Cybersecurity Glossary
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.
Account Takeover Fraud
Account takeover fraud, also known as account compromise, occurs when a cyber attacker gains control of a legitimate account.
Active Directory
Active Directory is a directory service developed by Microsoft for Windows domain networks.
Advanced Persistent Threat
An Advanced Persistent Threat (APT) is a complex cyber-attack in which an unauthorized user gains access to a network and remains undetected for an extended period.
Advanced Threat Protection
Advanced Threat Protection (ATP) is a category of security solutions that defend against sophisticated malware, hacking attempts, and other complex cyber-attacks that traditional security measures might miss.
Agentic AI
Agentic AI is a sophisticated form of artificial intelligence that can accomplish specific goals with limited supervision by mimicking human decision-making processes.
AI Cyber-Attacks
An AI-enabled cyber-attack occurs when adversaries leverage artificial intelligence, machine learning, generative AI, or large language models to enhance, automate, or scale traditional cyber techniques.
AI in Cybersecurity
AI in cybersecurity applies machine learning techniques to detect, prevent, and respond to digital threats at machine speed and scale.
AI Threat Detection
AI threat detection leverages artificial intelligence and machine learning to spot cyber threats the same way a seasoned security analyst would, except it never gets tired, never takes coffee breaks, and can process thousands of security events simultaneously.
AI TRiSM
AI TRiSM (Artificial Intelligence Trust, Risk, and Security Management) is a comprehensive framework developed by Gartner that ensures AI model governance, trustworthiness, fairness, reliability, robustness, efficacy, and data protection.
Alert Fatigue
Alert fatigue, also known as alarm fatigue or notification fatigue, is a prevalent issue common across many fields, including healthcare, construction and mining, information technology, and cybersecurity.
API-Based Email Security
API-based email security is an innovative approach that leverages email programs’ Application Programming Interfaces (APIs) to provide comprehensive protection against various email-based threats.
Artificial Intelligence
Artificial intelligence, commonly abbreviated AI, refers to the simulation of human intelligence demonstrated by machines or computer systems, in contrast to the intelligence of humans.
Attack Surface
An “attack surface” is the cumulative potential entry points or vulnerabilities through which unauthorized entities might infiltrate systems, networks, or access sensitive information.
Attack Vector
An attack vector is a path by which a cyber criminal can gain unauthorized access to a computer system, network, or application.
AWS DLP
When corporations store data in Amazon Web Services (AWS), they need a way to ensure that sensitive data is safe from theft, disclosure, and corruption.
Bad Rabbit
Bad Rabbit is a strain of ransomware that first appeared in 2017 and is a suspected variant of Petya.
Biometrics
Biometrics refers to the measurement and analysis of unique biological characteristics or behavioral patterns that can identify and authenticate individuals.
Botnet
A botnet is a group of computers or devices under the control of an attacker used to perform malicious activity against a targeted victim.
Browser Isolation
Browser isolation is a cybersecurity protocol that separates web browsing activity from local networks and infrastructure by operating in a secure environment.
Brute-Force Attack
A brute-force attack is a trial-and-error method used to decode sensitive data like passwords, encryption keys, and login credentials by systematically trying every possible combination until the correct one is found.
Business Email Compromise (BEC)
Business email compromise (BEC) is a type of email cyber crime scam in which an attacker targets a business to defraud the company.
BYOD
A bring-your-own-device (BYOD) policy allows employees and other staff to bring their personal laptops and smartphones to work and connect them to the corporate network.
CASB
A CASB is a critical security checkpoint between your users and cloud platforms. It protects data while addressing the authorization and visibility challenges that come with leveraging cloud services at scale.
Catfishing
In cybersecurity, catfishing refers to the fabrication of a false online identity by a cybercriminal for the purposes of deception, fraud, or exploitation.
CCPA Compliance
The California Consumer Privacy Act (CCPA) was enacted in 2018 to combat the numerous incidents of data breaches in Big Tech from poorly defined access controls and management of privacy.
CEO Fraud
CEO fraud falls under the umbrella of phishing, but instead of an attacker spoofing a popular website, they spoof the CEO (or another high-level executive) for the targeted corporation.
Cerber Ransomware
Cerber ransomware was discovered in March 2016. As a ransomware-as-a-service (RaaS) malware, it can be deployed by anyone without any hacking or coding skills.
ChatGPT
ChatGPT, also known as Generative Pretrained Transformer 3 (GPT-3), is a cutting-edge AI chatbot developed by OpenAI.
Chief Information Security Officer (CISO)
A Chief Information Security Officer (CISO) is responsible for designing cybersecurity strategies used to protect corporate data and assess risk across the organization to improve on its cyber-defenses.
Clone Phishing
Clone phishing is a newer type of email-based threat where attackers clone a real email message with attachments and resend it pretending to be the original sender.
Cloud Archive
A cloud-based archiving solution stores data offsite on cloud servers where administrators can provision the necessary resources to ensure they can create thorough backups with sufficient storage capacity.
Cloud Compliance
When you store sensitive data on a third-party cloud server, it’s imperative that this third-party host is compliant with all data privacy and protection regulatory standards.
Cloud DLP (Data Loss Prevention)
Cloud data loss prevention (DLP) helps keep an organization’s sensitive or critical information safe from cyber attacks, insider threats and accidental exposure.
Cloud Security
Cloud computing—a broad term that describes the move to the cloud and a mobile workforce—has brought new security and compliance risks.
Cloud Security Posture Management
CSPM is a critical component in cloud security, designed to safeguard cloud environments from potential threats.
Compliance Management
Compliance management refers to organizational procedures and policies to ensure compliance with all legal and regulatory standards pertinent to their information security practices.
Compliance Monitoring
Compliance monitoring is the process that ensures organizations meet the policies and procedures to identify compliance risk issues in their day-to-day operations and functions.
Compliance Risk
Compliance risk is an organization’s legal, financial and criminal exposure if it does not follow industry laws and regulations.
Compromised Account
Whether it’s from social engineering, phishing or other cyber-attacks, an account is compromised when a threat actor gains access to credentials and/or other means to perform actions on behalf of the targeted user.
Computer Virus
A computer virus is an ill-natured software application or authored code that can attach itself to other programs, self-replicate, and spread itself onto other devices.
Credential Compromise
Credential compromise occurs when unauthorized parties gain access to login details such as usernames, passwords, or security answers.
Credential Stuffing
Credential stuffing is a cyber threat that accesses online user accounts using stolen usernames and passwords.
Credential Theft
Credential theft is the unlawful acquisition of an individual’s or a machine’s authentication secrets — most often usernames, passwords, session tokens, or private keys.
Critical Infrastructure Protection (CIP)
Critical infrastructure encompasses the essential systems, networks, and assets — both physical and virtual — that are vital to a nation’s security, economic stability, and public well-being.
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is a security vulnerability found in various types of web applications where attackers inject malicious scripts into content from otherwise trusted websites.
Cryptojacking
Cryptojacking is the process of tricking users into using their computers and mobile devices to generate cryptocurrency for an attacker.
CryptoLocker
CryptoLocker is a form of ransomware that restricts access to infected computers by encrypting its contents. Once infected, victims are expected to pay a “ransom” to decrypt and recover their files.
Cryptowall Ransomware
CryptoWall is a ransomware malware that works by encrypting files on an infected computer and requires users to pay ransom to receive a decryption key.
Cyber Attack
A cyber-attack is any malicious activity designed to compromise, interfere with, deny access to, or destroy information systems or their data.
Cyber Crime
Cyber crime is a general term describing the myriad of criminal activities carried out using a computer, network, or another set of digital devices.
Cyber Espionage
Cyber espionage, a highly sophisticated form of modern spying, involves the use of digital techniques by individuals, organizations, or governments to access confidential information without authorization.
Cyber Extortion
Cyber extortion is a nefarious cybercrime where threat actors exploit security vulnerabilities to breach digital security systems and gain unauthorized access to valuable assets.
Cyber Hygiene
Cyber hygiene, or cybersecurity hygiene, refers to the practices and procedures that individuals and organizations use to maintain the health and security resilience of their systems, devices, networks, and data.
Cyber Insurance
Cyber insurance (also known as cyber-liability insurance) minimizes the costs of a cybersecurity event such as ransomware, data breach or network compromise so that businesses do not suffer from severe financial strain.
Cyber Kill Chain
The Cyber Kill Chain is a concept developed by Lockheed Martin to outline the stages of a cyber-attack from its inception to its ultimate goal, which typically centers on data exfiltration or system compromise.
Cyber Threats
A cyber threat is any malicious act aimed at compromising the security of your information systems.
Cybersecurity
Cybersecurity defines the strategies and practices deployed to shield digital ecosystems from unauthorized access, manipulation, or disruption.
Cybersecurity Analytics
An organization needs cybersecurity analytics to determine the cause of an incident and collect data for future investigations.
Cybersecurity Compliance
What Is Cybersecurity Compliance? Core Regulations and Standards to Know Step-by-Step: Building a Cybersecurity Compliance Plan Compliance vs.
Cybersecurity Litigation
Cybersecurity litigation usually follows a severe data breach when victims of identity theft or future financial loss are your organization’s customers who seek compensation for the event.
Cybersecurity Maturity Model Certification (CMMC)
CMMC, or Cybersecurity Maturity Model Certification, is a tiered cybersecurity program mandated by the Department of Defense (DoD) to safeguard against cyber threats within its supply chain.
Dark Web
The dark web refers to the hidden and encrypted portion of the internet that’s inaccessible through traditional web browsers.
Data Archiving
Secure data archiving involves collecting and moving older data to a secure location for later retrieval to conduct data analysis.
Data Breach
A data breach is a cybersecurity incident where sensitive, confidential, or protected information is accessed, viewed, taken, altered or used by anyone not authorized to do so.
Data Center
A data center is a specialized facility designed to house and manage a vast array of computer systems, servers, networking equipment, and storage infrastructure.
Data Center Security
When enterprise infrastructure is housed in a data center, it’s essential to ensure that the third-party location is physically and virtually secure. Data center security involves the physical and virtual cybersecurity that protects corporate data from attackers.
Data Classification
Data classification is a method for defining and categorizing files and other critical business information.
Data Exfiltration
Data exfiltration is defined as the unauthorized copying, transfer, or retrieval of data from either a server or an individual’s computer.
Data Governance
Data governance is the comprehensive framework of strategies, policies, and rules designed to ensure the security, availability, integrity, and compliance of enterprise data assets.
Data Labeling
Data labeling, also called data tagging, is the process of assigning various data points with information so that machine learning (ML) algorithms can better understand its meaning.
Data Leak
A data leak unintentionally exposes sensitive, protected, or confidential information outside its intended environment.
Data Loss Prevention (DLP)
Data Loss Prevention (DLP) is an in-demand cybersecurity strategy that detects and prevents unauthorized access, sharing, or transmission of sensitive organizational data through a combination of technologies, policies, and processes.
Data Masking
Data masking, also known as data obfuscation or data anonymization, is a cybersecurity technique that generates a fundamentally similar but artificial form of an organization’s data.
Data Poisoning
Data poisoning is a cyber-attack that targets the training phase of artificial intelligence (AI) and machine learning models by deliberately corrupting or manipulating the datasets used to teach these systems.
Data Privacy
Data privacy aims to protect customer data from unethical use and distribution to third parties. Learn what data privacy is and what you need to know.
Data Protection
Every day, attackers aim to steal valuable and sensitive data from businesses, so data/information protection strategies focus on building infrastructure and policies to stop them.
Data Reconciliation
Data reconciliation is the systematic process of comparing, verifying, and harmonizing data sets from multiple sources or systems to ensure consistency, accuracy, and completeness.
Data Retention Policy
Every solid backup plan has a data retention policy, which specifies how long your organization stores backup data before either archiving it, overwriting it, or destroying (deleting) it.
Data Security
Data security involves the practices, strategies, procedures, and mitigation techniques used to protect sensitive information from attackers.
Data Security Posture Management (DSPM)
Data Security Posture Management (DSPM) represents a data-first approach to security that provides comprehensive visibility and control over sensitive data across an organization’s entire digital ecosystem.
Data Theft
Data theft is the unauthorized acquisition of digital data from an entity, often driven by motives of financial profit or to disrupt business activities.
Data Visualization
Data visualization is the process of converting elaborate datasets into visual contexts, such as charts, graphs, or maps, to make complex information more accessible and comprehensible for the human brain to interpret.
DDoS
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic on a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Deception Technology
Deception technology is an innovative approach to cybersecurity designed to anticipate and outsmart cyber-attackers by assembling a labyrinth of decoys and traps within a network.
Deepfake Technology
A deepfake is an elaborate form of synthetic media that uses AI and machine learning (ML) techniques to fabricate or manipulate audio, video, or images that appear convincingly real.
Digital Forensics
Digital forensics is an essential field in today’s era, focusing on the methodical retrieval, preservation, and analysis of electronic data, often regarding criminal activity.
Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act is a regulation that was adopted by the EU in 2022 and will become effective in January 2025.
Digital Risk
Types of Digital Risk Digital Risk Protection How to Manage Digital Risk
Digital Signature
A digital signature is a mathematical protocol that uses cryptographic techniques to verify the authenticity and integrity of digital messages or documents.
Disaster Recovery
Disaster recovery is broadly defined as an organization's ability to respond to and recover from a catastrophic event that negatively affects its operations or infrastructure.
DKIM
DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify.
DMARC
DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, is an open email authentication protocol that provides domain-level protection of the email channel.
DNS
DNS or Domain Name System is a method by which an IP address is converted into a readable domain.
DNS Spoofing
DNS (Domain Name Service) spoofing is the process of poisoning entries on a DNS server to redirect a targeted user to a malicious website under attacker control.
Domain Spoofing
Domain spoofing is a deceptive cyber threat where bad actors create fraudulent digital entities that mimic legitimate, trusted domains.
Doxing
Doxing, also known as “doxxing” or “d0xing,” is a cyber-attack tactic involving the collection and dissemination of personal information with malicious intent.
E-Discovery
E-discovery is a form of digital investigation that attempts to find evidence in email, business communications and other data that could be used in litigation or criminal proceedings.
Eavesdropping Attack
In cybersecurity, an eavesdropping attack is a malicious attempt to intercept and access data transmitted over a network without authorization.
Electronic Communication
The transfer of knowledge, ideas, data, or messages via digital means is referred to as electronic communication or digital communication.
Email Account Compromise (EAC)
Email Account Compromise (EAC) is a highly sophisticated attack in which attackers use various tactics. Read on to learn the definition, how it works, and more.
Email Archiving
Email archiving is a system for preserving email communications in a secure, indexed, and retrievable digital format.
Email Authentication
Email authentication is a collection of techniques and protocols designed to verify the legitimacy and origin of email messages.
Email Encryption
Email encryption is the process of encoding or scrambling the contents of an email message, including any attachments, to prevent unauthorized access or interception by third parties.
Email Filtering
Email filtering is the automated process of analyzing, categorizing, and managing incoming and outgoing email messages based on predetermined security and business criteria.
Email Impersonation Attacks
An email impersonation attack is a type of phishing scam where cyber criminals manufacture a sender’s email address to make it appear as if the message is from a trusted source, such as a company executive, business partner, co-worker, or other known individual.
Email Protection
Email protection is a combination of security technology deployment and the training of employees, associates, customers, and others to guard against cyber-attacks that infiltrate your network through email.
Email Scams
Email fraud is an umbrella term that covers any scam or deception carried out via email with the intent to steal information, money, or unauthorized access.
Email Security
Email security is the framework of technologies, protocols, and policies designed to protect email communications from cyber threats while maintaining message confidentiality, integrity, and availability.
Email Spoofing
Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust.
Encryption
In cryptography, encryption is the process of encoding a message or information in a way that only authorized parties can access it and those who are not authorized cannot.
End User Monitoring
End user monitoring in a web application tracks the way users interact with a site and uses this logged information to display analytics.
Endpoint Detection and Response (EDR)
Endpoint Detection and Response (EDR) is a type of cybersecurity solution designed to monitor, detect, and respond to malicious activities on an organization’s endpoints.
Endpoint Security
Endpoint security involves the strategies, software, and hardware used to protect all devices and access points on a corporate network.
Endpoint-Delivered Threats
Endpoint-delivered threats usually enter an organization through: (a) A user-infected device introduced into the corporate network which then delivers malware that can spread laterally, (b) An infected portable device, or (c) Users who are tricked into downloading and installing malicious software by claims that they are antivirus, disk cleanup or other utility software.
Enterprise Security
Enterprise security consists of the overall strategies and procedures used to defend an organization from bad actors.
Extended Detection and Response (XDR)
Extended Detection and Response (XDR) is a unified security incident platform that uses artificial intelligence and automation to detect, analyze, and respond to cyber threats across an organization’s entire digital infrastructure.
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a standardized approach to assessing, authorizing, and monitoring the security of cloud services across the U.S. government.
FERPA Compliance
The Family Educational Rights and Privacy Act (FERPA) was enacted to help protect the personal information of students. Learn the meaning, laws, regulations, and more.
Firewall
A firewall is a type of network security system that analyzes incoming and outgoing network traffic, effectively serving as a barrier that blocks viruses and attackers based on predetermined security rules.
GameOver Zeus (GOZ)
Zeus is a family of malware first discovered in 2005. In addition to the original Zeus financial account-stealing component, GameOver Zeus is an advanced variant with a ransomware component.
GDPR
The European Union General Data Protection Regulation (GDPR) is ruling set to protect the data of all EU citizens.
Generative AI
Generative AI, also known as GenAI or GAI, refers to artificial intelligence systems that can generate new and original content—such as text, images, audio, code, and more—based on the data they were trained on.
Graymail
Graymail is bulk email that does not fit the definition of spam because it is solicited, comes from a legitimate source, and has varying value to different recipients.
Hacking
Hacking is broadly defined as exploiting vulnerabilities in an organization's computer systems and networks to gain unauthorized access or control of digital assets.
Hacktivism
The term “hacktivism” is a combination of the words “hack” and “activism.” It’s a word to describe the intent of specific attackers.
HIPAA Compliance
Compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) requires companies that work with protected health information (PHI) to implement and follow physical, network, and process security measures.
Honeypot
A cybersecurity honeypot is a decoy security mechanism designed to attract cyber attackers so that security researchers can see how they operate and what they might be after.
Human Firewall
A human firewall represents the collective force of individuals in an organization trained to guard against cyber threats as a fundamental layer of defense.
Human Risk Management
As a new concept, human risk management (HRM) is a comprehensive approach to cybersecurity that centers on understanding, measuring, and mitigating the risks associated with human behavior within an organization.
Human-Centric Security
Human-centric security is a comprehensive approach to cybersecurity that places people and their behaviors at the center of security strategy rather than focusing primarily on networks, endpoints, or applications.
Identity and Access Management (IAM)
Identity and access management (IAM) is a framework of policies, processes, and technologies that enable organizations to manage digital identities and control user access to data, systems, and resources within a computer network.
Identity Security
Identity security is a comprehensive cybersecurity practice that protects digital identities and manages secure access to enterprise resources across complex technology ecosystems.
Identity Security Posture Management (ISPM)
Identity Security Posture Management (ISPM) is a cybersecurity approach that continuously assesses, monitors, and optimizes an organization’s digital identities to prevent unauthorized access and mitigate risks like credential theft, account takeovers, or privilege abuse.
Identity Theft
Identity theft is when someone steals your personal information, such as your name, Social Security number, bank account numbers, or credit card data, to commit fraud or other criminal activities.
Identity Threat Detection & Response (ITDR)
ITDR is short for identity threat detection and response, a new class of cybersecurity solutions that focuses on protecting identity-based systems from cyber threats.
Immutable Backups
Immutable backups are a data protection strategy that creates unchangeable backup copies.
Incident Response
Incident response contains and eradicates threats when an attacker exploits a vulnerability within an organization. Learn what incident response is and steps for it.
Indicators of Compromise
During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.
Information Seeking Scams
Scammers want information, and they try to extract it by tricking recipients of emails.
Infrastructure as a Service (IaaS)
Infrastructure as a Service is a cloud computing model that delivers fundamental IT infrastructure components—including servers, storage, networking, and virtualization—as on-demand services over the internet.
Insider Risk
Insider risk refers to the potential for sensitive data exposure—whether accidental, negligent, or malicious—that threatens organizational security, reputation, or compliance, regardless of its source.
Insider Threat
An insider threat is when someone misuses their authorized access to negatively impact a company’s critical information or systems.
Integrated Cloud Email Security (ICES)
Integrated Cloud Email Security, or ICES, is a cutting-edge email protection methodology that improves the native security capabilities of cloud-based email providers like Microsoft 365 and Google Workspace.
Intellectual Property Theft
Intellectual property (IP) theft is the unauthorized use, exploitation, or outright theft of creative works, ideas, trade secrets, and proprietary information otherwise protected under intellectual property laws.
Internet Cookies
Internet cookies, also known as HTTP or web cookies, are small text files containing unique identifying data that websites store on a user’s web browser.
Intrusion Detection System (IDS)
An IDS is a sophisticated device or software application that meticulously monitors network traffic or system activities for any signs of potential violations, unauthorized access, or malicious activities.
Intrusion Prevention System (IPS)
An Intrusion Prevention System (IPS) is a security technology designed to detect and actively block or mitigate unauthorized access, malicious activities, and potential threats within a computer network or system.
IoT (Internet of Things)
The Internet of Things (IoT) refers to devices around the world that automatically connect to the cloud and function by storing data or running commands from an online server.
IoT Security
Internet of Things (IoT) security is the safeguards and protections for cloud-connected devices such as home automation, SCADA machines, security cameras, and any other technology that connects directly to the cloud.
IP Address
An IP (Internet Protocol) address is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
IP Reputation
IP reputation is a digital trustworthiness score for an internet address. It measures the credibility of an IP based on its historical behavior in online activities.
IT Compliance
When we talk about compliance in IT, we’re referring to certain guidelines an organization must follow to ensure its processes are secure.
Kerberoasting Attacks
Kerberoasting is a sophisticated post-exploitation attack technique that targets service accounts within Active Directory environments by exploiting vulnerabilities in the Kerberos authentication protocol.
Keyloggers
A keylogger is a type of software or hardware that secretly records every keystroke a user types on their computer, mobile device, or keyboard.
Large Language Models (LLMs)
Large Language Models (LLMs) are an advanced form of artificial intelligence that’s trained on high volumes of text data to learn patterns and connections between words and phrases.
Lateral Movement
Lateral movement refers to the steps and techniques cybercriminals use to navigate through a network after gaining initial access.
Living off the Land (LOTL)
A Living Off the Land attack describes a cyber-attack technique where threat actors exploit legitimate, pre-installed system tools to achieve their malicious objectives.
Longlining
Longlining attacks are mass customized phishing messages that are typically engineered to look like they are only arriving in small quantities, mimicking targeted attacks.
Machine Learning
Machine learning is a core subset of artificial intelligence that trains computer systems to learn from data inputs and improve autonomously without being explicitly programmed.
Malicious Email Attachments
Malicious email attachments are files sent with emails designed to compromise or damage the recipient’s computer system or exfiltrate sensitive information.
Malware
Malware is a common cyber-attack and an umbrella term for various malicious programs delivered and installed on end-user systems and servers.
Man-in-the-Middle Attack
A man-in-the-middle attack (MitM) is a form of data eavesdropping and theft where an attacker intercepts data from a sender to the recipient, and then from the recipient back to the sender.
Managed Security Service (MSS)
Managed Security Service (MSS) is a systematic approach to handling an organization’s security needs by outsourcing managing and monitoring security systems and devices to expert third-party providers.
Mimikatz
Mimikatz is an open-source credential extraction tool that allows users to view and harvest authentication credentials stored in Windows memory.
MITRE ATT&CK Framework
The MITRE ATT&CK Framework (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive intelligence repository of curated tactics and techniques leveraged by cyber adversaries to breach the security systems of organizations.
Mobile Security
Mobile security is the strategy, infrastructure, and software used to protect any device that travels with users, including smartphones, tablets, and laptops.
Model Context Protocol (MCP)
Model Context Protocol is an open standard that allows AI models to securely connect with external data sources and systems through a centralized interface.
Multicloud
Multicloud environments let businesses use solutions across cloud platforms, reducing downtime and failure rates.
Multifactor Authentication
Multifactor authentication (MFA) is an essential security protocol that requires two or more verification factors to access an account or system.
MX Record
A Mail Exchange (MX) record is a specialized DNS record that directs email messages to the appropriate mail servers for a domain.
National Cybersecurity Awareness Month
Since 2004, a group of government and private organizations gather to help bring more awareness to cybersecurity and data privacy.
Natural Language Processing (NLP)
Natural Language Processing (NLP) is a branch of artificial intelligence that equips computers with the ability to understand humans using natural speech, semantics, and vocabulary.
Network Security
In simple terms, network security is about implementing robust protective measures and sophisticated technologies to shield our networks from cyber threats.
Network-Delivered Threats
Network-delivered threats are typically of two basic types: (1) Passive Network Threats: Activities such as wiretapping and idle scans that are designed to intercept traffic traveling through the network and (2) Active Network Threats: Activities such as Denial of Service (DoS) attacks and SQL injection attacks where the attacker is attempting to execute commands to disrupt the network’s normal operation.
NIS2 Directive
The NIS2 Directive is the European Union’s updated cybersecurity legislation that aims to enhance the overall cybersecurity posture across the EU.
NIST Compliance
What Is NIST Compliance? Why NIST Compliance Is Important Elements of the NIST Cybersecurity Framework
NIST Cybersecurity Framework (CSF)
The NIST Cybersecurity Framework is a set of guidelines, standards, and best practices published by the US National Institute of Standards and Technology (NIST) to help organizations mitigate cybersecurity risks.
OAuth
OAuth (Open Authorization) is a protocol that allows a user to grant a third-party application access to their data without sharing their account password.
Open Source Software
Open-source software is a shared-based model where developers of an application provide the full codebase for a project instead of only a compiled project with executable files.
OPSEC (Operational Security)
Operational Security, commonly called OPSEC, is a risk management strategy and process that helps identify critical information adversaries could use to inflict harm.
Optical Character Recognition (OCR)
Optical Character Recognition (OCR) bridges the physical and digital worlds by transforming printed or handwritten text into machine-readable data.
OSI Model
The Open Systems Interconnection (OSI) Model is a conceptual framework that defines how networking systems communicate and send data from a sender to a recipient.
PaaS (Platform-as-a-Service)
PaaS is a cloud service model that delivers the full runtime stack over the internet.
Packet Loss
Packet loss can cause data corruption when transferring files across a network. Read to learn what causes packet loss, the definition, and prevention.
Pass-the-Hash Attacks
Pass-the-hash is a type of attack that takes advantage of how passwords are commonly stored to gain entry into secured systems without needing the actual password.
Password Protection
Password protection refers to the combination of policies, processes, and technologies that make passwords and authentication methods more secure.
Patch Management
A component of the Software Development Life Cycle (SDLC) is maintaining it, and patch management strategies handle the way updates and hotfixes are deployed among a network of devices.
PCI DSS
Payment Card Industry Data Security Standard (PCI-DSS) is a list of compliance standards containing policies around protecting consumer payment and financial data.
Penetration Testing
Penetration testing, or pen testing for short, serves as a proactive measure to identify vulnerabilities within an organization’s systems and networks.
Personal Identifiable Information
Personal Identifiable Information (PII) is a set of data that could be used to distinguish a specific individual.
Petya (NotPetya)
Petya is a family of encrypting malware that infects Microsoft Windows-based computers. Petya infects the master boot record to execute a payload that encrypts data on infected a hard drives' systems.
Pharming
Pharming is a term used to describe a type of cyber-attack that redirects users to fraudulent websites or manipulates their computer systems to collect sensitive information.
Phishing
Phishing is a common type of cyber attack that targets individuals through email, text messages, phone calls, and other forms of communication.
Phishing Simulation
A phishing simulation is a cybersecurity exercise where an organization sends fabricated yet realistic phishing emails to its employees to test their ability to recognize and respond to phishing attacks.
Predictive Analytics
Predictive analytics produces statistics and data modeling leveraged by businesses to make predictions.
Pretexting
Pretexting is a social engineering attack where the attacker creates a fabricated identity or scenario to persuade a victim to divulge confidential information, grant access to restricted systems, or perform actions they would otherwise not undertake.
Principle of Least Privilege (PoLP)
The Principle of Least Privilege (PoLP) emerges as a fundamental security strategy that mandates limiting access privileges for users, programs, or systems to only those essential for their legitimate purposes.
Privilege Escalation
Privilege escalation is when a threat actor gains elevated access and administrative rights to a system by exploiting security vulnerabilities.
Privileged Access Management (PAM)
Privileged Access Management (PAM) is a crucial aspect of cybersecurity that focuses on securing and managing an organization's privileged accounts.
Privileged Identity Management (PIM)
Privileged Identity Management (PIM) is a security solution that empowers organizations to oversee, control, and monitor the elevated access granted to users within their IT environment.
Prompt Injection
A prompt injection attack is a cybersecurity attack where malicious actors create seemingly innocent inputs to manipulate machine learning models, especially large language models (LLMs).
Protected Health Information (PHI)
Protected Health Information refers to any data that relates to an individual’s health status, healthcare services received, or payment details, combined with identifiable details that link the information to a specific person.
Public Cloud
A public cloud is a model wherein a third-party provider hosts any “as-a-service” technology, including hardware, software, monitoring and logging solutions, identity management, remote resources for at-home workers and other data center solutions.
Quishing (QR Phishing)
Quishing is a social engineering attack where cyber criminals exploit QR codes—two-dimensional barcodes that store data both horizontally and vertically—to redirect victims to malicious websites or trigger malware downloads.
Ransomware
Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker.
Ransomware-as-a-Service (RaaS)
Ransomware-as-a-Service, often abbreviated to RaaS or referred to as RaaS software, is a subscription-based business model that enables hackers to use pre-developed ransomware tools.
Real User Monitoring
Real user monitoring (RUM) is used to understand and optimize user experience, but it’s also useful in threat monitoring. Learn what it is, how it works, and more.
Red Team
A red team is a group of authorized security professionals who emulate potential adversaries’ tactics and techniques to test an organization’s cybersecurity defenses.
Regulatory Compliance
Regulatory compliance is a set of rules organizations must follow to protect sensitive information and human safety.
Remote Access Trojan
Malware developers code their software for a specific purpose, but to gain remote control of a user’s device is the ultimate benefit for an attacker who wants to steal data or take over a user’s computer.
Retrieval-Augmented Generation (RAG)
RAG is a technique that enhances generative AI by pulling in relevant information from trusted external sources before producing answers.
Root Cause Analysis (RCA)
Root Cause Analysis is a systematic problem-solving methodology that identifies the underlying causes of incidents rather than addressing superficial symptoms.
SaaS (Software as a Service)
SaaS is a cloud-based software delivery model where applications are hosted by a provider and accessed online through web browsers or mobile apps.
SaaS Security Posture Management (SSPM)
SaaS Security Posture Management (SSPM) is a specialized security system for securing third-party SaaS applications by continuously assessing usage, configurations, access controls, and compliance gaps.
Sandbox
In the world of cybersecurity, a sandbox environment is an isolated virtual machine in which potentially unsafe software code can execute without affecting network resources or local applications.
SASE
Secure Access Service Edge (SASE) is an emerging technology that merges traditional IT infrastructure with cloud services to support a range of users and their locations.
SD-WAN
A Software-Defined Wide Area Network (SD-WAN) leverages software optimization to control how a network operates instead of the stereotypical hardware infrastructure that uses an “on or off” environment to direct traffic.
SEC’s Cybersecurity Disclosure Rules
The SEC’s cybersecurity rules aim to bridge the gap between evolving digital threats and investor protection, treating cyber risks as foundational to market integrity.
Secure Email Gateway (SEG)
An email gateway is a type of email server that protects the internal email servers of organizations or users.
Security as a Service
Security as a Service (SECaaS) is a component of cloud computing where applications run on a remote host server, but the service integrates with local IT infrastructure, including client devices.
Security Awareness Training
In broad terms, you could think of security awareness training as making sure that individuals understand and follow certain practices to help ensure the security of an organization.
Security Information and Event Management (SIEM)?
SIEM equips organizations with real-time visibility into their IT infrastructure and cybersecurity environment.
Security Orchestration Automation & Response (SOAR)
SOAR—or security orchestration, automation and response—refers to a set of compatible tools and software programs that enable organizations to streamline their security operations by automating tasks and orchestrating workflows.
Security Service Edge (SSE)
Security Services Edge (SSE) is a new strategy introduced by Gartner in 2021 to improve data protection in cloud environments.
Sender Policy Framework (SPF)
The Sender Policy Framework (SPF) is an email authentication protocol designed to prevent email spoofing, a common technique used in phishing attacks and email spam.
Sendmail
Sendmail is a server application that gives businesses a way to send email using the Simple Mail Transfer Protocol (SMTP).
Sensitive Data
Sensitive data defines any information that requires protection from unauthorized access, disclosure, or misuse due to its potential to cause harm to individuals, organizations, or national interests.
Session Hijacking
Session hijacking is a cyber-attack method where adversaries intercept or steal valid session tokens (like cookies or authentication IDs) to impersonate legitimate users and gain unauthorized access to systems, applications, or data.
Shadow IT
Shadow IT refers to the situation in most organizations where users deploy cloud-connected apps or use cloud services within the enterprise environment without the IT department’s knowledge or consent.
SIM Swapping
SIM swapping—also called SIM hijacking or port-out fraud—is an account-takeover technique that redirects a victim’s mobile service to a SIM card under the attacker’s control.
Single Sign-On (SSO)
A single sign-on (SSO) is an authentication process that allows users to access multiple applications with one set of credentials.
Smishing
Smishing is a form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.
SMTP Relay
Simple Mail Transfer Protocol (SMTP) is the foundational protocol that facilitates the transmission of email messages between servers across the internet.
SOC (Security Operations Center)
A Security Operations Center (SOC) is a specialized facility in an organization dedicated to managing and responding to cybersecurity threats.
Soc2 Compliance
SOC2, or Service Organization Control 2, is an auditing procedure that ensures service organizations manage data in a manner that safeguards their interests and their clients’ privacy.
Social Engineering
The biggest weakness in a cybersecurity strategy is humans, and social engineering takes advantage of a targeted user’s inability to detect an attack.
Social Media Archiving
Social media archiving is the systematic capture, preservation, and storage of all social media communications and activities for compliance, legal, and business purposes.
Social Media Protection
Social media protection solutions prevent unauthorized access to your social media accounts, help you find accounts posing as your brand or executives and shield customers from malicious social media content.
Social Media Threats
Social media offers an outlet for people to connect, share life experiences, pictures and video. But too much sharing—or a lack of attention to impostors—can lead to a compromise of business and personal accounts.
Software Defined Perimeter
A software-defined Perimeter (SDP) is a security methodology that controls access to resources based on identity and forms a virtual boundary around networked resources.
SOX compliance
SOX compliance refers to meeting the law’s requirements for maintaining accurate financial records, implementing robust internal controls, and ensuring the security and integrity of financial data.
Spam
Spam email, also known as Unsolicited Commercial Email (UCE), is unwanted and questionable mass-emailed advertisements.
Spear Phishing
Spear phishing is a highly targeted form of phishing designed to deceive individuals or organizations into revealing sensitive information.
Spoofing
Spoofing is a common tactic threat actors use to disguise an unknown or unauthorized source of communication or data as being known and trusted.
Spyware
Spyware is a specific malicious software (malware) installed on a computing device without the end user’s awareness.
SQL Injection (Structured Query Language)
SQL injection (often abbreviated as SQLi) is a cyber threat that targets applications that use SQL (Structured Query Language) databases.
SSTP
The Secure Socket Tunneling Protocol (SSTP) is a common protocol used in Virtual Private Network (VPN) connections.
Stale Data
Stale data refers to outdated, unused, or irrelevant information that remains stored in organizational systems.
Supplier Chain Risk Management
Protecting intellectual property (IP) from theft and safeguarding data takes more than cybersecurity on your systems.
Supply Chain Attack
A supply chain attack is a highly effective way of breaching security by injecting malicious libraries or components into a product without the developer, manufacturer or end-client realizing it.
Supply Chain Security
Supply chain security encompasses the strategies, protocols, and technologies that protect an organization’s entire network of resources, processes, and partnerships from malicious attacks and unauthorized access.
Synthetic Identity Fraud
Synthetic identity fraud is a sophisticated financial crime that involves fabricating a fictitious identity using real and made-up personal information.
Tactics, Techniques, & Procedures (TTP) Security
Tactics, Techniques & Procedures (TTPs) refer to the patterns of activities or methods associated with specific threat actors or groups of threat actors.
Tailgating Attacks
A tailgating attack is a breach of security where an unauthorized actor gains access to a controlled area by closely following someone with legitimate access credentials.
Telemetry
Telemetry automatically collects, measures and transmits data from remote sources to a central location for monitoring and analysis.
Thin Client
A thin client is a basic computing device that runs services and software from a centralized server.
Threat Actor
A threat actor is any inside or external attacker that could affect data security.
Threat Intelligence
Threat intelligence protects businesses from threats by monitoring attackers, their malware and more. Learn how Threat Intelligence works and how it can protect you.
Time-Based One-Time Passwords (TOTPs)
Time-based One-Time Passwords (TOTPs) are temporary passcodes used to fortify the user authentication processes.
Trojan Horse
A Trojan Horse, or simply Trojan, is a type of malicious software that disguises itself as legitimate software in order to gain access to a computer system.
Typosquatting
Typosquatting, also known as URL hijacking, is an opportunistic cybercrime that capitalizes on internet users making typing errors when inputting a website address.
UEBA
User and entity behavior analytics (UEBA) is a powerful tool in cybersecurity that detects unusual behavior from traffic patterns on the network.
Unstructured Data
Unstructured data refers to information that lacks a predefined data model or structure, making it challenging to process and analyze through conventional data tools and methods.
Vishing
Vishing has become a mounting cybersecurity threat that leverages phone calls and voice communication to deceive individuals into revealing sensitive information.
VPN
A Virtual Private Network (VPN) adds security and anonymity to users when they connect to web-based services and sites.
Vulnerabilities
In cybersecurity, a vulnerability refers to any flaw or weakness in a system’s design, implementation, operation, or management that an attacker could exploit to gain unauthorized access or cause harm.
WannaCry
WannaCry was a ransomware attack discovered in May 2017 that struck corporate networks worldwide running Microsoft Windows as part of a massive global cyber attack.
Watering Hole
A watering hole attack is a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site.
Web Proxy Server
An organization uses a web proxy server for cybersecurity and performance reasons including anonymizing internal IP addresses and caching content for better data transfer speeds and less bandwidth usage.
Web Security
Web security aims to safeguard data and network resources from online threats.
Whaling Attacks
A whaling attack is a sophisticated form of phishing that specifically targets high-ranking executives, such as CEOs, CFOs, and other C-suite members who possess privileged access to sensitive data and financial resources.
Wi-Fi
Wi-Fi is based on using radio waves and wireless technology, allowing users great mobility and flexibility for connectivity.
Zero Trust
Designed in 2010, a zero trust network assumes every user – whether internal or external – could be an attacker; therefore, every request for network resources must be from an authenticated, authorized, and validated user.
Zero-Day Exploit
A zero-day vulnerability is a term given to a security flaw never previously seen in the wild.
Zeus Trojan (Zbot)
The Zeus Trojan is one of the oldest malware programs used to steal targeted victims’ banking details. The creator sold the Zeus code to a competitor, but several variants were released for years.
