2024 Gartner® Market Guide for Managed Detection and Response
2024 Gartner® Market Guide for Managed Detection and Response Get the Report
Cybersecurity Glossary of Terms
#
-
360-Degree Visibility: Ensuring a thorough understanding of digital environments to detect and respond to threats.
A
-
Access Control: This ensures that only authorized users can access resources.
-
Account Harvesting: This is when someone collects all the valid account names on a system.
-
Active Directory: A central system within a network responsible for managing user accounts, computers, and resources, allowing for efficient access control and authentication.
-
Activity Monitors: These keep an eye out for harmful activity on a system and try to stop it.
-
Advanced Encryption Standard: A new encryption method being created by NIST to keep information secure.
-
Alert Fatigue: A desensitization of urgency encountered when faced with a high volume of security alerts.
-
AiTM Attacks: A tactic where attackers place themselves between the user and the device or server.
-
Application Allow Lists: Security measures defining which applications are authorized to operate on a system, mitigating the risk of unauthorized or malicious software execution.
-
Application Security Testing: This checks how safe an application is during its development and use.
-
Attacker-in-the-Middle Phishing: A tactic where attackers intercept and steal data during communication between a sender and recipient.
-
Auditing: This involves checking assets to make sure they follow rules and are secure.
-
Authentication: Confirming that someone is who they say they are.
-
Authorization: Giving permission for someone or something to do something.
-
Axios: An HTTP library used for making requests from a client to a server.
B
-
Backdoor: A tool put in after an attack to make it easier for the attacker to access a system.
-
Bandwidth: How much data a communication channel can handle in a certain time.
-
Base64: Encodes binary data into text for secure transmission across different channels, maintaining data integrity and compatibility.
-
Binary-to-Text Encoding: Converts binary data into text, aiding in data exchange and storage in text-based systems.
-
Blue Team: People who focus on defending against cyber threats.
-
Breadcrumbs: A navigation framework/technique that reveals a user’s location on a website.
-
Brute Force: Trying every possible option to break a code.
-
Business Continuity Plan (BCP): A plan to keep a business running after a disaster.
-
Byte: The smallest amount of computer storage, usually holding one character of information.
C
-
Cache: High-speed storage used to make accessing data faster.
-
Cache Poisoning: Tricking a system into saving bad data.
-
Call Admission Control (CAC): Monitoring and controlling voice network activity.
-
Certificate-Based Authentication: Using certificates to verify identities and encrypt data.
-
Cloud Computing: Storing, managing, and processing data on remote servers.
-
Competitive Intelligence: Gathering information legally to understand competitors.
-
Computer Emergency Response Team (CERT): A group that helps with computer security incidents.
-
Computer Network: A group of computers connected to share data.
-
Cookie: Data exchanged between a server and a web browser to remember information.
-
Credential Harvesting: Illegitimate practices aimed at obtaining sensitive authentication credentials for unauthorized access to systems or accounts.
-
Cyber Insurance: Insurance coverage designed to shield individuals and organizations from financial losses stemming from cyber incidents.
-
Cybersecurity and Infrastructure Security Agency (CISA): A federal agency tasked with bolstering cybersecurity resilience and infrastructure security nationwide to both public and private sectors.
-
Cybersecurity Maturity Model Certification (CMMC): A framework devised to evaluate and enhance the cybersecurity capabilities of organizations collaborating with the U.S. Department of Defense, aiming to safeguard sensitive information and assets.
-
Cryptojacking: Illegally using someone’s computer to mine cryptocurrencies.
D
-
Data Aggregation: Combining different records to get more information.
-
Data Encryption Standard (DES): A widely-used way of encrypting data.
-
Data Mining: Analyzing existing information to find new opportunities.
-
Data Owner: The person or group responsible for data.
-
Data Warehousing: Putting all databases in one place for easier management.
-
Decryption: Turning encrypted data back into its original form.
-
Denial of Service: Stopping authorized access to a system.
-
Digital Certificate: An electronic ID used for online transactions.
-
Digital Signature: A unique code to show a message is authentic.
-
Digital Signature Standard (DSS): The US Government’s method for digital signatures.
-
Distributed Denial-of-Service (DDoS): When a website or online service is overwhelmed by a massive influx of fake traffic, causing it to become inaccessible to legitimate users.
-
DNS Filtering: The Domain Name System acts as an internet directory, converting human-readable website names into numerical IP addresses, facilitating the accurate routing of online traffic.
-
Domain: An area on the internet with a specific name.
-
Domain-based message authentication, reporting, and conformance (DMARC): Email protocol to stop fake emails by verifying sender domains.
-
Domain Controller: A server that handles security for a network.
-
Domain Hijacking: Taking control of a domain illegitimately.
-
Dwell Time: Time between spotting and neutralizing a cyber threat in a network.
-
Dynamic Routing Protocol: Letting devices learn the best routes to send data.
E
-
Endpoint: A device that connects to a network remotely.
-
Endpoint Detection and Response: Protecting networks by monitoring and responding to threats.
-
Encryption: Changing data into a secret code to keep it safe.
-
Event: Something observable happening in a system or network.
-
Exposure: Unauthorized release of sensitive data.
-
Extensible Authentication Protocol (EAP): Supporting different ways to authenticate users.
F
-
File Transfer Protocol (FTP): A way to transfer files over a network.
-
Firewall: Protection to stop unauthorized access to data or resources.
-
Firewall Deny Lists: Blocks specific IPs or domains known for cyber attacks.
-
Flooding: Overloading a system with more data than it can handle.
-
Form-Based Authentication: Using forms on a webpage for user login.
-
Forward Proxy: A server that handles all requests for a network.
-
Frames: Data sent between network points, including control information.
G
-
Gartner: an American technological research and consulting firm based in Stamford, Connecticut, that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences.
-
Gateway: A point to enter another network.
-
Gethostbyname: Getting a machine’s address when you know its name.
-
GET Request: An HTTP command used to collect data from a source.
-
Golden Ticket Attack: Exploits Kerberos authentication for unauthorized network access.
H
-
Hactivism: Hacking to support political or social causes.
-
Hardening: Finding and fixing vulnerabilities in a system.
-
Hijack Attack: Taking over a communication link.
-
Honey Pot: A system set up to attract and detect hackers.
-
Host: A computer connected to the internet.
-
HTTP Proxy: A server managing HTTP requests.
-
HTTPS: A secure version of HTTP.
-
Hyperlink: A link to other information.
-
Hypertext Markup Language (HTML): Code used to create web pages.
-
Hypertext Transfer Protocol (HTTP): Protocol for transferring web pages.
I
-
Incident: A negative event in a system or network.
-
Incident Response: Processes for reacting to cyber threats.
-
Incremental Backups: Backing up only changed files since the last backup.
-
Information Security (Infosec): Protecting information from risks.
-
Internet of Things (IoT): Devices connected and sharing data over the internet.
-
Internet Protocol (IP): The method for sending data over the internet.
-
Intranet: A private network within an organization.
-
IP Address: A unique address for a device on a network.
-
IP Forwarding: Allowing a device to act as a router.
-
IP Spoofing: Using a false IP address.
-
IT Inventory: The systematically tracking and organizing of an organization’s hardware, software, network resource and other technological assets.
J
-
Jitter: Changes in data while keeping its overall structure.
K
-
Kernel: The core of an operating system.
L
-
Least Privilege: Giving users only the permissions they need.
-
Lightweight Directory Access Protocol: A way to find resources in a network.
-
List-Based Access Control: Giving users access based on a list.
-
Living-off-of-the-Land Binaries: Legit system tools abused by attackers for hidden actions.
-
Logs: Records of activities on a system.
-
Log Clipping: Hiding certain activities in log files.
-
Logic Bombs: Programs set to do something under specific conditions.
-
LoginGraceTime: The time allotted for a user to authenticate their login.
M
-
MAC Address: A unique address for a network device.
-
Machine Learning: A process used by AI utilizing data and algorithms to learn and improve over time.
-
Macros: Document scripts exploited to deliver malware or take control.
-
Malicious Code: Harmful software or programs.
-
Malware: Software designed to harm computers or networks.
-
Managed Detection and Response: Outsourcing some security operations.
-
Managed Security Service Provider (MSSP): A company offering security services.
-
Managed Service Provider: A company providing outsourced services.
-
Mandatory Access Control (MAC): Controls set by a system that can’t be changed.
-
Masquerade Attack: Pretending to be someone else online.
-
Mean Time to Acknowledge (MTTA): Time taken to realize and react to a security breach.
-
Multi-Factored Authentication (MFA): Using multiple ways to verify identity.
-
Multi-Homed: Connected to multiple ISPs.
N
-
NAT: Sharing one IP address among many devices.
-
National Institute of Standards and Technology (NIST): An organization setting standards for the US.
-
Network: Computers connected to share resources.
-
Network Security: Protecting networks from threats.
-
Network Address Translation: Changing one IP address to another.
-
Number Matching MFA: Two-step login using a code sent to the user’s device.
O
-
One-Way Encryption: Making data unreadable without a key.
-
Overload: Overburdening a system.
P
-
Packet: A piece of data sent over a network.
-
Password Authentication Protocol (PAP): A simple way to authenticate users.
-
Password Cracking: Trying to guess passwords.
-
Password Manager: A tool used to store and secure passwords.
-
Password Spray: A brute force tactic where multiple passwords are tried in order to gain access.
-
Patch: A small update to fix problems in software.
-
Payload: The main part of a data packet.
-
Penetration: Illegally accessing sensitive data.
-
Penetration Testing: Testing a network’s security.
-
Phishing: Tricking people into giving away sensitive information.
-
Physical Device Attacks: Exploits weaknesses in hardware for unauthorized access or data theft.
-
Port: A number identifying an endpoint on a network.
-
Port Scan: Checking which ports are open on a computer.
-
Program Policy: Rules governing a program’s use.
-
Proprietary Information: Secret information that gives a company an advantage.
-
Protocol: Rules for communicating between devices.
-
Proxy Server: A server acting as a middleman for internet traffic.
-
Public Key: Part of an encryption system for secure communication.
-
Python or Python Script: Programming language used for cybersecurity tasks and automation.
R
-
Ransomware: Malicious software holding data for ransom.
-
Recover (NIST): Restoring capabilities after a cyber event.
-
Registry: A database storing Windows settings.
-
Reputational Damage: A decline in an organization’s credibility.
-
Response: Information sent in reply to a stimulus.
-
Reverse Engineering: Analyzing a system to understand how it works.
-
Reverse Proxy: A server handling incoming web requests.
-
Risk: Likelihood of a negative event and its impact.
-
Risk Assessment: Evaluating potential threats to a system.
-
Risk Management: Deciding how to deal with potential threats.
-
Router: A device directing data between networks.
S
-
Sandbox: A controlled environment for testing software.
-
Screen Scraping: Extracting data from websites.
-
Security: Protecting data and systems from threats.
-
Security Awareness Training: Teaching people how to spot security threats.
-
Security Information and Event Management (SIEM): Software managing security information.
-
Security Incident: A breach of security.
-
Security Policy: Rules for protecting information.
-
Sensitive Information: Data needing extra protection.
-
Session: A conversation between two devices.
-
Signature-Based Detection: Finding threats based on known patterns.
-
Single Sign-on Bypass: Getting into systems by exploiting flaws in their one-login-for-all setup.
-
Simple Network Management Protocol (SNMP): A protocol for managing devices on a network.
-
Sniffer: Software to capture data packets traveling on a network.
-
Social Engineering: Tricking people into giving away information.
-
Software as a Service (SaaS): Software provided over the internet.
-
Spyware: Software secretly gathering information.
-
SQL Injection: Attacking a database through user input.
-
SSH Tunnel: Encrypted connection between computers.
-
Subnet: A smaller network within a larger one.
-
Supply Chain Attack: Attacking by tampering with products or services from third-party vendors.
-
Switch: A device connecting devices in a network.
-
System Administrator: Someone managing computer systems.
-
System Call: A way for programs to request services from the operating system.
T
-
Tactics, Techniques, Procedures (TTP): Methods attackers use to carry out cyber attacks.
-
Targeted Data Exfiltration: The act of obtaining or removing information from a user’s secure location.
-
Tar Pits: Slowing down a process in order to reduce the risk posed by a threat actor to the target.
-
Threat: A potential event that could cause harm.
-
Threat Actor: Someone or something posing a threat.
-
Threat Intelligence: Information about potential threats.
-
Tiers of Risk in Cyber Insurance: Different levels of coverage based on how likely a cyber attack is.
-
Token: A physical device used for authentication.
-
Token Interception: An event in which a token is never sent to the user.
-
Token Theft: An event in which a token is seized by an attacker.
-
Traceroute: Checking the path data takes between computers.
-
Traffic: Data moving between devices on a network.
-
Trend Analysis: Utilizing historical data in order to forecast future events.
-
Trojan Horse: Malicious software hidden inside legitimate programs.
U
-
Unified Threat Management (UTM): Combining security features into one platform.
-
USB Proxy: A device controlling which USB devices can connect to a computer.
-
User Awareness Training: Teaching people how to recognize and handle cyber threats.
V
-
Virtual Private Network (VPN): A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network.
-
Virus: Malicious software that spreads and harms computers.
-
VLAN: Splitting a network into smaller virtual networks.
-
Vulnerability: A weakness that could be exploited.
W
-
Wardriving: Searching for Wi-Fi networks while driving.
-
Warez: Illegally copied software.
-
Watering Hole Attack: Hacking a website likely to be visited by targets.
-
Wi-Fi Protected Access (WPA): Security for Wi-Fi networks.
-
Wi-Fi Protected Access 2 (WPA2): Improved security for Wi-Fi networks.
-
Wi-Fi Protected Access 3 (WPA3): The most secure version of Wi-Fi security.
-
Wireless Fidelity (Wi-Fi): A way to connect devices without wires.
-
Worm: Malicious software that spreads on its own.
X
-
XDR: Extended detection and response (XDR) collects threat data from previously siloed security tools across an organization’s technology stack for easier and faster investigation, threat hunting, and response. An XDR platform can collect security telemetry from endpoints, cloud workloads, network email, and more.
-
XML Injection: Attacking a web application by adding malicious XML code.
Z
-
Zero-Day: The “Day Zero” or “Zero Day” is the day a new vulnerability is made known. In some cases, a “zero day” exploit is referred to an exploit for which no patch is available yet. (“day one” – day at which the patch is made available).
-
Zero-Day Exploit: An attack on a software vulnerability before it’s known.