- Netenrich
- Glossary
Netenrich
Glossary
Advanced persistent threat
An APT or an advanced persistent threat is a stealthy threat actor that gains illegal access to a computer network and remains hidden for a prolonged period. An APT is typically a nation-state or state-sponsored group. Their main purpose is mainly political or economic. Every major business sector has recorded instances of cyberattacks by APTs seeking to steal, spy, or... More
Agile IT
Agile IT refers to IT operations that enable teams to adapt to changing requirements and consistently handle the complexities of emerging technologies. Although agile methodologies are usually synonymous with software development teams sprinting to code, test, and release products and applications, IT service delivery can also benefit by connecting development, security, and operations teams, instead of limiting them to organization... More
Alert correlation
IT operations are more complex than ever owing to heterogeneous environments and increasing tool stack. It requires a breadth of IT monitoring capabilities to quickly identify and resolve critical issues before they wreak havoc on the business. But alert volumes captured from different monitoring tools become overbearing. IT teams become frustrated with "alert fatigue" because they have to sort through and triage individual events... More
Alert fatigue
Alert fatigue or alarm fatigue occurs when IT teams are exposed to a large number of frequent alarms (alerts) that consequently become desensitized. It leads to longer response times or missing essential alarms. Large volumes of alarms, especially false ones, result in several unintended outcomes. Some consequences are a disruption in IT services, anxiety in teams, distrust in monitoring systems, and missed critical events. Some additional... More
Alert noise
Alert noise is listed as one of the biggest problems faced by DevOps teams. 79% of IT Ops personnel listed reduction in alert noise as one of their top priorities. False alarms pull time and resources away from issues that truly need to be addressed. It is compounded if you're receiving false alerts at the same time as the right alerts. ... More
Anomaly detection
Anomaly detection is the process of distinguishing a genuine security alert from false positives alerts in a SOC (Security Operations Center). Anomalies are a strong indicator of cyber threat triggered by unexpected but legitimate malicious actions.... More
Antivirus
A software that has been designed to detect and prevent contagions like viruses and malware from affecting your systems. Originally, the antivirus software was used for removing computer viruses. However, they slowly got more sophisticated as the cyber threats themselves got more potent. Antivirus software eventually started to provide protection from browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, etc. While... More
Artificial intelligence
The simulation of human intelligence in machines so that they programmed to think and act like humans. Artificial intelligence or AI plays a key role in modern industries and organizations. Netenrich’s goal is to provide highly-contextualized, resolution intelligence that comes via the confluence of artificial and human intelligence. Netenrich’s Attack Surface Intelligence uses impact analysis to measure the severity of potential threats and empowers your... More
Asset
Any data, device, or other components of the environment that supports information-related activities. When it comes to an organization's ecosystem, an asset is a component (such as data or device) that supports information-related activities. Assets generally include hardware (e.g. servers), software (apps), and confidential information. Your SOC team must be able to guarantee the Confidentiality, Integrity, and Availability of assets from... More
Asset governance, risk management, and compliance
Governance, risk management, and compliance aim to assure an organization reliably achieves objectives, addresses uncertainty, and acts with integrity. Governance is the combination of processes established and executed by the leaders in the company that is reflected in the organization's structure. Risk management is predicting and managing IT asset risks that could hinder the company from reliably achieving its objectives... More
Asset lifecycle management
Asset lifecycle management is the process of increasing organizational productivity by helping them make informed decisions on IT needs and services. IT teams can make better purchasing decisions by looking at various assets and their lifecycle stages. If a particular asset is about to expire, and if it's already in the inventory, teams will have more lead time to order... More
Asset risk intelligence
IT asset risk intelligence is the organization's ability to gather insights across its systems that help identify uncertainties; present them in the business context; enable the firm to make more informed business and security decisions in a proactive manner. To manage asset risks effectively, such as the criticalities of business processes and enterprise infrastructure, including applications, servers, network devices, data... More
Attack surface
The potentially vulnerable points that exist across all software, hardware, firmware, and networks of your company. Your goal is to keep your attack surface as small as possible. An organization's attack surface is a term that describes all the potentially vulnerable points that exist across all software, hardware, firmware, and networks of your company. It is the sum of different attack... More
Attack Surface Exposure
Through continuous monitoring, Resolution Intelligence Cloud’s Attack Surface Exposure (ASE) feature lets you find — and act fast to fix — hidden risks across your digital exposure on domains, certificates, open ports, vulnerabilities, misconfigurations, and more.... More
Attack Surface Management
Attack surface management (ASM) is about how organizations can proactively identify, address, and minimize potential vulnerabilities across their entire digital infrastructure.... More
Attack vector
In cybersecurity, an attack vector is the specific path or method a threat actor uses to breach your network or system.... More
Automate incident response
An automated incident response strategy enables your organization to be in a better position to take strong and quick actions in the event of an unexpected downtime to limit its effect on the overall business. Automation expedites typical repetitive tasks and responses, so little to no human intervention is required to detect and respond to incidents. Automation in incident response also helps... More
Autonomic computing
Autonomic computing refers to a machine, a device, or software that can operate with minimal or no human control, that is, it can operate independently. In addition, it is built to manage, heal, optimize, and protect itself automatically using autonomic systems.... More
Autonomic digital operations
Autonomic Digital Operations (ADO) is an approach that leverages digital technologies, such as artificial intelligence (AI), to create self-managing and self-optimizing models within IT operations.... More
Autonomic security operations
Autonomic security operations (ASO) is a new approach to security operations. It attempts to overcome the increasing challenges faced by traditional SOCs. ... More
Autonomous computing
Autonomous computing means that a machine, a device, or software can operate with little or no human control — in short, it can independently.... More
Behavioral modeling
Behavioral modeling involves creating mathematical or computational models that simulate and predict human behavior. When applied to cybersecurity, organizations can better detect and prevent potential cyber threats by analyzing and understanding the patterns and behaviors of personnel, including system administrators, software developers, and end users.... More
Blind spot
A blind spot is a hidden threat in a heterogeneous IT environment—something teams don't even know exist. And they have no way to get visibility into it until an outage happens. Ineffective monitoring capabilities and manual processes fail to shed light on these blind spots. They remain dormant for years until suddenly an issue crops up. Blind spots hinder root-cause analysis, which... More
Blue teaming
A blue team is comprised of career incident response professionals who guide an organization’s IT and security teams through the various steps of an incident response.... More
Botnet
A group of computers that have been compromised by malicious code and is now remotely operated by attackers. Botnet can be used to execute a bunch of attacks like DoS flooding, spamming, DNS spoofing, etc. The term botnet is a combination of the words "robot" and "network." It is a collection of devices or "bots" such as computers, phones, or IoT... More
Brand exposure
Bad actors can damage an organization’s reputation and credibility in many ways. For example, they can spread false information, post negative reviews, or create fake websites or social media accounts. They can also sell counterfeit products on digital marketplaces and in application stores.... More
Brute force attacks
A brute force attack is a cryptographic hack wherein the attacker manually guesses the different possible combinations of a targeted password and repeats the process until they land on the correct combination. A longer password will require more sophisticated combinations. Brute force attacks are not the most efficient approach, but it's one of the easiest attacks to execute. As a part... More
Bug
A bug is a flaw or vulnerability in the software or hardware design that can be potentially exploited by the attackers. These security bugs can be used to exploit various vulnerabilities by compromising – user authentication, authorization of access rights and privileges, data confidentiality, and data integrity. Security bugs are caused by the lack of the following – basic/advanced dev training,... More
Bursty traffic
Unexpected or sudden network traffic volume peaks and troughs based on seasonal factors are commonly referred to as bursty traffic. Bursty traffic can create negative customer sentiment if not identified early and resolved.... More
BYOD
A company policy that dictates whether or not employees can bring in their own devices to work. Bring your own device (BYOD), aka bring your own technology (BYOT) is a movement wherein organizations allow their employees to bring and use their own device over an officially provided one. This policy has been a huge hit with startups and smaller companies who... More
Clickjacking
Clickjacking is a malicious technique that tricks a user into clicking on a malicious link, potentially revealing confidential information or giving up control of their computer to a third-party. The attacker can manipulate the user's computer by taking advantage of vulnerabilities present in applications and web pages. Let's take a simple example to see how clickjacking works. On a clickjacked page,... More
Cloud operations
The process of managing the delivery and optimization of cloud infrastructure and services is cloud operations or CloudOps. The important components of cloud operations include maintaining availability, performance and cost optimization, adhering to compliance, and meeting SLAs.... More
Command & control
A command-and-control [C&C] server is by an attacker to remotely send commands to systems compromised by malware. In exchange, they can receive stolen data from the victim right on the C&C servers. C&Cs tend to hide in plain sight by blending in with normal traffic to avoid any detection. Some malware can remain undetected for ages, stealing your data, and... More
Common Vulnerabilities and Exposures
Common Vulnerabilities and Exposures (CVE) is an online database of attacks, exploits, and compromises maintained by the MITRE organization. This system was officially launched for the public in September 1999. CVEs are assigned by a CVE Numbering Authority (CNA).... More
Configuration change management
With growing network complexity, multiple configuration changes take place daily. Network admin can carry out the changes manually. But there is a high possibility that manual changes might lead to errors, resulting in faulty configurations. Consequently, it is easily prone to vulnerabilities which might even cause a network downtime. Also, in a hybrid network environment consisting of thousands of devices... More
Credential stuffing
Credential stuffing is a special form of brute force attack that works on a very simple assumption. Usually, users tend to keep one password across all their social media and email accounts. In this case, the attackers need only crack one primary account to gain access to everything else. As you can guess, this has serious identity theft repercussions. ... More
Cryptojacking
Cryptojacking is the unauthorized use of a user’s device to mine cryptocurrencies. Instead of spending capital on mining equipment, these attackers use their victim’s computational resources for free to mine cryptocurrencies. In Q4 2017, there was a sudden spike in the number of cryptojacking attacks. As per McAfee, the amount of cryptojacking incidents jumped from 500,000 in Q4 2017 to nearly 4 million by Q3... More
Cyber resilience
Cyber resilience is the ability to respond to, withstand, and recover in a timely manner from an unexpected outage or disruption to data or system accessibility caused by a cyber incident. It is a crucial aspect of cybersecurity and involves implementing strategies, processes, and technologies to minimize the impact of cyber threats.... More
Cyber risk
Failure in information services can cause put companies in the line of reputation damage, financial loss, and loss of business operations. A wide array of tactics can be used to exploit cyber risks within an organization, and some of them are. ... More
Cyber risk management
Cyber risk management is the process of identifying, assessing, and mitigating potential threats and vulnerabilities in the digital space. Cybersecurity risks can range from data breaches and cyberattacks to hacking and identity theft.... More
Cyber risk score
Cyber risk score is a measure of an organization's vulnerability to cyber threats and its ability to mitigate those risks. It is calculated based on various factors, such as the organization's security policies, the strength of its network defenses, and the level of employee training on cyber awareness.... More
Cyber situational awareness
With the constant evolution of technology and the ever-growing sophistication of cybercriminals, having a strong sense of cyber situational awareness is crucial for individuals, organizations, and governments. By being aware of the latest cyber threats, trends, and attack tactics, techniques, and procedures (TTPs), they can better drive risk mitigation and take other proactive measures to prevent cyberattacks from occurring.... More
Cyber threat
A cyber threat refers to any malicious activity that targets computer systems, networks, or internet-enabled devices with the intent to compromise their security, confidentiality, availability, or integrity.... More
Cybersecurity
Network and data are sensitive for any business, and security analysts go to great lengths to ensure complete safety from cybercriminals. The traditional approach of managed detection and response using multiple tools is changing due to the evolving digital IT landscape. Business leaders are now actively seeking proactive solutions, instead of just being reactive to persistent and advanced cyber threats.... More
Cybersecurity Mesh Architecture (CSMA)
Cybersecurity Mesh Architecture (CSMA) is a composable and scalable approach to extending security controls, even to widely distributed assets. Its flexibility is especially suitable for increasingly modular approaches consistent with hybrid multicloud architectures.... More
Data analytics
Data analytics is used by enterprises to extract valuable insights and develop a deep understanding of the patterns existing in raw data. However, many small and mid-sized enterprises have problems in terms of analyzing data from multiple tools in their ITOps. Making sense of data derived from multiple touchpoints in real-time is critical to meeting customer expectations. Operations teams need solutions to make sense... More
Data breach
A data breach is an intentional or unintentional release of internal data made available to external entities without authorization. Data breaches can also be termed as unintentional information disclosure, data leak, information leakage, and also data spill. Data breaches can be very costly to your organization both financially and reputation-wise. ... More
Data contextualization
Data contextualization means adding related information to any data to make it more actionable. Trends, patterns, and correlations stand out against a background of context. When you start integrating data into various sets that provide context for IT events, you get a lot more value from the data. Contextualization is crucial to delivering and maintaining quality services. But, the seamless... More
Data engineering
Data engineering is the process of designing, building, managing, and optimizing the infrastructure that enable the collection, storage, and processing of large volumes of data. This infrastructure can include databases, Big Data repositories, storage systems, cloud platforms, and data pipelines.... More
Data ingestion
Data ingestion is the process of collecting and importing various types of data into a system or database for further analysis and processing. It is like a gateway that allows organizations to gather and organize vast amounts of information from various sources, such as databases, APIs, IoT devices, and social media platforms.... More
Data insights
Data becomes valuable when you translate it into actionable insights. Achieving these insights starts with figuring out what you want from your data, finding its value. You need to understand the context, need, vision, and outcome of your data, and create a strategy for turning data into meaningful stories and business successes.... More
Data lake
A data lake is a unified repository that stores big data from multiple sources in its raw format. It can include structured, semi-structured, unstructured, and binary data. This allows data to be stored in a flexible format for later use and helps data scientists analyze it faster and more accurately.... More
Data warehouse
A data warehouse is an integral component of business intelligence where structured data is collated from one or more sources for analysis and reporting. It’s usually leveraged to correlate business data and deliver insights into organizational performance.... More
DDoS attack
DDoS attacks are a website and/or business disruption tactic, with motives ranging from financial gain to political activism and potential impacts ranging from financial losses, reputational damage, and critical service downtime.... More
Detection engineering
Detection engineering is the process of designing and implementing systems, tools, and processes to help uncover security risks and threats in computer networks, software systems, and other digital environments.... More
DevOps
DevOps refers to the culture of combining “development” and “operations” for rapid IT service delivery. It requires the adoption of agile principles, collaboration between teams, and utilizing automation to shorten the software development life cycle by enabling fast feedback loops for deployment of new features or fixes.... More
Dictionary attacks
Dictionary attacks are the most common among brute force attacks. The idea behind this is pretty simple: use a list of words in the dictionary to crack passwords. Attempts typically begin with assumptions about common passwords (like “password,” “12345,” etc.) and to guess the correct one from the list in the dictionary. ... More
Digital customer experience
The term digital customer experience refers to the sum of all digital interactions between a company and a customer, forming an impression of your brand. The touchpoints across the digital experience may include website, apps, chatbots, social media, customer support channels, IoTs and more.... More
Digital experience monitoring
Digital experience monitoring is a performance analysis practice that helps in optimizing the user experience with applications and services delivered by an organization. The digital experience of customers and employees is a critical business outcome and it’s important to monitor its impact, instead of just application or infrastructure performance.... More
Digital footprint
The organization's digital footprint encompasses all the traceable digital activities, actions, contributions, or communications across the internet or on devices. With the increased incorporation of cloud infra and services, it's becoming increasingly difficult to track the organization's footprint. An organization's cybersecurity strategy can be considered robust only if it monitors all the unique digital footprints across all business lines and... More
Digital operations
Digital operations are the processes and activities organizations develop and implement to manage and optimize their digital technologies and resources. In today’s rapidly advancing digital landscape, businesses across various industries are increasingly relying on digital operations to streamline enhance productivity and deliver seamless customer experiences.... More
Digital transformation
Digital transformation is the process through which new and existing business processes evolve with the integration of modern technologies and shift in organizational culture. The objective of digital transformation is to improve customer experience and meet latest business requirements.... More
Digitalization
Digitalization refers to the Digital Transformation of businesses and subsequently their IT organizations. It mandates the use of digital technologies to transform the business model and provide innovative revenue and value-generating opportunities while moving to a future-ready paradigm.... More
Distributed architecture
A distributed architecture supports distributed systems by connecting components to achieve a common goal. These may include physical servers, computers, network devices, containers, and virtual machines working as a single unit.... More
Dynamic capacity orchestration
Dynamic capacity orchestration refers to facilitating rapid deployment and automation across hybrid physical and virtual networks. Companies leverage dynamic capacity orchestration to achieve faster time to market and better service delivery.... More
Dynamic operations
Dynamic operations are an integral component of modern hybrid environments that are fluid and temporal, allowing applications to be available continuously through virtualization. Dynamic ops facilitate automated provisioning, intelligent prioritization and scheduling, and integrations for holistic infrastructure management.... More
Dynamic thresholds
Dynamic thresholds represent bounds of an expected data range for a particular alert. Unlike static alert thresholds that are assigned manually, dynamic limits are calculated by anomaly detection algorithms and continuously trained by an alert's historical values. When dynamic thresholds are enabled, alerts are dynamically generated when these thresholds are exceeded. Simply put, alerts are generated when deviations or anomalies... More
Dynamic workloads
Dynamic workloads are an important component in hybrid cloud systems that require rapid resource changes to address modern computing demands. Workloads in such virtualized environments need proactive management to ensure better availability, scalability, and cost optimization.... More
External threats
An external threat refers to any potential danger or risk that originates from outside an organization. These threats can come in various forms, such as cyberattacks, natural disasters, economic downturns, or even competitors trying to undermine the success of a business.... More
Firmware upgrade
More than 65% of companies don’t know which devices to patch first. Even with the appropriate prioritization, manual patching slows everything down. Delayed firmware upgrades create a severe impact on your network and cause downtime. Devices like routers and switches that are not updated to the latest firmware version fail to perform. Consequently, device may underperform and lead to poor... More
Hybrid cloud
Infrastructure that links a private cloud (controlled by the user) and at least one public cloud (managed by a cloud service provider) constitutes a hybrid cloud. A hybrid cloud setup helps businesses leverage the scalability and cost savings of public cloud while ensuring business critical applications and their data remain on-premise.... More
Hyper converged infrastructure (HCI)
HCI is an IT platform that brings together computing, storage, and networking into a unified system to minimize complexity and enhance scalability. These platforms leverage a hypervisor for virtualized computing, software-defined storage, and virtual networks while running on standard servers. Numerous nodes can be combined to create pools of common compute and storage resources, built for easier consumption.... More
Incident management
Any event that can lead to loss or disruption of an organization's operations, services, or functions is known as an incident. Incident management is a collective term that describes all the activities of an organization to identify, analyze, and correct issues that may lead to a future catastrophe. Incident management allows you to limit the disruption that may be caused by... More
Incident Response
Incident response involves identifying, analyzing, and responding to cybersecurity incidents in a timely and coordinated manner to minimize their impact on an organization’s operations and assets.... More
Infrastructure as code (IaC)
Infrastructure as code (IaC) means to replace physical hardware configuration or interactive configuration tools with configuration code files. Before IaC, IT operations teams would have to manually change configurations to manage infrastructure, which was a tedious process.... More
Infrastructure monitoring
Often IT infrastructures are comprised of multiple locations that include both public, private, and hybrid cloud deployments. But most IT teams fail to identify blind spots in their environment and correlate problems before they affect end-users. This hampers the productivity of the organization. IT monitoring becomes more complex as infrastructures become denser and more dispersed. IT infrastructure monitoring is the... More
Intelligent routing
Intelligent routing in the cyber realm typically refers to the use of advanced algorithms and technologies to efficiently direct and manage alerts and notifications.... More
Internal threats
An internal or insider threat refers to the risk posed to an organization by its own employees, contractors, or partners who have authorized access to its systems, networks, or data.... More
IT asset
An IT asset is a hardware or software within an IT environment. Not that tracking of IT assets within an IT asset management system is crucial to the operational as well as the financial success of an enterprise. IT assets are integral components of the organization's systems and network infrastructure. An undeniable fact about IT assets is that they have... More
IT change risks
IT change risk arises from an organization's inability to manage IT system changes in a timely and controlled manner, especially for large and complex change programs. Inadequate controls lead to incidents that go undetected. Systems become vulnerable due to a lack of testing or improper change management practices. For example, the release of insufficiently tested software or configuration changes can have... More
IT coverage
IT coverage refers to the extent to which enterprise IT has control and visibility over the entire operations and infrastructure landscape of the business. IT teams are finding it hard to get complete coverage over ops, due to complicated and ever-expanding hybrid architectures and the increasing threat of shadow IT.... More
IT downtime
For organizations of all sizes, IT downtime means a decrease in productivity and negative customer experience, both of which impact the bottom line. To prevent downtime, it's important to understand the root-causes of incidents and leverage intelligent workflows to safeguard your organization. Human error and security are the top two causes of IT downtime. Combined, these issues hamper productivity, collaboration,... More
IT service catalog management
The service catalog is an integral component of IT service delivery and constitutes a central repository of available services for customers. These services are part of the IT service portfolio and are already in development or are ready for deployment. Managing the IT service catalog requires optimizing the end-customer experiences so they can initiate service requests with ease, while also... More
ITOM
IT operations management (ITOM) consists of handling all technology components and application requirements for an organization. This ranges from provisioning IT infrastructure, performance, security, availability, cost optimization and capacity planning for all IT assets and infrastructure.... More
ITOps
IT operations (ITOps) refers to the management and maintenance of an organization’s digital infrastructure and technology systems. It encompasses a wide range of tasks, including monitoring and troubleshooting network issues, managing servers and databases, ensuring data security and compliance, deploying patches and updates, and overseeing software and hardware installations.... More
KNOW threat intelligence
Netenrich’s threat intel platform, is a news aggregator that collates the most trending news articles in various categories. If KNOW detects the presence of a vulnerability in one group of articles, it immediately provides a small story card that provides you with all the information you need about the vulnerability, including helpful metrics like its common vulnerabilities and exposures score. ... More
Large language model
A large language model (LLM), also known as a deep learning model, has revolutionized the field of natural language processing. As an advanced artificial intelligence system, a large language model is designed to understand and generate human-like text.... More
MACD management
MACD is the acronym to move, add, change, or delete services in the enterprise communication network. MACD full form is Move, Add, Change or Delete/Disconnection of services (M, A, C, D). MACD management can be a hassle for service providers as it involves manual provisioning and can cause delays in taking new services to market.... More
Machine learning
Machine learning is a field of study that has transformed how we approach problem-solving and decision-making. It is a subset of artificial intelligence that utilizes algorithms and statistical models to enable computers to learn from data and make informed decisions or accurate predictions without being explicitly programmed.... More
Malware
Any code that has been written for the sole purpose of causing harm, violating privacy, or weakening system security is known as malware. It's designed to cause damage to a computer, server, client, or network. Malware varieties range from computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware. Antivirus software, firewalls, and other cybersecurity strategies can be... More
Managed Detection and Response
Managed Detection and Response (MDR) uses cutting-edge technology and expert human analysis to detect and respond to cyber threats in real time.... More
Managed intelligence
Managed intelligence helps enterprise IT teams address in-house skill gaps by plugging into professional expertise to avoid downtime, destabilization of operations, and potential loss of revenue. Dwindling IT budgets and lack of highly skilled talent are leading businesses towards managed intelligence for access to insights, context, and actionable remediation to enable seamless digital IT operations.... More
Managed security service (MSS)
Managed security service is one of the most common approaches taken by organizations to manage their security needs. The services can be outsourced to specialized companies like Netenrich to oversee the company’s network and infrastructure or it can be handled in-house by a dedicated team as well. MSS teams carry out round-the-clock monitoring of firewalls, intrusion detection, manage patch management and updates,... More
Mean time to detect (MTTD)
Mean time to detect (MTTD), which is the average time it takes for a system or organization to detect a cyber incident or anomaly, is an important indicator of how quickly and effectively that organization will be able to respond to, contain, and mitigate issues or breaches.... More
Mean time to resolve (MTTR)
Mean time to resolve (MTTR) is the average time it takes to resolve a cyber incident.... More
MITRE ATT&CK Framework
MITRE ATT&CK framework is a curated knowledge base of known adversary tactics and techniques. The data is pulled from publicly available cyber threat intelligence and incident reporting sources as well as research contributed by security analysts.... More
MSP transformation
Managed service provider (MSP) transformation refers to Netenrich’s partner solutions which help service providers optimize their service operations for growth and scale. Evolving customer requirements and complex environments have led to service providers facing challenges with maintaining a healthy margin from recurring managed services. MSP transformation addresses these challenges by helping partners reduce costs and deliver value to customers.... More
MSSPs
A managed security service provider (MSSP) is a third-party company that specializes in managing and monitoring an organization’s security systems and processes. They offer a range of services, such as firewall management, intrusion detection and prevention, antivirus and malware protection, vulnerability scanning, and more.... More
Multi-tenancy
Multi-tenancy is a software architecture that allows multiple tenants or users to share the same computing resources, while keeping their data completely isolated from each other. Imagine a large apartment building with multiple units, where each unit is occupied by a different tenant.... More
Network downtime
Network downtime is a period when a system (or services) is unavailable. The outage happens when a system fails to provide or perform its primary function. Reliability, availability, recovery, and unavailability are related concepts. A few minutes of disruption can have a significant impact, regardless of the size of your network and the type of business. According to Gartner, an... More
Network managed services
Network management services offer holistic support for the support and management processes for wide area networks (WAN) and local area networks (LAN). Network services are provided either remotely or on-site. Network management services consists of a variety of individual services including network monitoring of attached devices, network maintenance, monthly status reporting, implementation of firmware upgrades, and unified communication services. The combined... More
Network performance management
Network performance management refers to managing the service quality being provided to customers. There are a number of ways to measure the performance of a network. Performance measure encompass bandwidth monitoring (the maximum rate at which information can be transferred), throughput (the actual rate of information transmission), latency (delay caused while transmitting a signal), jitter (variation in packet delay at... More
Network virtualization
Network virtualization combines multiple physical networks to one virtual, software-defined network. It can also divide one physical network into separate, independent virtual networks. Physical resources in the network, including routers and switches, are accessible by any user via a centralized management system. Virtualization also enables automation of multiple administrative tasks, reducing manual errors and provisioning time. It provides greater network efficiency and productivity.... More
Next-gen firewall
A next-generation firewall combines a traditional firewall with other network device filtering functions – including an application firewall using deep packet inspection (an intrusion prevention system.) It is part of the third generation of the firewall technology. 97% of organizations believe managing can improve capabilities such as visibility, threat prevention, reducing surface vulnerability, and response. But most modern firewalls won’t provide adequate visibility... More
Open ports
In computer networking, a port is a communication endpoint that allows your systems to communicate over the internet. Every IP address has two types – TCP and UDP ports. Any internet service requires a certain number of ports to be open to function. However, unattended, open ports invite a plethora of attacks and exploitations that you simply can’t afford. ... More
Operational visibility
360-degree operational visibility refers to monitoring of your system's operations, readiness, availability, and performance. It allows you to identify fluctuations in metrics and act on anomalies quickly. Many businesses continue to act with little operational visibility. Additional tooling and infrastructure for metrics and logs don't always have clear benefits. They are not always first-to-know and find out about problems from... More
OWASP
OWASP or the “Open Web Application Security Project” is an online community that’s focused on understanding web technologies and exploitations. They produce freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP Foundation, a 501(c)(3) non-profit organization in the US established in 2004, supports the OWASP infrastructure and projects.... More
Patch
A patch is a piece of software that a company releases to fix any errors in the original software. The name pretty much describes what it does, as it covers up the flaws and prevents it from getting exploited by hackers. It is generally considered best practice to stay up-to-date on all your patches and fixes.... More
Penetration testing
Penetration testing is also known as pen testing is a simulated cyberattack against your own computing system. This testing approach is specially designed to help enterprises identify exploitable vulnerabilities before the attackers do. Usually, penetration testing is done to help augment WAF (web application firewall).... More
Phishing
Phishing allows an attacker to obtain sensitive information such as usernames, passwords, and credit card details. They do so by posing as a non-threatening entity and communicating via email or text messages. Phishing has become smarter now than ever before. When it comes to this new wave of phishing attacks, the following two methods are on the rise - clone... More
POC/POV
A proof of concept showcases the feasibility and viability of a concept or technology during the development lifecycle. It demonstrates that the idea can work in practice. Essentially, a proof of concept is a prototype that tests the core functionality and viability of an idea in a controlled environment before investing significant time, effort, and resources into its full-scale implementation.... More
Predictive incident management
Companies are generating vast amounts of data associated with business operations. But they are also facing a complicated and ever-expanding array of operational risks to identify and mitigate risks in their environment proactively. This makes incident management a challenge for smooth business operations. Predictive intelligence become useful for total predictive incident management. Predictive incident management analyzes large data sets to... More
Predictive insights
Predictive insights are an important component of AIOps. It uses organizational data and analytics to glean insights on device behaviors, patterns, data flows, and trends, to predict situations or incidents. Predictive insights help businesses solve complex problems and rely on data-driven decisions for better risk management.... More
Ransomware
Ransomware is one of the most dangerous and popular malware types out there. Starting from 2012, the number of ransomware scams have gone up exponentially. The core idea is to take your victim's data hostage and threaten to leak it until a certain amount of money is paid to you. The ransom is usually paid in cryptocurrency - mainly Bitcoin... More
Recovery point objective (RPO)
The amount of data that can be lost before major damage is incurred by the business after a disaster is referred to as the RPO, expressed in the duration of time preceding the most recent backup. RPO provides the tolerable limits for performance when it comes to data lost or not backed up during the period.... More
Recovery time objective (RTO)
After a business disruption the targeted duration and service level within which a process must be restored to its standard state is the RTO. The main objective of an RTO is to eliminate critical consequences due to interrupted business continuity.... More
Red teaming
Red teaming is a full scope attack simulation used by enterprises to measure how well an organization’s people, network, physical security controls, and applications can withstand an attack from the real adversary. In simple terms, red teaming can be said to be ‘ethical hacking’. Using this simulation, the independent security teams can test how well an organization is equipped to... More
Resolution Intelligence Cloud
Resolution Intelligence Cloud™ is a native cloud data analytics platform for managing security and digital operations at service-provider scale. ... More
Response engineering
Response engineering emphasizes automation of routine response tasks and orchestration of security technologies to streamline incident response and mitigate the impact of security incidents.... More
Reverse brute force attack
The reverse brute force attack targets a common password instead of a specific user using a common group of passwords against a list of possible usernames. For example, a simplistic option such as “password” may be used to brute force a username that goes with it. As with normal brute force attacks, reverse brute force attacks can be used to... More
Risk analysis
Risk analysis involves identifying potential risks and vulnerabilities that bad actors could exploit, evaluating their likelihood and impact, and developing strategies to mitigate or manage them effectively.... More
Risk mitigation
Risk mitigation refers to the actions taken to reduce or prevent the negative impacts of a particular event or hazard. Risk mitigation can be applied to various scenarios, such as natural disasters, climate change, and cybersecurity threats.... More
Risk operations
Risk operations (RiskOps) is the practice of identifying and assessing potential risks and hazards, understanding their potential impact to the business, developing risk mitigation strategies, and implementing measures to prevent or minimize impact. The goal of risk operations is to provide a structured framework that can help ensure an organization operates in a safe, secure, and efficient manner while also remaining in compliance with industry and/or government regulations.... More
Risk prioritization
Risk prioritization is the process of identifying, assessing, and ranking risks based on their potential impact and likelihood of occurrence. Prioritizing risks is essential because not all risks are created equal; some may pose a greater threat to the organization’s objectives or have a higher probability of happening.... More
Risk qualification
Risk qualification is the process of evaluating and analyzing the potential risks associated with a project, initiative, or decision. It involves identifying and categorizing risks based on their likelihood of occurrence and potential impact on the desired outcome.... More
Risk quantification
Risk quantification refers to the process of measuring and evaluating the potential risks including likely business impact associated with a particular event or decision. By quantifying risks, organizations and individuals can gain a better understanding of their exposure and take appropriate actions to mitigate or minimize the potential negative consequences.... More
Risk resolution
Risk resolution refers to the process of identifying, assessing, and addressing potential risks in order to minimize their impact on a project or organization. It involves analyzing potential threats and vulnerabilities, developing mitigation strategies, and implementing measures to prevent or mitigate the identified risks... More
Risk scoring
Risk scoring is a method used to assess the level of risk associated with a particular event or situation. The process involves evaluating various factors and assigning a numerical score to determine the likelihood of a negative outcome occurring.... More
Root-cause analysis
A root-cause is a factor that causes an incident and should be permanently eliminated through process improvement. The root-cause can be defined as the core issue—the highest-level cause—that sets in motion the entire cause-and-effect reaction that ultimately leads to the incident. Root-cause analysis is a collective term that describes a wide range of strategies, tools, and techniques used to uncover the causes of... More
Scale IT
Scaling IT operations refers to the process of optimizing IT tasks and workflows to be more flexible and accommodate future growth and success. Businesses must balance the need for ops that can quickly ramp up and down according to temporary requirements while delivering efficiency and higher productivity.... More
Secure operations
Secure operations is a holistic or 360 degree approach to digital operations and cybersecurity. It aspires to improve cyber resiliency and reduce business risk efficiently and cost effectively, particularly at larger scales.... More
Security engineering
Security engineering is the systematic design, implementation, and management of security controls and measures to protect an organization’s digital assets and information. It involves a range of activities, including risk assessment, security architecture design, vulnerability management, and incident response planning.... More
Security misconfiguration
In layman's terms, security misconfiguration is failing to implement appropriate security controls for web or server applications. It could also mean implementing the security controls with errors. Often what companies may conclude as safe or unnecessary can expose them to dangerous risks. When configuration settings do not comply with industry security standards (OWASP top 10, and CIS benchmarks) it leads to security... More
Security posture
Security posture refers to an organization’s overall approach and readiness towards managing and mitigating security risks. It encompasses various elements, including policies, procedures, technologies, and people.... More
Security telemetry
In the context of security, telemetry refers to the remote measurement and collection of data from various sources within an IT infrastructure, including network devices, endpoints, applications, and cloud services.... More
Shadow IT
Shadow IT is the use of IT devices, systems, software, services, and applications without explicit IT department approval. Shadow IT has grown exponentially in recent years with the adoption of cloud-based applications and services. More than 40% of all IT spending at a company occurs outside the IT department. This growth is driven by the quality of consumer applications, such as... More
SIEM
SIEM or Security information and event management combine security information management (SIM) and security event management (SEM) to collect log data for analysis and reports on security threats and events. Plus, it conducts real-time system monitoring, notifies network admins about important issues, and establishes correlations between security events.... More
Signal analytics
Signal analytics involves analyzing data patterns or signals to extract meaningful insights, trends, or predictions. These signals come from a variety of sources.... More
Single pane of glass view
Single pane of glass solutions present data from multiple sources — whether that be across data centers or from the data center to the cloud — in a unified view. It gives you the ability to log in once and access the tools you need to do execute workflows; acquire security options that limit or expand an individual user's access... More
Situational awareness
Situational awareness quantifies risk based on likelihood of attack so your defenders can predict, intercept, and disrupt attacks based on impact.... More
Situations
Situations are aggregated or correlated sets of signals that offer a more comprehensive view of a potential security incident or threat.... More
SOC optimization
SOC optimization is the process of improving and enhancing the effectiveness, efficiency, and resilience of a Security Operations Center (SOC). This typically involves implementing strategies and technologies to better detect, respond to, and mitigate cybersecurity threats and incidents.... More
Software-defined network monitoring
Software-defined monitoring oversees the traffic in a virtualized network. Software-defined monitoring applications can be integrated with other applications. They also have the capacity to respond to current information about application behavior and requirements, status, network performance, and security. Effective SDN monitoring involves not only the software aspect of SDN, but the physical as well. It offers a centralized mechanism that... More
Spear phishing
Spear phishing is an electronic communication or email specifically targeted towards individuals, businesses, or organizations. Spear phishing is often used as a carefully planned strategy to steal sensitive data with malicious intent. Criminals can also use this approach to install malware on the victim's device. A potential victim receives an email from a trustworthy source (made to look trustworthy by attackers). If trapped by the... More
Spyware
A malware that penetrates your computing device and steals sensitive information. Following that, it transfers your data to advertisers, data firms, or external users. By launching a spyware attack, threat actors can monitor your internet activity, track your login and password information, and get their hands on your sensitive information.... More
Stabilize IT
Enterprises need to create a stable IT environment capable of assimilating frequent and rapid changes across hybrid infrastructure. These changes include capacity upgrades, new technology introductions, new features, and capabilities. The goal is to gain a predictable, steady-state mode of operations regardless of changes being introduced into the IT environment. Historically, we found that the more change a company introduced,... More
Swivel-chair interfaces
Swivel-chair interfaces refer to IT operations teams switching between multiple screens, tools, and windows on their laptops or mobile devices, leading to lower productivity. The origin of the term is based on work environments from decades ago, where it was common to glide around the workspace to alternate between devices such as telephones, file storage, copiers, and desks.... More
Threat detection
Threat detection is the practice of proactively analyzing your digital infrastructure to identify any potential malicious activity. It can include the process of identifying, analyzing and identifying past and present threats to thwart future cyber attacks.... More
Threat engineering
Threat engineering takes a broader, more proactive approach that involves leveraging threat research to identify potential threats and vulnerabilities in systems, networks, and software; developing countermeasures and mitigation strategies.... More
Threat feed
A threat feed is a stream of real-time data that provides information on the latest cyber threats, including known vulnerabilities, malware, phishing attacks, and other emerging vulnerabilities in software and systems.... More
Threat hunting
Threat hunting is a proactive approach to cybersecurity that aims to uncover and mitigate potential threats before they can cause harm.... More
Threat intelligence
Threat intel is a collective term for all the information about threats and threat actors that help mitigate harmful events in cyberspace. It includes information gathered from open-source intelligence, social media intelligence, human intelligence, technical intelligence, or intelligence from the deep and dark web. The biggest advantage of threat intel is that it allows SOC teams to practice proactive cybersecurity.... More
Threat intelligence platform
A threat intelligence platform (TIP) serves as a centralized hub that automates the collection, analysis, and dissemination of threat data from numerous internal and external sources, such as global security and threat intelligence feeds, Dark Web monitoring, and internal network telemetry, to help security teams proactively identify and mitigate relevant organizational risks before they can cause significant damage.... More
Threat landscape
The threat landscape encompasses the entirety of the wide array of cybersecurity risks and potential vulnerabilities individuals, organizations, or systems face. It includes various types of threats such as malware, phishing attacks, insider threats, and vulnerabilities in software or hardware.... More
Threat management
Threat management is the process of identifying potential risks and threats, assessing their potential business impact, and implementing measures to mitigate and respond to them.... More
Threat modelling
Threat modelling is a crucial process in ensuring the security and resilience of various systems and applications as it helps identify potential threats and vulnerabilities.... More
Total Cost of Ownership (TCO)
Total Cost of Ownership (TCO) encompasses all expenses associated with owning, operating, and maintaining a product or service over its entire lifecycle. This includes not only the initial purchase price but also expenses such as installation, training, maintenance, support, and eventual disposal or replacement costs.... More
UEBA
A user entity and behavior analytics (UEBA) solution uses algorithms and machine learning to detect anomalies in the behavior of corporate users as well as the network routers, servers, and endpoints. UEBA incorporates insider risk, privileged account monitoring, and monitoring for compromised accounts.... More
Virtual network operations center
A virtual network operations center is a central location with the sole purpose of reducing noise, identifying and prioritizing incidents, minimizing escalations, and ensuring uptime. With a remote working model, IT managers can virtually analyze alerts, metrics, logs, and traces with the aim of identifying and resolving the root cause of incidents before they become outages. A virtual NOC can... More
Virus
A parasitic malware that attaches itself to a host file or the MBR (Master Boot Record). It replicates itself inside the victim's computer by modifying other programs and inserting its own code. A virus can cause billions of dollars worth of economic damage to businesses. It is designed to jump from one system to another, making it a nuisance for... More
Vulnerability
A vulnerability is a weakness or flaw in a computer system, network, or software that a threat actor can exploit to gain unauthorized access, steal sensitive information, or disrupt normal operations.... More
Vulnerability assessment
Vulnerability assessment (VA) is a systematic review of weaknesses in an organization’s information security systems. Organizations rely on effective vulnerability assessment programs, and with the right tools, they assess the risks and implement solutions to mitigate security breaches. These assessments are conducted regularly, but they become important when changes have been made such as installation of new equipment, adding new... More
Vulnerability intelligence
Vulnerability intelligence is a critical component of the risk assessment framework. It involves consolidating vital vulnerability information from a variety of external and internal sources and then providing a contextualized assessment of organizational risk. For each vulnerability, vendors examine historical data, criticality ratings, potential fixes, etc.... More
Vulnerability management
Vulnerability management involves proactively identifying and fixing potential weaknesses in an enterprise’s network security. The aim is to apply these fixes before a hacker can use them to cause a cybersecurity breach. Vulnerability management should take a comprehensive approach to the development of resilient network security best practices and processes designed to detect, analyze and address flaws in software or... More
YARA rules
YARA, which stands for "Yet Another Recursive Acronym," is an open-source pattern-matching Swiss army knife that helps in detecting and classifying malicious software. YARA rules are essentially a set of instructions that define the characteristics of a specific type of malware or threat. They work by scanning files or data streams for specific patterns or strings that are associated with malicious activity.... More