at each stage.

Organizations or groups that facilitate the exchange of cybersecurity threat information among members in a specific industry or sector.

The categorization of security incidents based on their type, impact, and severity, which helps in prioritizing responses.

The process of evaluating an organization's vulnerabilities, assets, and threats to determine the likelihood and potential impact of security incidents.

A documented set of procedures and guidelines that security teams follow to respond to specific types of security incidents.

The total exposure and vulnerabilities that a system, network, or organization has, which can be targeted by potential attackers.

A specialized team within a security organization dedicated to actively seeking out security threats and vulnerabilities in an organization's network.

The evaluation of an organization's security controls, policies, and procedures to identify weaknesses and assess overall security effectiveness.

A technique that isolates and runs untrusted or suspicious files in a controlled environment to analyze their behavior and identify potential threats.

A documented strategy for responding to a ransomware attack, including steps for containment, recovery, and communication.

The analysis of volatile memory (RAM) in a computer system to uncover signs of an ongoing cyberattack or intrusion.

The practice of identifying, prioritizing, and mitigating vulnerabilities in an organization's systems and software.

Insurance policies that provide financial protection and coverage for organizations in the event of a cybersecurity incident, such as data breaches or ransomware attacks.

Manipulative techniques used to trick individuals into revealing sensitive information or performing actions that compromise security, often through impersonation or psychological manipulation.

Technologies and policies designed to prevent the unauthorized transfer or leakage of sensitive data from an organization.

predefined set of instructions and procedures for responding to specific security incidents, allowing for consistent and effective incident response.

NDR is a cybersecurity technology that focuses on monitoring and analyzing network traffic to detect and respond to threats and anomalies.

Glossary of Terms

Advanced Persistent Threat (APT)

Security Information and Event Management (SIEM)

Intrusion Detection System (IDS)

Intrusion Prevention System (IPS)

Threat Intelligence

Malware

Zero-Day Vulnerability

Behavioral Analytics

Incident Response Plan (IRP)

Cyber Threat Hunting

Endpoint Detection and Response (EDR)

Security Operations Center (SOC)

Phishing

Incident Severity Level

Two-Factor Authentication (2FA)

Honeypot

Cyber Threat Intelligence Sharing

Patch Management

Denial of Service (DoS) Attack

Security Orchestration, Automation, and Response (SOAR)

Root Cause Analysis

Threat Actor

Forensics

False Positive

Indicators of Compromise (IoC)

Security Incident

Red Team

Credential Stuffing

Security Posture

Zero Trust Security

Security Incident Response Team (SIRT)

Network Traffic Analysis (NTA)

Cyber Resilience

Machine Learning for Threat Detection

Full Packet Capture

Cyber Kill Chain

Security Information Sharing and Analysis Centers (ISACs)

Incident Classification

Risk Assessment

Security Incident Playbook

Attack Surface

Threat Hunting Team

Security Assessment

Sandboxing

Ransomware Recovery Plan

Memory Forensics

Vulnerability Management

Cyber Insurance

Social Engineering

Data Loss Prevention (DLP)

Incident Response Runbook

Network Detection and Response (NDR)