Scarlett Cybersecurity was founded with the explicit purpose of simplifying cybersecurity for our clients. We believe that many cybersecurity companies are too focused on “cutting-edge” solutions without making a proper business case for the solutions they are offering.
Furthermore, we have observed extensive reliance on marketing buzzwords in order to disorient organizational leadership who may not have the time to thoroughly investigate a product’s feature set.
This page is focused on explaining some of the more common cybersecurity terms and phrases to help give customers a leg up when it comes to cybersecurity.
Cybersecurity defenses that operate based on company policy or leadership.
Example: Cybersecurity Awareness Training
Software that prevents malicious software (malware) from running by checking the identity against a known database of bad identities. More advanced solutions look at a program’s behavior to determine if it malicious.
Example: Windows Defender
API (Application Programming Interface)
This is a feature of an application that allows other programs to “talk” to the application and receive information in an easy-to-use format.
Use Case: Generally used by developers to gather data from one program for use in another
A way for an organization to replicate their files to another location. These are usually considered critical to business continuity, but they may be vulnerable to certain forms of malware/ransomware
Example: OneDrive Cloud Backup
Cybersecurity solutions or tools focused on protecting cloud servers, applications, and users. Usually implemented by cloud service providers or API integrations.
Example: Cybersecurity Services Tools Utilized in O365
Cybersecurity guidelines established by governing entities for specific organizations. Usually associated with fines or liability if these guidelines are not met and an incident occurs.
Example: HIPPA, SOX, PCI
Evaluations of an organization by utilizing a pre-defined set of criteria. Objective scoring should be utilized in order to properly gauge readiness in comparison to industry standards.
Use Case: Validation of current cybersecurity controls and readiness
Hiring a third-party expert for advice on cybersecurity practices specific to an organization. Also assists in scoping
and implementing the solutions they recommendExample: Utilizing a cybersecurity consultant
to implement new security policies and practices
A cybersecurity concept in which defenses are
layered in order to provide multiple redundant solutions to detect, prevent, and
respond to threats.
Use Case: Removes the reliance on single fallible
solutions. Allows an organization to have a much greater chance at resolving an
incident before it becomes catastrophic.
Disaster Recovery as a Service (DRaaS)
Disaster Recovery as a Service differs from
conventional backups by enabling an organization to quickly recover from
disasters via cloud hosted solutions. These services usually back up images of
the environment that allow backup environments to be deployed on short notice.
Use Case: Conventional backups can still take
significant effort and time to deploy properly when a disaster occurs. DRaaS
solutions offer less downtime and more redundancy at the cost of a subscription
Cybersecurity solutions oriented around
protecting a user’s inbox. Depending on the infrastructure and solution, these
can range from spam filters to fully automated threat detection platforms.
These solutions usually work to prevent a successful phishing attack.
Example: Microsoft Office 365 Advanced Threat
Detection and Response
The evolution of conventional Anti-Virus
products. These solutions generally rely on more advanced detection techniques
in order to potentially detect a wider array of threats. Additionally, these
tools allow for successful attacks to be remediated via a wide array of
Example: SentinelOne Autonomous AI Endpoint
An investigation with the goal of determining
the specifics of an event by utilizing evidence found within assets associated
with the event.
Example: A forensic analysis can take place
after a cybersecurity incident in order to determine the root cause and effects
of the attack.
The process of validating user accounts within
an environment to ensure account authentication is legitimate activity. Security
solutions usually associated with tools that check for suspicious activity,
outdated accounts, or malicious login attempts. Example: A popular identity management
solution is Azure Active Directory
Detection Systems (IDS) /Intrusion Prevention Systems (IPS)
Intrusion Detection/Prevention Systems are
security systems that detect threats on the network. The main difference
between an IDS and an IPS is that an IPS has the capability to prevent network
traffic whereas an IDS only detects threats on the network. An IPS is harder to
deploy since a “False Positive” can lead to applications or network appliances
failing to function. Example: FortiGate IPS
In cybersecurity terms, Incident Response is
the formal process of scoping, containing, eradicating, and recovering from an
incident. Incident Response procedures are generally implemented by trained
experts and require a large amount of customization based on the organization’s
network and structure.
Use Case: Recover efficiently and effectively
from a successful cyberattack and prevent similar incidents from reoccurring by
properly scoping and eradicating the threat.
An insider threat is an individual or group
within an organization that is actively presenting a threat. This is not the
same thing as an untrained user; insider threats are actively causing harm via
Example: Disgruntled IT employee actively
selling credentials on the Dark Web
Detection and Response
Outsourcing incident detection and response
capabilities to an experienced third party. Usually charged via subscription
Use Case: Fulfill the need of Incident
Detection and Response without hiring an internal security team.
Outsourcing of endpoint security (laptops,
servers, etc.) to an experienced third party. Usually charged via subscription
model. Use Case: Defend endpoints by utilizing a
Outsourcing of endpoint security (firewalls,
switches/routers, IPS, etc.) to an experienced third party. Usually charged via
subscription model. Use Case: Improve network-based security
without hiring internal staff.
Single factor authentication is usually a password.
This theoretically verifies that a user is who they say they are by asking for
something they know (the password). Multifactor authentication requires an
additional layer, usually something you have (cell phone, email account, etc.).
Example: Computer login requiring both a
password and a 6 digit “one-time-password” from a mobile app.
Security Appliances/ Next-Generation Firewalls
A term referring to an asset utilized to
secure a network in a more advanced manner than conventional firewalls. Most
firewall manufacturers now designate their new products as “Next Gen Firewalls”
to demonstrate the fact that they do much more than simple firewall “allow/deny”
Example: Fortinet FortiGate
Testing the defenses of an organization by
acting as the attacker. Usually carried out by experienced security
Use Case: Test the real-world strength of an
organization’s defenses and determine weaknesses in order to resolve them
before an attacker can exploit the vulnerability.
Security on the perimeter of the network located
between the public internet and the private organizational network. Usually refers
to firewalls and other network security appliances.
Example: The network security devices at the edge
of a network through which all external->internal traffic must pass.
Cybersecurity defenses that operate based on physical security solutions such as locks and walls.
Example: Lock on server room door
A type of attack where a malicious imposter utilizes
messages (mainly email) with the intent of tricking a user into taking an
action. Example: An email with a malicious link
intended to trick a user into clicking it.
A specific strain of malware that locks all
files on a device and demands a payment to unlock.
Example: WannaCry was a devastating attack
that occurred recently
Information and Event Management/Security Operations Center (SIEM/SOC)
A SIEM receives logs from devices on the
network in order to alert on important potential threats. A SOC is a team that utilizes
the SIEM alerts to monitor an environment for suspicious activity and to
remediate the activity as needed.
Use Case: A critical part of the security
monitoring domain, a SIEM allows full visibility into a network and a SOC
allows 24/7 triage and remediation. Often a SIEM/SOC is outsourced to third parties
due to the extensive specialization required to properly manage it.
Cybersecurity defenses that operate based on technological
solutions such as firewalls and antivirus. Example: Antivirus Software
A CISO is a Chief Information Security
Officer. A vCISO is a “virtual” version of this role. Basically, a vCISO is an
Use Case: Experienced security professional
assistance to help remediate security concerns within an organization, often without
the high cost of maintaining a full time, internal CISO.
Automated scanning of a network to check for potential security gaps. Recommended for all organizations on at least anannual basis.
Use Case: Determining the most likely vectors that an attack will occur and remediating any critical vulnerabilities.