Skip to the main content.
Login SCHEDULE A DEMO
Login SCHEDULE A DEMO

Netenrich
Glossary

Advance persistent threat

An APT or an advanced persistent threat is a stealthy threat actor that gains illegal access to a computer network and remains hidden for a prolonged period. An APT is typically a nation-state or state-sponsored group. Their main purpose is mainly political or economic. Every major business sector has recorded instances of cyberattacks by APTs seeking to steal, spy, or... More

Agile IT

Agile IT refers to IT operations that enable teams to adapt to changing requirements and consistently handle the complexities of emerging technologies. Although agile methodologies are usually synonymous with software development teams sprinting to code, test, and release products and applications, IT service delivery can also benefit by connecting development, security, and operations teams, instead of limiting them to organization... More

Alert correlation

IT operations are more complex than ever owing to heterogeneous environments and increasing tool stack. It requires a breadth of IT monitoring capabilities to quickly identify and resolve critical issues before they wreak havoc on the business. But alert volumes captured from different monitoring tools become overbearing. IT teams become frustrated with "alert fatigue" because they have to sort through and triage individual events... More

Alert fatigue

Alert fatigue or alarm fatigue occurs when IT teams are exposed to a large number of frequent alarms (alerts) that consequently become desensitized. It leads to longer response times or missing essential alarms. Large volumes of alarms, especially false ones, result in several unintended outcomes. Some consequences are a disruption in IT services, anxiety in teams, distrust in monitoring systems, and missed critical events. Some additional... More

Alert noise

Alert noise is listed as one of the biggest problems faced by DevOps teams. 79% of IT Ops personnel listed reduction in alert noise as one of their top priorities. False alarms pull time and resources away from issues that truly need to be addressed. It is compounded if you're receiving false alerts at the same time as the right alerts. ... More

Anomaly Detection

Anomaly detection is the process of distinguishing a genuine security alert from false positives alerts in a SOC (Security Operations Center). Anomalies are a strong indicator of cyber threat triggered by unexpected but legitimate malicious actions.... More

Antivirus

A software that has been designed to detect and prevent contagions like viruses and malware from affecting your systems. Originally, the antivirus software was used for removing computer viruses. However, they slowly got more sophisticated as the cyber threats themselves got more potent. Antivirus software eventually started to provide protection from browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, etc. While... More

Artificial intelligence

The simulation of human intelligence in machines so that they programmed to think and act like humans. Artificial intelligence or AI plays a key role in modern industries and organizations. Netenrich’s goal is to provide highly-contextualized, resolution intelligence that comes via the confluence of artificial and human intelligence. Netenrich’s Attack Surface Intelligence uses impact analysis to measure the severity of potential threats and empowers your... More

Asset

Any data, device, or other components of the environment that supports information-related activities. When it comes to an organization's ecosystem, an asset is a component (such as data or device) that supports information-related activities. Assets generally include hardware (e.g. servers), software (apps), and confidential information. Your SOC team must be able to guarantee the Confidentiality, Integrity, and Availability of assets from... More

Asset governance, risk management, and compliance

Governance, risk management, and compliance aim to assure an organization reliably achieves objectives, addresses uncertainty, and acts with integrity. Governance is the combination of processes established and executed by the leaders in the company that is reflected in the organization's structure. Risk management is predicting and managing IT asset risks that could hinder the company from reliably achieving its objectives... More

Asset lifecycle management

Asset lifecycle management is the process of increasing organizational productivity by helping them make informed decisions on IT needs and services. IT teams can make better purchasing decisions by looking at various assets and their lifecycle stages. If a particular asset is about to expire, and if it's already in the inventory, teams will have more lead time to order... More

Asset risk intelligence

IT asset risk intelligence is the organization's ability to gather insights across its systems that help identify uncertainties; present them in the business context; enable the firm to make more informed business and security decisions in a proactive manner. To manage asset risks effectively, such as the criticalities of business processes and enterprise infrastructure, including applications, servers, network devices, data... More

Attack surface

The potentially vulnerable points that exist across all software, hardware, firmware, and networks of your company. Your goal is to keep your attack surface as small as possible. An organization's attack surface is a term that describes all the potentially vulnerable points that exist across all software, hardware, firmware, and networks of your company. It is the sum of different attack... More

Attack vector

In cybersecurity, an attack vector is the specific path or method a threat actor uses to breach your network or system.... More

Automate incident response

An automated incident response strategy enables your organization to be in a better position to take strong and quick actions in the event of an unexpected downtime to limit its effect on the overall business. Automation expedites typical repetitive tasks and responses, so little to no human intervention is required to detect and respond to incidents. Automation in incident response also helps... More

Blind spot

A blind spot is a hidden threat in a heterogeneous IT environment—something teams don't even know exist. And they have no way to get visibility into it until an outage happens. Ineffective monitoring capabilities and manual processes fail to shed light on these blind spots. They remain dormant for years until suddenly an issue crops up. Blind spots hinder root-cause analysis, which... More

Botnet

A group of computers that have been compromised by malicious code and is now remotely operated by attackers. Botnet can be used to execute a bunch of attacks like DoS flooding, spamming, DNS spoofing, etc. The term botnet is a combination of the words "robot" and "network." It is a collection of devices or "bots" such as computers, phones, or IoT... More

Brute force attacks

A brute force attack is a cryptographic hack wherein the attacker manually guesses the different possible combinations of a targeted password and repeats the process until they land on the correct combination. A longer password will require more sophisticated combinations. Brute force attacks are not the most efficient approach, but it's one of the easiest attacks to execute. As a part... More

Bug

A bug is a flaw or vulnerability in the software or hardware design that can be potentially exploited by the attackers. These security bugs can be used to exploit various vulnerabilities by compromising – user authentication, authorization of access rights and privileges, data confidentiality, and data integrity. Security bugs are caused by the lack of the following – basic/advanced dev training,... More

Bursty traffic

Unexpected or sudden network traffic volume peaks and troughs based on seasonal factors are commonly referred to as bursty traffic. Bursty traffic can create negative customer sentiment if not identified early and resolved.... More

BYOD

A company policy that dictates whether or not employees can bring in their own devices to work. Bring your own device (BYOD), aka bring your own technology (BYOT) is a movement wherein organizations allow their employees to bring and use their own device over an officially provided one. This policy has been a huge hit with startups and smaller companies who... More

Clickjacking

Clickjacking is a malicious technique that tricks a user into clicking on a malicious link, potentially revealing confidential information or giving up control of their computer to a third-party. The attacker can manipulate the user's computer by taking advantage of vulnerabilities present in applications and web pages. Let's take a simple example to see how clickjacking works. On a clickjacked page,... More

Cloud operations

The process of managing the delivery and optimization of cloud infrastructure and services is cloud operations or CloudOps. The important components of cloud operations include maintaining availability, performance and cost optimization, adhering to compliance, and meeting SLAs.... More

Command & Control

A command-and-control [C&C] server is by an attacker to remotely send commands to systems compromised by malware. In exchange, they can receive stolen data from the victim right on the C&C servers. C&Cs tend to hide in plain sight by blending in with normal traffic to avoid any detection. Some malware can remain undetected for ages, stealing your data, and... More

Common Vulnerabilities and Exposures

Common Vulnerabilities and Exposures (CVE) is an online database of attacks, exploits, and compromises maintained by the MITRE organization. This system was officially launched for the public in September 1999. CVEs are assigned by a CVE Numbering Authority (CNA).... More

Configuration change management

With growing network complexity, multiple configuration changes take place daily. Network admin can carry out the changes manually. But there is a high possibility that manual changes might lead to errors, resulting in faulty configurations. Consequently, it is easily prone to vulnerabilities which might even cause a network downtime. Also, in a hybrid network environment consisting of thousands of devices... More

Credential stuffing

Credential stuffing is a special form of brute force attack that works on a very simple assumption. Usually, users tend to keep one password across all their social media and email accounts. In this case, the attackers need only crack one primary account to gain access to everything else. As you can guess, this has serious identity theft repercussions. ... More

Cryptojacking

Cryptojacking is the unauthorized use of a user’s device to mine cryptocurrencies. Instead of spending capital on mining equipment, these attackers use their victim’s computational resources for free to mine cryptocurrencies. In Q4 2017, there was a sudden spike in the number of cryptojacking attacks. As per McAfee, the amount of cryptojacking incidents jumped from 500,000 in Q4 2017 to nearly 4 million by Q3... More

Cyber Risk

Failure in information services can cause put companies in the line of reputation damage, financial loss, and loss of business operations. A wide array of tactics can be used to exploit cyber risks within an organization, and some of them are. ... More

Cybersecurity

Network and data are sensitive for any business, and security analysts go to great lengths to ensure complete safety from cybercriminals. The traditional approach of managed detection and response using multiple tools is changing due to the evolving digital IT landscape. Business leaders are now actively seeking proactive solutions, instead of just being reactive to persistent and advanced cyber threats.... More

Data Analytics

Data analytics is used by enterprises to extract valuable insights and develop a deep understanding of the patterns existing in raw data. However, many small and mid-sized enterprises have problems in terms of analyzing data from multiple tools in their ITOps. Making sense of data derived from multiple touchpoints in real-time is critical to meeting customer expectations. Operations teams need solutions to make sense... More

Data breach

A data breach is an intentional or unintentional release of internal data made available to external entities without authorization. Data breaches can also be termed as unintentional information disclosure, data leak, information leakage, and also data spill. Data breaches can be very costly to your organization both financially and reputation-wise. ... More

Data contextualization

Data contextualization means adding related information to any data to make it more actionable. Trends, patterns, and correlations stand out against a background of context. When you start integrating data into various sets that provide context for IT events, you get a lot more value from the data. Contextualization is crucial to delivering and maintaining quality services. But, the seamless... More

Data insights

Data becomes valuable when you translate it into actionable insights. Achieving these insights starts with figuring out what you want from your data, finding its value. You need to understand the context, need, vision, and outcome of your data, and create a strategy for turning data into meaningful stories and business successes.... More

Data lake

A data lake is a unified repository that stores big data from multiple sources in its raw format. It can include structured, semi-structured, unstructured, and binary data. This allows data to be stored in a flexible format for later use and helps data scientists analyze it faster and more accurately.... More

Data warehouse

A data warehouse is an integral component of business intelligence where structured data is collated from one or more sources for analysis and reporting. It’s usually leveraged to correlate business data and deliver insights into organizational performance.... More

DevOps

DevOps refers to the culture of combining “development” and “operations” for rapid IT service delivery. It requires the adoption of agile principles, collaboration between teams, and utilizing automation to shorten the software development life cycle by enabling fast feedback loops for deployment of new features or fixes.... More

Dictionary attacks

Dictionary attacks are the most common among brute force attacks. The idea behind this is pretty simple: use a list of words in the dictionary to crack passwords. Attempts typically begin with assumptions about common passwords (like “password,” “12345,” etc.) and to guess the correct one from the list in the dictionary. ... More

Digital customer experience

The term digital customer experience refers to the sum of all digital interactions between a company and a customer, forming an impression of your brand. The touchpoints across the digital experience may include website, apps, chatbots, social media, customer support channels, IoTs and more.... More

Digital experience monitoring

Digital experience monitoring is a performance analysis practice that helps in optimizing the user experience with applications and services delivered by an organization. The digital experience of customers and employees is a critical business outcome and it’s important to monitor its impact, instead of just application or infrastructure performance.... More

Digital footprint

The organization's digital footprint encompasses all the traceable digital activities, actions, contributions, or communications across the internet or on devices. With the increased incorporation of cloud infra and services, it's becoming increasingly difficult to track the organization's footprint. An organization's cybersecurity strategy can be considered robust only if it monitors all the unique digital footprints across all business lines and... More

Digital Transformation

Digital transformation is the process through which new and existing business processes evolve with the integration of modern technologies and shift in organizational culture. The objective of digital transformation is to improve customer experience and meet latest business requirements.... More

Digitalization

Digitalization refers to the Digital Transformation of businesses and subsequently their IT organizations. It mandates the use of digital technologies to transform the business model and provide innovative revenue and value-generating opportunities while moving to a future-ready paradigm.... More

Distributed architecture

A distributed architecture supports distributed systems by connecting components to achieve a common goal. These may include physical servers, computers, network devices, containers, and virtual machines working as a single unit.... More

Dynamic capacity orchestration

Dynamic capacity orchestration refers to facilitating rapid deployment and automation across hybrid physical and virtual networks. Companies leverage dynamic capacity orchestration to achieve faster time to market and better service delivery.... More

Dynamic operations

Dynamic operations are an integral component of modern hybrid environments that are fluid and temporal, allowing applications to be available continuously through virtualization. Dynamic ops facilitate automated provisioning, intelligent prioritization and scheduling, and integrations for holistic infrastructure management.... More

Dynamic thresholds

Dynamic thresholds represent bounds of an expected data range for a particular alert. Unlike static alert thresholds that are assigned manually, dynamic limits are calculated by anomaly detection algorithms and continuously trained by an alert's historical values. When dynamic thresholds are enabled, alerts are dynamically generated when these thresholds are exceeded. Simply put, alerts are generated when deviations or anomalies... More

Dynamic workloads

Dynamic workloads are an important component in hybrid cloud systems that require rapid resource changes to address modern computing demands. Workloads in such virtualized environments need proactive management to ensure better availability, scalability, and cost optimization.... More

Firmware upgrade

More than 65% of companies don’t know which devices to patch first. Even with the appropriate prioritization, manual patching slows everything down. Delayed firmware upgrades create a severe impact on your network and cause downtime. Devices like routers and switches that are not updated to the latest firmware version fail to perform. Consequently, device may underperform and lead to poor... More

Hybrid cloud

Infrastructure that links a private cloud (controlled by the user) and at least one public cloud (managed by a cloud service provider) constitutes a hybrid cloud. A hybrid cloud setup helps businesses leverage the scalability and cost savings of public cloud while ensuring business critical applications and their data remain on-premise.... More

Hyper converged infrastructure (HCI)

HCI is an IT platform that brings together computing, storage, and networking into a unified system to minimize complexity and enhance scalability. These platforms leverage a hypervisor for virtualized computing, software-defined storage, and virtual networks while running on standard servers. Numerous nodes can be combined to create pools of common compute and storage resources, built for easier consumption.... More

Incident management

Any event that can lead to loss or disruption of an organization's operations, services, or functions is known as an incident. Incident management is a collective term that describes all the activities of an organization to identify, analyze, and correct issues that may lead to a future catastrophe. Incident management allows you to limit the disruption that may be caused by... More

Infrastructure as code (IaC)

Infrastructure as code (IaC) means to replace physical hardware configuration or interactive configuration tools with configuration code files. Before IaC, IT operations teams would have to manually change configurations to manage infrastructure, which was a tedious process.... More

Infrastructure monitoring

Often IT infrastructures are comprised of multiple locations that include both public, private, and hybrid cloud deployments. But most IT teams fail to identify blind spots in their environment and correlate problems before they affect end-users. This hampers the productivity of the organization. IT monitoring becomes more complex as infrastructures become denser and more dispersed. IT infrastructure monitoring is the... More

IT asset

An IT asset is a hardware or software within an IT environment. Not that tracking of IT assets within an IT asset management system is crucial to the operational as well as the financial success of an enterprise. IT assets are integral components of the organization's systems and network infrastructure. An undeniable fact about IT assets is that they have... More

IT change risks

IT change risk arises from an organization's inability to manage IT system changes in a timely and controlled manner, especially for large and complex change programs. Inadequate controls lead to incidents that go undetected. Systems become vulnerable due to a lack of testing or improper change management practices. For example, the release of insufficiently tested software or configuration changes can have... More

IT coverage

IT coverage refers to the extent to which enterprise IT has control and visibility over the entire operations and infrastructure landscape of the business. IT teams are finding it hard to get complete coverage over ops, due to complicated and ever-expanding hybrid architectures and the increasing threat of shadow IT.... More

IT downtime

For organizations of all sizes, IT downtime means a decrease in productivity and negative customer experience, both of which impact the bottom line. To prevent downtime, it's important to understand the root-causes of incidents and leverage intelligent workflows to safeguard your organization. Human error and security are the top two causes of IT downtime. Combined, these issues hamper productivity, collaboration,... More

IT service catalog management

The service catalog is an integral component of IT service delivery and constitutes a central repository of available services for customers. These services are part of the IT service portfolio and are already in development or are ready for deployment. Managing the IT service catalog requires optimizing the end-customer experiences so they can initiate service requests with ease, while also... More

ITOM

IT operations management (ITOM) consists of handling all technology components and application requirements for an organization. This ranges from provisioning IT infrastructure, performance, security, availability, cost optimization and capacity planning for all IT assets and infrastructure.... More

KNOW Threat Intelligence

Netenrich’s threat intel platform, is a news aggregator that collates the most trending news articles in various categories. If KNOW detects the presence of a vulnerability in one group of articles, it immediately provides a small story card that provides you with all the information you need about the vulnerability, including helpful metrics like its common vulnerabilities and exposures score. ... More

MACD management

MACD is the acronym to move, add, change, or delete services in the enterprise communication network. MACD full form is Move, Add, Change or Delete/Disconnection of services (M, A, C, D). MACD management can be a hassle for service providers as it involves manual provisioning and can cause delays in taking new services to market.... More

Malware

Any code that has been written for the sole purpose of causing harm, violating privacy, or weakening system security is known as malware. It's designed to cause damage to a computer, server, client, or network. Malware varieties range from computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware. Antivirus software, firewalls, and other cybersecurity strategies can be... More

Managed intelligence

Managed intelligence helps enterprise IT teams address in-house skill gaps by plugging into professional expertise to avoid downtime, destabilization of operations, and potential loss of revenue. Dwindling IT budgets and lack of highly skilled talent are leading businesses towards managed intelligence for access to insights, context, and actionable remediation to enable seamless digital IT operations.... More

Managed Security Service (MSS)

Managed security service is one of the most common approaches taken by organizations to manage their security needs. The services can be outsourced to specialized companies like Netenrich to oversee the company’s network and infrastructure or it can be handled in-house by a dedicated team as well. MSS teams carry out round-the-clock monitoring of firewalls, intrusion detection, manage patch management and updates,... More

Mean time to resolve

Mean time to resolve (MTTR) is the service-level metric for IT support services that calculates the average time elapsed from when a problem is reported until the issue is resolved. It is typically measured in hours, and it refers to business hours, not clock hours. For example, an incident that is reported at 3:00 p.m. on a Friday and closed... More

MITRE ATT&CK Framework

The MITRE ATT&CK framework is a curated knowledge base of known adversary tactics and techniques. ... More

MSP transformation

Managed service provider (MSP) transformation refers to Netenrich’s partner solutions which help service providers optimize their service operations for growth and scale. Evolving customer requirements and complex environments have led to service providers facing challenges with maintaining a healthy margin from recurring managed services. MSP transformation addresses these challenges by helping partners reduce costs and deliver value to customers.... More

Network downtime

Network downtime is a period when a system (or services) is unavailable. The outage happens when a system fails to provide or perform its primary function. Reliability, availability, recovery, and unavailability are related concepts. A few minutes of disruption can have a significant impact, regardless of the size of your network and the type of business. According to Gartner, an... More

Network managed services

Network management services offer holistic support for the support and management processes for wide area networks (WAN) and local area networks (LAN). Network services are provided either remotely or on-site. Network management services consists of a variety of individual services including network monitoring of attached devices, network maintenance, monthly status reporting, implementation of firmware upgrades, and unified communication services. The combined... More

Network performance management

Network performance management refers to managing the service quality being provided to customers. There are a number of ways to measure the performance of a network. Performance measure encompass bandwidth monitoring (the maximum rate at which information can be transferred), throughput (the actual rate of information transmission), latency (delay caused while transmitting a signal), jitter (variation in packet delay at... More

Network virtualization

Network virtualization combines multiple physical networks to one virtual, software-defined network. It can also divide one physical network into separate, independent virtual networks. Physical resources in the network, including routers and switches, are accessible by any user via a centralized management system. Virtualization also enables automation of multiple administrative tasks, reducing manual errors and provisioning time. It provides greater network efficiency and productivity.... More

Next-gen firewall

A next-generation firewall combines a traditional firewall with other network device filtering functions – including an application firewall using deep packet inspection (an intrusion prevention system.) It is part of the third generation of the firewall technology. 97% of organizations believe managing can improve capabilities such as visibility, threat prevention, reducing surface vulnerability, and response. But most modern firewalls won’t provide adequate visibility... More

Open ports

In computer networking, a port is a communication endpoint that allows your systems to communicate over the internet. Every IP address has two types – TCP and UDP ports. Any internet service requires a certain number of ports to be open to function. However, unattended, open ports invite a plethora of attacks and exploitations that you simply can’t afford. ... More

Operational visibility

360-degree operational visibility refers to monitoring of your system's operations, readiness, availability, and performance. It allows you to identify fluctuations in metrics and act on anomalies quickly. Many businesses continue to act with little operational visibility. Additional tooling and infrastructure for metrics and logs don't always have clear benefits. They are not always first-to-know and find out about problems from... More

OWASP

OWASP or the “Open Web Application Security Project” is an online community that’s focused on understanding web technologies and exploitations. They produce freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP Foundation, a 501(c)(3) non-profit organization in the US established in 2004, supports the OWASP infrastructure and projects.... More

Patch

A patch is a piece of software that a company releases to fix any errors in the original software. The name pretty much describes what it does, as it covers up the flaws and prevents it from getting exploited by hackers. It is generally considered best practice to stay up-to-date on all your patches and fixes.... More

Penetration testing

Penetration testing is also known as pen testing is a simulated cyberattack against your own computing system. This testing approach is specially designed to help enterprises identify exploitable vulnerabilities before the attackers do. Usually, penetration testing is done to help augment WAF (web application firewall).... More

Phishing

Phishing allows an attacker to obtain sensitive information such as usernames, passwords, and credit card details. They do so by posing as a non-threatening entity and communicating via email or text messages. Phishing has become smarter now than ever before. When it comes to this new wave of phishing attacks, the following two methods are on the rise - clone... More

Predictive incident management

Companies are generating vast amounts of data associated with business operations. But they are also facing a complicated and ever-expanding array of operational risks to identify and mitigate risks in their environment proactively. This makes incident management a challenge for smooth business operations. Predictive intelligence become useful for total predictive incident management. Predictive incident management analyzes large data sets to... More

Predictive insights

Predictive insights are an important component of AIOps. It uses organizational data and analytics to glean insights on device behaviors, patterns, data flows, and trends, to predict situations or incidents. Predictive insights help businesses solve complex problems and rely on data-driven decisions for better risk management.... More

Ransomware

Ransomware is one of the most dangerous and popular malware types out there. Starting from 2012, the number of ransomware scams have gone up exponentially. The core idea is to take your victim's data hostage and threaten to leak it until a certain amount of money is paid to you. The ransom is usually paid in cryptocurrency - mainly Bitcoin... More

Recovery Point Objective (RPO)

The amount of data that can be lost before major damage is incurred by the business after a disaster is referred to as the RPO, expressed in the duration of time preceding the most recent backup. RPO provides the tolerable limits for performance when it comes to data lost or not backed up during the period.... More

Recovery Time Objective (RTO)

After a business disruption the targeted duration and service level within which a process must be restored to its standard state is the RTO. The main objective of an RTO is to eliminate critical consequences due to interrupted business continuity.... More

Red Teaming

Red teaming is a full scope attack simulation used by enterprises to measure how well an organization’s people, network, physical security controls, and applications can withstand an attack from the real adversary. In simple terms, red teaming can be said to be ‘ethical hacking’. Using this simulation, the independent security teams can test how well an organization is equipped to... More

Resolution Intelligence Cloud

Resolution Intelligence Cloud™ is a native cloud data analytics platform for managing security and digital operations at service-provider scale. ... More

Reverse brute force attack

The reverse brute force attack targets a common password instead of a specific user using a common group of passwords against a list of possible usernames. For example, a simplistic option such as “password” may be used to brute force a username that goes with it. As with normal brute force attacks, reverse brute force attacks can be used to... More

Root-cause analysis

A root-cause is a factor that causes an incident and should be permanently eliminated through process improvement. The root-cause can be defined as the core issue—the highest-level cause—that sets in motion the entire cause-and-effect reaction that ultimately leads to the incident. Root-cause analysis is a collective term that describes a wide range of strategies, tools, and techniques used to uncover the causes of... More

Scale IT

Scaling IT operations refers to the process of optimizing IT tasks and workflows to be more flexible and accommodate future growth and success. Businesses must balance the need for ops that can quickly ramp up and down according to temporary requirements while delivering efficiency and higher productivity.... More

SecOps

SecOps (Security + Operations) is a movement that helps in building collaboration between IT security and operations teams. When these two teams work closely together, they share accountability and responsibility in maintaining the overall state and security of the organization.... More

Security Misconfiguration

In layman's terms, security misconfiguration is failing to implement appropriate security controls for web or server applications. It could also mean implementing the security controls with errors. Often what companies may conclude as safe or unnecessary can expose them to dangerous risks. When configuration settings do not comply with industry security standards (OWASP top 10, and CIS benchmarks) it leads to security... More

Shadow IT

Shadow IT is the use of IT devices, systems, software, services, and applications without explicit IT department approval. Shadow IT has grown exponentially in recent years with the adoption of cloud-based applications and services. More than 40% of all IT spending at a company occurs outside the IT department. This growth is driven by the quality of consumer applications, such as... More

SIEM

SIEM or Security information and event management combine security information management (SIM) and security event management (SEM) to collect log data for analysis and reports on security threats and events. Plus, it conducts real-time system monitoring, notifies network admins about important issues, and establishes correlations between security events.... More

Single pane of glass view

Single pane of glass solutions present data from multiple sources — whether that be across data centers or from the data center to the cloud — in a unified view. It gives you the ability to log in once and access the tools you need to do execute workflows; acquire security options that limit or expand an individual user's access... More

Software-defined network monitoring

Software-defined monitoring oversees the traffic in a virtualized network. Software-defined monitoring applications can be integrated with other applications. They also have the capacity to respond to current information about application behavior and requirements, status, network performance, and security. Effective SDN monitoring involves not only the software aspect of SDN, but the physical as well. It offers a centralized mechanism that... More

Spear phishing

Spear phishing is an electronic communication or email specifically targeted towards individuals, businesses, or organizations. Spear phishing is often used as a carefully planned strategy to steal sensitive data with malicious intent. Criminals can also use this approach to install malware on the victim's device. A potential victim receives an email from a trustworthy source (made to look trustworthy by attackers). If trapped by the... More

Spyware

A malware that penetrates your computing device and steals sensitive information. Following that, it transfers your data to advertisers, data firms, or external users. By launching a spyware attack, threat actors can monitor your internet activity, track your login and password information, and get their hands on your sensitive information.... More

Stabilize IT

Enterprises need to create a stable IT environment capable of assimilating frequent and rapid changes across hybrid infrastructure. These changes include capacity upgrades, new technology introductions, new features, and capabilities. The goal is to gain a predictable, steady-state mode of operations regardless of changes being introduced into the IT environment. Historically, we found that the more change a company introduced,... More

Swivel-chair interfaces

Swivel-chair interfaces refer to IT operations teams switching between multiple screens, tools, and windows on their laptops or mobile devices, leading to lower productivity. The origin of the term is based on work environments from decades ago, where it was common to glide around the workspace to alternate between devices such as telephones, file storage, copiers, and desks.... More

Threat detection

Threat detection is the practice of proactively analyzing your digital infrastructure to identify any potential malicious activity. It can include the process of identifying, analyzing and identifying past and present threats to thwart future cyber attacks.... More

Threat hunting

Threat hunting is a cyber defense activity that’s fully focused on identifying threats early on. Detecting new campaigns through continuous threat hunting can save your company a lot of time and money. Modern cybersecurity can no longer afford to be reactive, slow, and alert-driven. You need to be proactive and fast. Threat hunting allows you to pick up information about... More

Threat intelligence

Threat intel is a collective term for all the information about threats and threat actors that help mitigate harmful events in cyberspace. It includes information gathered from open-source intelligence, social media intelligence, human intelligence, technical intelligence, or intelligence from the deep and dark web. The biggest advantage of threat intel is that it allows SOC teams to practice proactive cybersecurity.... More

Virtual network operations center

A virtual network operations center is a central location with the sole purpose of reducing noise, identifying and prioritizing incidents, minimizing escalations, and ensuring uptime. With a remote working model, IT managers can virtually analyze alerts, metrics, logs, and traces with the aim of identifying and resolving the root cause of incidents before they become outages. A virtual NOC can... More

Virus

A parasitic malware that attaches itself to a host file or the MBR (Master Boot Record). It replicates itself inside the victim's computer by modifying other programs and inserting its own code. A virus can cause billions of dollars worth of economic damage to businesses. It is designed to jump from one system to another, making it a nuisance for... More

Vulnerability Assessment

Vulnerability Assessment (VA) is a systematic review of weaknesses in an organization’s information security systems. Organizations rely on effective vulnerability assessment programs, and with the right tools, they assess the risks and implement solutions to mitigate security breaches. These assessments are conducted regularly, but they become important when changes have been made such as installation of new equipment, adding new... More

Vulnerability intelligence

Vulnerability intelligence is a critical component of the risk assessment framework. It involves consolidating vital vulnerability information from a variety of external and internal sources and then providing a contextualized assessment of organizational risk. For each vulnerability, vendors examine historical data, criticality ratings, potential fixes, etc.... More

Vulnerability management

Vulnerability management involves proactively identifying and fixing potential weaknesses in an enterprise’s network security. The aim is to apply these fixes before a hacker can use them to cause a cybersecurity breach. Vulnerability management should take a comprehensive approach to the development of resilient network security best practices and processes designed to detect, analyze and address flaws in software or... More