January 31, 2022
There’s a lot of lingo and acronyms you’ll come across in the information security sector, which is why Castra has assembled this Infosec Glossary for easy reference.
Anomali ThreatStream: A threat intelligence management platform that automates collecting and processing raw data, filters out the noise, and transforms it into relevant, actionable information.
AT&T Cybersecurity / AlienVault: The world’s largest MSSP (see entry), detecting cyber threats to mitigate business impact and drive efficiency in cybersecurity operations.
Audit Policies: These policies govern an effective, compliant, comprehensive log that captures data related to credentials, user accounts, access to sensitive data, permission levels, role changes, and server configurations.
Data Lake: Where all of an organization’s data lives to be accessed, analyzed, and utilized by an internal team. A data lake is also where Exabeam’s UEBA technology goes to work (see entries).
EDR (Endpoint Detection Response): A security solution giving real-time visibility into endpoint activities by monitoring and recording endpoint data and detecting and responding to threats. EDR tech includes Anomali ThreatStream (see entry).
Egress Filtering: A filter that controls the traffic attempting to leave a network to ensure the traffic passes rules set by an administrator.
Exabeam: A security platform that enables IT analysts to collect incalculable log data, use behavioral analytics to detect breaches, and automatically respond to incidents.
Glass Box MDR: Transparent and trustworthy SIEM (see entry) that gives clients full access to their own data and information.
IDS (Intrusion Detection Sensor): A tool vendors use to detect invalid signatures, unusual network traffic, policy misuse, and malware (see entry).
IPS (Intrusion Prevention Sensor): A tool that takes inline action on current traffic after detecting signatures, unusual network traffic, policy misuse, and malware (see entry).
IR (Incident Response) or IRP (Incident Response Program): The planned steps an organization uses to prepare for, detect, contain, and recover from a data breach.
LAN (Local Area Network): A collection of connected devices in one physical location.
Log4j: An open-source software tool that records events and communicates them to system administrators and users.
Malware: Intrusive software designed to damage and destroy computers and computer systems, often purporting to be legitimate software.
MDR (Managed Detection and Response): An outsourced cybersecurity service designed to protect an organization’s data and assets through advanced analytics, threat intelligence, incident investigation, and response.
MITRE: An attack framework that’s a curated knowledge base and model for cyber adversary behavior. MITRE ATT&CK reflects the various phases of an adversary’s attack lifecycle and the platforms they are known to target.
MSSP (Managed Security Service Provider): A highly-available, outsourced monitoring and management company that offers services such as intrusion detection, vulnerability scanning, and anti-viral services. MSSPs use their own security operation center to reduce a company’s in-house security personnel.
Mystery Box MDR: Proprietary homegrown SIEM (see entry) that keeps an organization’s data and technology invisible and inaccessible to their clients.
Network Segmentation: The practice of dividing a network in which every device can contact every other device into a series of segments that have restricted communication between them.
OS (Operating System): The principle software component of a computer system. An OS controls and manages all the programs and applications on a computer.
OVAL (Open Vulnerability and Assessment Language): An international community effort in information security that promotes and makes security content publicly available. OVAL also includes a language for encoding system details and content repositories scattered among the community.
PowerShell: A task-based command-line shell and scripting language designed specifically for system administration to help power users control and automate Windows OS (see entry) administration.
Ransomware: An ever-evolving form of malware designed to encrypt files, render them and systems that rely on them unusable, and demand a ransom be paid in exchange for decryption.
SaaS (Software as a Service): A wide range of cloud-based software applications.
SentinelOne: A category of endpoint threat detection and response technology that applies advanced machine learning and analytics to identify threats and benign events with superior accuracy.
SIEM (Security Information Event Management): Technology that helps organizations recognize potential security threats and vulnerabilities before they disrupt business operations. SIEM tech includes Exabeam, USM Appliance, USM Anywhere, and others (see entries).
SOAR (Security Orchestration Automation Response): A set of technologies enabling organizations to collect security operations input to perform incident analysis and triage to drive standardized incident response activities.
SOC (Security Operations Center): A centralized function within an organization that has the people, processes, and technology in place to continuously monitor and improve cybersecurity while preventing, detecting, analyzing, and responding to security events.
SOC 2 (Systems and Organizations Controls 2): A framework that supports a set of data security principles that includes security, availability, integrity, confidentiality, and privacy. A vendor who is SOC 2 compliant demonstrates they are trustworthy.
Threat Actor: An internal or external person, group, or entity responsible for harming an organization or attempting to bring about harm.
Threat Hunting: A proactive defense activity that entails a comprehensive search of networks, endpoints, and datasets for threats that have previously evaded detection by technologies.
TIP (Threat Intelligence Platform): A threat intelligence platform aggregates, curates, integrates, and analyzes data to facilitate management of cyber threats. TIP tech includes Anomali ThreatStream (see entry).
UEBA (User Entity Behavior Analysis): Analytics that show how users within a network are engaging with the network so the platform can identify “typical behavior” and weed out “bad actors.” UEBA is a large part of how Exabeam functions (see entry).
UI (User Interface): The elements of a website, app, or SaaS, a user interacts with in navigating the page or program. UI includes page layout, text, images, form fields, buttons, and more.
UTM (Unified Threat Manager): Multiple security features or services combined into a single device within a network to simplify its protection.
Wazuh: A tool used for remote logging and analyzing logs from endpoints not on the network, such as on a mobile device.
XDR (Extended Detection Response): A Saas-based, vendor-specific threat detection and incident response tool that enables enterprises to integrate multiple licensed security products and components into one holistic, comprehensive system. XDR tech includes Palo Alto Cortex + Exabeam + Anomali have XDR functionality.
Further Infosec Learning