Scarlett Cybersecurity was founded with the explicit purpose of simplifying cybersecurity for our clients. We believe that many cybersecurity companies are too focused on “cutting-edge” solutions without making a proper business case for the solutions they are offering.
Furthermore, we have observed extensive reliance on marketing buzzwords in order to disorient organizational leadership who may not have the time to thoroughly investigate a product’s feature set.
This page is focused on explaining some of the more common cybersecurity terms and phrases to help give customers a leg up when it comes to cybersecurity.
Cybersecurity defenses that operate based on company policy or leadership.
Example: Cybersecurity Awareness Training
Software that prevents malicious software (malware) from running by checking the identity against a known database of bad identities. More advanced solutions look at a program’s behavior to determine if it malicious.
Example: Windows Defender
API (Application Programming Interface)
This is a feature of an application that allows other programs to “talk” to the application and receive information in an easy-to-use format.
Use Case: Generally used by developers to gather data from one program for use in another
A way for an organization to replicate their files to another location. These are usually considered critical to business continuity, but they may be vulnerable to certain forms of malware/ransomware
Example: OneDrive Cloud Backup
Cybersecurity solutions or tools focused on protecting cloud servers, applications, and users. Usually implemented by cloud service providers or API integrations.
Example: Cybersecurity Services Tools Utilized in O365
Cybersecurity guidelines established by governing entities for specific organizations. Usually associated with fines or liability if these guidelines are not met and an incident occurs.
Example: HIPPA, SOX, PCI
Evaluations of an organization by utilizing a pre-defined set of criteria. Objective scoring should be utilized in order to properly gauge readiness in comparison to industry standards.
Use Case: Validation of current cybersecurity controls and readiness
Hiring a third-party expert for advice on cybersecurity practices specific to an organization. Also assists in scoping
and implementing the solutions they recommendExample: Utilizing a cybersecurity consultant
to implement new security policies and practices
A cybersecurity concept in which defenses are layered in order to provide multiple redundant solutions to detect, prevent, and respond to threats.
Use Case: Removes the reliance on single fallible solutions. Allows an organization to have a much greater chance at resolving an incident before it becomes catastrophic.
Disaster Recovery as a Service (DRaaS)
Disaster Recovery as a Service differs from
conventional backups by enabling an organization to quickly recover from
disasters via cloud hosted solutions. These services usually back up images of
the environment that allow backup environments to be deployed on short notice.
Use Case: Conventional backups can still take
significant effort and time to deploy properly when a disaster occurs. DRaaS
solutions offer less downtime and more redundancy at the cost of a subscription
Cybersecurity solutions oriented around
protecting a user’s inbox. Depending on the infrastructure and solution, these
can range from spam filters to fully automated threat detection platforms.
These solutions usually work to prevent a successful phishing attack.
Example: Microsoft Office 365 Advanced Threat
Endpoint Detection and Response
The evolution of conventional Anti-Virus products. These solutions generally rely on more advanced detection techniques in order to potentially detect a wider array of threats. Additionally, these tools allow for successful attacks to be remediated via a wide array of response options.
Example: SentinelOne Autonomous AI Endpoint Security Platform
An investigation with the goal of determining the specifics of an event by utilizing evidence found within assets associated with the event.
Example: A forensic analysis can take place after a cybersecurity incident in order to determine the root cause and effects of the attack.
The process of validating user accounts within an environment to ensure account authentication is legitimate activity. Security solutions usually associated with tools that check for suspicious activity, outdated accounts, or malicious login attempts. Example: A popular identity management solution is Azure Active Directory
Intrusion Detection Systems (IDS) /Intrusion Prevention Systems (IPS)
Intrusion Detection/Prevention Systems are security systems that detect threats on the network. The main difference between an IDS and an IPS is that an IPS has the capability to prevent network traffic whereas an IDS only detects threats on the network. An IPS is harder to deploy since a “False Positive” can lead to applications or network appliances failing to function. Example: FortiGate IPS
In cybersecurity terms, Incident Response is the formal process of scoping, containing, eradicating, and recovering from an incident. Incident Response procedures are generally implemented by trained experts and require a large amount of customization based on the organization’s network and structure.
Use Case: Recover efficiently and effectively from a successful cyberattack and prevent similar incidents from reoccurring by properly scoping and eradicating the threat.
An insider threat is an individual or group within an organization that is actively presenting a threat. This is not the same thing as an untrained user; insider threats are actively causing harm via malicious activities.
Example: Disgruntled IT employee actively selling credentials on the Dark Web
Malware is a type of software that is designed to damage or disable computers. It can be used to steal data, passwords, or financial information. Malware can also be used to shut down computer systems or networks.
Examples of malware include: Viruses, Worms, Trojans, Spyware, Adware
Managed Detection and Response
Outsourcing incident detection and response capabilities to an experienced third party. Usually charged via subscription model.
Use Case: Fulfill the need of Incident Detection and Response without hiring an internal security team.
Outsourcing of endpoint security (laptops,
servers, etc.) to an experienced third party. Usually charged via subscription
model. Use Case: Defend endpoints by utilizing a
Outsourcing of endpoint security (firewalls,
switches/routers, IPS, etc.) to an experienced third party. Usually charged via
subscription model. Use Case: Improve network-based security
without hiring internal staff.
Single factor authentication is usually a password.
This theoretically verifies that a user is who they say they are by asking for
something they know (the password). Multifactor authentication requires an
additional layer, usually something you have (cell phone, email account, etc.).
Example: Computer login requiring both a
password and a 6 digit “one-time-password” from a mobile app.
Security Appliances/ Next-Generation Firewalls
A term referring to an asset utilized to
secure a network in a more advanced manner than conventional firewalls. Most
firewall manufacturers now designate their new products as “Next Gen Firewalls”
to demonstrate the fact that they do much more than simple firewall “allow/deny”
Example: Fortinet FortiGate
Testing the defenses of an organization by acting as the attacker. Usually carried out by experienced security specialists.
Use Case: Test the real-world strength of an organization’s defenses and determine weaknesses in order to resolve them before an attacker can exploit the vulnerability.
Security on the perimeter of the network located between the public internet and the private organizational network. Usually refers to firewalls and other network security appliances.
Example: The network security devices at the edge of a network through which all external->internal traffic must pass.
Cybersecurity defenses that operate based on physical security solutions such as locks and walls.
Example: Lock on server room door
A type of attack where a malicious imposter utilizes messages (mainly email) with the intent of tricking a user into taking an action. Example: An email with a malicious link intended to trick a user into clicking it.
A specific strain of malware that locks all files on a device and demands a payment to unlock.
Example: WannaCry was a devastating attack that occurred recently
Security Information and Event Management/Security Operations Center (SIEM/SOC)
A SIEM receives logs from devices on the network in order to alert on important potential threats. A SOC is a team that utilizes the SIEM alerts to monitor an environment for suspicious activity and to remediate the activity as needed.
Use Case: A critical part of the security monitoring domain, a SIEM allows full visibility into a network and a SOC allows 24/7 triage and remediation. Often a SIEM/SOC is outsourced to third parties due to the extensive specialization required to properly manage it.
Cybersecurity defenses that operate based on technological solutions such as firewalls and antivirus. Example: Antivirus Software
A CISO is a Chief Information Security Officer. A vCISO is a “virtual” version of this role. Basically, a vCISO is an outsourced CISO.
Use Case: Experienced security professional assistance to help remediate security concerns within an organization, often without the high cost of maintaining a full time, internal CISO.
Automated scanning of a network to check for potential security gaps. Recommended for all organizations on at least anannual basis.
Use Case: Determining the most likely vectors that an attack will occur and remediating any critical vulnerabilities.