Scarlett Cybersecurity was founded with the explicit purpose of simplifying cybersecurity for our clients. We believe that many cybersecurity companies are too focused on “cutting-edge” solutions without making a proper business case for the solutions they are offering.
Furthermore, we have observed extensive reliance on marketing buzzwords in order to disorient organizational leadership who may not have the time to thoroughly investigate a product’s feature set.
This page is focused on explaining some of the more common cybersecurity terms and phrases to help give customers a leg up when it comes to cybersecurity.
Administrative Controls
- Cybersecurity defenses that operate based on
company policy or leadership
- Example: Cybersecurity Awareness Training
Anti-Malware/Anti-Virus
- Software that prevents malicious software
(malware) from running by checking the identity against a known database of bad
identities. More advanced solutions look at a program’s behavior to determine
if it malicious.
- Example: Windows Defender
API (Application Programming Interface)
- This is a feature of an application that allows other programs to “talk” to the application and receive information in an easy-to-use format.
- Use Case: Generally used by developers to gather data from one program for use in another
Backup Solutions
- A way for an organization to replicate their
files to another location. These are usually considered critical to business
continuity, but they may be vulnerable to certain forms of malware/ransomware
- Example: OneDrive Cloud Backup
Cloud Security
- Cybersecurity solutions or tools focused on
protecting cloud servers, applications, and users. Usually implemented by cloud
service providers or API integrations.
- Example: Cybersecurity Services Tools Utilized
in O365
Compliance
- Cybersecurity guidelines established by
governing entities for specific organizations. Usually associated with fines or
liability if these guidelines are not met and an incident occurs.
- Example: HIPPA, SOX, PCI
Cybersecurity Assessments/Audits
- Evaluations of an organization by utilizing a
pre-defined set of criteria. Objective scoring should be utilized in order to
properly gauge readiness in comparison to industry standards.
- Use Case: Validation of current cybersecurity
controls and readiness
Cybersecurity Consulting
- Hiring a third-party expert for advice on
cybersecurity practices specific to an organization. Also assists in scoping
and implementing the solutions they recommend
- Example: Utilizing a cybersecurity consultant
to implement new security policies and practices
Defense-in-Depth
- A cybersecurity concept in which defenses are
layered in order to provide multiple redundant solutions to detect, prevent, and
respond to threats.
- Use Case: Removes the reliance on single fallible
solutions. Allows an organization to have a much greater chance at resolving an
incident before it becomes catastrophic.
Disaster Recovery as a Service (DRaaS)
- Disaster Recovery as a Service differs from
conventional backups by enabling an organization to quickly recover from
disasters via cloud hosted solutions. These services usually back up images of
the environment that allow backup environments to be deployed on short notice.
- Use Case: Conventional backups can still take
significant effort and time to deploy properly when a disaster occurs. DRaaS
solutions offer less downtime and more redundancy at the cost of a subscription
model.
Email
Security
- Cybersecurity solutions oriented around
protecting a user’s inbox. Depending on the infrastructure and solution, these
can range from spam filters to fully automated threat detection platforms.
These solutions usually work to prevent a successful phishing attack.
- Example: Microsoft Office 365 Advanced Threat
Protection
Endpoint
Detection and Response
- The evolution of conventional Anti-Virus
products. These solutions generally rely on more advanced detection techniques
in order to potentially detect a wider array of threats. Additionally, these
tools allow for successful attacks to be remediated via a wide array of
response options.
- Example: SentinelOne Autonomous AI Endpoint
Security Platform
Forensic
Analysis
- An investigation with the goal of determining
the specifics of an event by utilizing evidence found within assets associated
with the event.
- Example: A forensic analysis can take place
after a cybersecurity incident in order to determine the root cause and effects
of the attack.
Identity
Management
- The process of validating user accounts within
an environment to ensure account authentication is legitimate activity. Security
solutions usually associated with tools that check for suspicious activity,
outdated accounts, or malicious login attempts.
- Example: A popular identity management
solution is Azure Active Directory
Intrusion
Detection Systems (IDS) /Intrusion Prevention Systems (IPS)
- Intrusion Detection/Prevention Systems are
security systems that detect threats on the network. The main difference
between an IDS and an IPS is that an IPS has the capability to prevent network
traffic whereas an IDS only detects threats on the network. An IPS is harder to
deploy since a “False Positive” can lead to applications or network appliances
failing to function.
- Example: FortiGate IPS
Incident
Response
- In cybersecurity terms, Incident Response is
the formal process of scoping, containing, eradicating, and recovering from an
incident. Incident Response procedures are generally implemented by trained
experts and require a large amount of customization based on the organization’s
network and structure.
- Use Case: Recover efficiently and effectively
from a successful cyberattack and prevent similar incidents from reoccurring by
properly scoping and eradicating the threat.
Insider
Threat
- An insider threat is an individual or group
within an organization that is actively presenting a threat. This is not the
same thing as an untrained user; insider threats are actively causing harm via
malicious activities.
- Example: Disgruntled IT employee actively
selling credentials on the Dark Web
Managed
Detection and Response
- Outsourcing incident detection and response
capabilities to an experienced third party. Usually charged via subscription
model.
- Use Case: Fulfill the need of Incident
Detection and Response without hiring an internal security team.
Managed
Endpoint Security
- Outsourcing of endpoint security (laptops,
servers, etc.) to an experienced third party. Usually charged via subscription
model.
- Use Case: Defend endpoints by utilizing a
monitored solution.
Managed Network
Security
- Outsourcing of endpoint security (firewalls,
switches/routers, IPS, etc.) to an experienced third party. Usually charged via
subscription model.
- Use Case: Improve network-based security
without hiring internal staff.
Multifactor
Authentication
- Single factor authentication is usually a password.
This theoretically verifies that a user is who they say they are by asking for
something they know (the password). Multifactor authentication requires an
additional layer, usually something you have (cell phone, email account, etc.).
- Example: Computer login requiring both a
password and a 6 digit “one-time-password” from a mobile app.
Network
Security Appliances/ Next-Generation Firewalls
- A term referring to an asset utilized to
secure a network in a more advanced manner than conventional firewalls. Most
firewall manufacturers now designate their new products as “Next Gen Firewalls”
to demonstrate the fact that they do much more than simple firewall “allow/deny”
rules.
- Example: Fortinet FortiGate
Penetration Testing
- Testing the defenses of an organization by
acting as the attacker. Usually carried out by experienced security
specialists.
- Use Case: Test the real-world strength of an
organization’s defenses and determine weaknesses in order to resolve them
before an attacker can exploit the vulnerability.
Perimeter
Security
- Security on the perimeter of the network located
between the public internet and the private organizational network. Usually refers
to firewalls and other network security appliances.
- Example: The network security devices at the edge
of a network through which all external->internal traffic must pass.
Physical
Controls
- Cybersecurity defenses that operate based on physical security solutions such as locks and walls.
- Example: Lock on server room door
Phishing
- A type of attack where a malicious imposter utilizes
messages (mainly email) with the intent of tricking a user into taking an
action.
- Example: An email with a malicious link
intended to trick a user into clicking it.
Ransomware
- A specific strain of malware that locks all
files on a device and demands a payment to unlock.
- Example: WannaCry was a devastating attack
that occurred recently
Security
Information and Event Management/Security Operations Center (SIEM/SOC)
- A SIEM receives logs from devices on the
network in order to alert on important potential threats. A SOC is a team that utilizes
the SIEM alerts to monitor an environment for suspicious activity and to
remediate the activity as needed.
- Use Case: A critical part of the security
monitoring domain, a SIEM allows full visibility into a network and a SOC
allows 24/7 triage and remediation. Often a SIEM/SOC is outsourced to third parties
due to the extensive specialization required to properly manage it.
Technical
Controls
- Cybersecurity defenses that operate based on technological
solutions such as firewalls and antivirus.
- Example: Antivirus Software
vCISO
- A CISO is a Chief Information Security
Officer. A vCISO is a “virtual” version of this role. Basically, a vCISO is an
outsourced CISO.
- Use Case: Experienced security professional
assistance to help remediate security concerns within an organization, often without
the high cost of maintaining a full time, internal CISO.
Vulnerability
Scanning
- Automated scanning of a network to check for
potential security gaps. Recommended for all organizations on at least an
annual basis.
- Use Case: Determining the most likely vectors
that an attack will occur and remediating any critical vulnerabilities.