.svg)
Glossary
The Immersive Glossary provides clear, concise definitions of key terms and concepts used across the platform and the cybersecurity industry. It's designed to support users of all levels by offering quick explanations that enhance understanding.
AI for Data Security
The use of artificial intelligence (AI) and machine learning to automatically protect, monitor, and classify sensitive data.
AI for Data Security can detect unusual data access patterns, identify sensitive information, and apply appropriate protection measures without human intervention.
It helps organizations scale their data protection efforts and respond to threats in real-time.
Related pages
AI for Network Security
Artificial intelligence systems that detect network anomalies and threats in real-time by analyzing traffic patterns and behaviors.
These solutions can identify sophisticated attacks that traditional signature-based systems might miss, including zero-day exploits and advanced persistent threats.
AI network security tools continuously learn and adapt to new threat patterns, improving their detection capabilities over time.
AI in Cybersecurity
AI in cybersecurity is the application of machine learning and automation to enhance security operations and threat detection across all security domains.
This includes predictive analytics for threat forecasting, automated incident response, and intelligent security orchestration.
AI in cybersecurity helps organizations process vast amounts of security data and respond to threats faster than humanly possible.
AI in Threat Detection
Use of algorithms to identify and respond to security threats faster than traditional methods. It analyzes behavioral patterns and anomalies.
These systems can process millions of events per second and correlate seemingly unrelated activities to identify sophisticated attack campaigns. AI threat detection reduces false positives and enables security teams to focus on genuine threats.
Anonymous
A decentralized international hacktivist collective known for conducting a series of well-publicized cyberattacks against government, corporate, and religious organizations.
Anonymous operates under the motto "We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us." Their attacks are often politically or socially motivated.
Related pages
API Security
Protection of Application Programming Interfaces from unauthorized access and malicious attacks that could compromise backend systems
APIs are increasingly common attack targets as they often provide direct access to sensitive data and functionality.
Proper API security includes authentication, authorization, rate limiting, and input validation.
Related pages
Application Security
Also known as AppSec. It encompasses practices and tools to protect software applications (apps) from vulnerabilities and attacks throughout their lifecycle.
This includes secure coding practices, security testing, and runtime protection measures. Application security is critical as applications are often the primary attack vector for cybercriminals targeting organizations.
Related pages
APT10
A Chinese state-sponsored threat actor, also known as Stone Panda or MenuPass, that specializes in attacking managed service providers (MSPs).
By compromising MSPs, APT10 is able to gain access to the networks of multiple clients simultaneously, making their attacks highly efficient for intellectual property theft and other forms of espionage.
Related pages
APT32
A sophisticated, Vietnamese-linked advanced persistent threat group, also known as OceanLotus, known for targeting private sector companies across various industries as well as foreign governments, dissidents, and journalists.
The group's motivations appear to be a mix of cyber espionage and commercial data theft, using custom-developed malware to maintain a low profile.
Related pages
APT34
An Iranian state-sponsored cyber espionage group, also known as OilRig, that primarily targets government organizations, financial institutions, and telecommunications companies in the Middle East.
The group is known for using a variety of sophisticated tools and social engineering techniques to exfiltrate sensitive data.
Related pages
APT35
An Iranian state-sponsored hacking group, also known as Charming Kitten, that focuses on cyber espionage.
The group has been linked to attacks on academic institutions, defense organizations, and human rights activists, often using elaborate social engineering lures to deploy malware and steal credentials.
Related pages
Automated Threat Detection
Systems that automatically identify and alert on potential security threats using predefined rules and machine learning algorithms. These systems can process vast amounts of security data 24/7 without human intervention.
Automated detection significantly reduces response times and helps security teams manage the increasing volume of security events.
Related pages
AWS Vulnerabilities
Security weaknesses specific to Amazon Web Services cloud infrastructure. These vulnerabilities can arise from misconfigurations, outdated services, or inadequate access controls within AWS environments.
Organizations must regularly assess and remediate AWS-specific vulnerabilities to maintain cloud security.
Related pages
Behavioral Analytics in Cybersecurity
Analysis of user and system behavior patterns to detect anomalies and threats that might indicate malicious activity.
This approach can identify insider threats, compromised accounts, and sophisticated attacks that bypass traditional security controls
Behavioral analytics establishes baselines of normal activity and flags deviations that warrant investigation.
Related pages
Blue Team
Defensive security professionals who protect systems and respond to attacks, often working opposite to red teams in security exercises.
They focus on monitoring, detecting, and mitigating threats while strengthening organizational defenses. Blue teams are responsible for incident response, threat hunting, and maintaining security operations centers.
Related pages
Bug Bounty Programs
Reward programs where organizations pay researchers for finding security vulnerabilities in their systems or applications.
These programs leverage the global security community to identify weaknesses before malicious actors can exploit them. Bug bounties have become an essential part of many organizations' vulnerability management strategies.
Chimera
A cybercrime group primarily focused on ransomware and data exfiltration, often targeting organizations in Taiwan and Japan. The group is known for its "double extortion" tactic, where it not only encrypts the victim's data but also threatens to leak it publicly unless a ransom is paid.
Related pages
CISO (Chief Information Security Officer)
Executive responsible for an organization's cybersecurity strategy and operations, reporting to senior leadership. The CISO develops security policies, manages security budgets, and ensures compliance with regulations and standards. This role bridges technical security expertise with business strategy and risk management.
Related pages
CISSP (Certified Information Systems Security Professional)
Advanced cybersecurity certification for security professionals with significant experience in the field. CISSP certification demonstrates expertise across eight security domains and requires ongoing professional development. It's widely recognized as a gold standard certification for senior cybersecurity professionals.
Related pages
Cloud Security
Protection of data, applications, and infrastructure in cloud computing environments through specialized security controls and practices. Cloud security addresses unique challenges such as shared responsibility models, multi-tenancy, and dynamic resource allocation. Organizations must implement both cloud-native security tools and traditional security measures adapted for cloud environments.
Related pages
Cozy Bear
A Russian government-backed advanced persistent threat group, also known as APT29, that is believed to be affiliated with the Russian Foreign Intelligence Service (SVR). Cozy Bear gained widespread notoriety for its involvement in the 2016 cyberattack on the Democratic National Committee (DNC) and subsequent targeting of U.S. government agencies.
Related pages
CVE (Common Vulnerabilities and Exposures)
A standardized identification system for publicly known cybersecurity vulnerabilities and security flaws in software and hardware. Each CVE entry receives a unique identifier (like CVE-2023-1234) and includes a description of the vulnerability, affected systems, and severity information.
The CVE system provides a common reference point for security professionals, vendors, and tools to discuss and track specific vulnerabilities across the cybersecurity community.
Related pages
CWE (Common Weakness Enumeration)
A comprehensive catalog of software and hardware weakness types that can lead to security vulnerabilities. CWE provides a standardized taxonomy for categorizing security weaknesses, such as buffer overflows, injection flaws, and authentication bypasses.
This system helps developers, security analysts, and tools identify patterns of weaknesses and implement appropriate prevention measures during the design and development process.
Related pages
Cyber Crisis
Major cybersecurity incident that significantly impacts business operations, potentially causing financial losses, reputation damage, or regulatory violations.
Cyber crises require immediate executive attention and coordinated response efforts across multiple organizational functions. Effective crisis management can minimize damage and accelerate recovery from major security incidents.
Related pages
Cyber Drill
Simulated cyberattack exercises to test incident response capabilities and identify gaps in security procedures across executive and technical teams.
These drills help teams practice their response to various attack scenarios in a controlled environment. Regular cyber drills improve organizational preparedness and ensure incident response plans remain effective.
Related pages
Cyber Range
Virtual environment for practicing cybersecurity skills and testing defenses against simulated attacks in a safe, controlled setting.
Cyber ranges provide hands-on training opportunities for security professionals to develop their skills. These platforms are used for education, certification training, and red team/blue team exercises.
Related pages
Cyber Resilience
Organization's ability to continue operations despite cyber threats and attacks, encompassing both prevention and recovery capabilities.
Resilient organizations can maintain critical functions even when under attack and quickly restore full operations afterward. Cyber resilience requires comprehensive planning, robust defenses, and effective incident response capabilities.
Related pages
Cyber Risk Score
Quantitative assessment of an organization's cybersecurity risk level based on various security metrics and threat factors.
These scores help organizations prioritize security investments and track their security posture over time. Risk scores enable data-driven decision-making about cybersecurity strategies and resource allocation.
Related pages
Cyber Threat Hunting
Proactive searching for hidden threats within network environments using analytical techniques and threat intelligence. Threat hunters look for indicators of compromise that automated systems might miss, often focusing on advanced persistent threats.
This proactive approach helps organizations detect and respond to sophisticated attacks before they cause significant damage.
Related pages
Cyber Threat Intelligence
Information about current and emerging security threats and threat actors, including their tactics, techniques, and procedures. This intelligence helps organizations understand the threat landscape and make informed security decisions. Threat intelligence can be strategic, tactical, or operational, supporting different levels of security planning and response.
Cyber Threat Protection
Technologies and processes used to defend against cyber threats, including preventive, detective, and responsive security measures. This encompasses antivirus software, EDR (endpoint detection and response), firewalls, intrusion detection systems, and incident response procedures. Effective threat protection requires layered defenses and continuous monitoring of the threat landscape.
Related pages
Cybersecurity Compliance
Adherence to security regulations, standards, and frameworks required by law, industry, or organizational policy. Compliance helps ensure minimum security standards are met and can reduce legal and financial risks. Organizations must regularly assess and demonstrate their compliance with applicable cybersecurity requirements.
Related pages
Cybersecurity Compliance Framework
Standardized guidelines like NIST, ISO 27035, and SANS for security practices that help organizations implement consistent security controls. These frameworks provide structured approaches to cybersecurity and help organizations meet regulatory requirements. Following established frameworks ensures comprehensive security coverage and facilitates compliance auditing.
Related pages
Cybersecurity Training
Education programs to develop security skills and awareness among employees, security professionals, and executives. Training ranges from basic security awareness for all employees to advanced technical training for security specialists. Regular cybersecurity training is essential for maintaining a strong security culture and keeping pace with evolving threats.
Related pages
Cybersecurity Vulnerabilities
Weaknesses in systems that can be exploited by attackers to gain unauthorized access or cause damage. Vulnerabilities can exist in software, hardware, configurations, or processes throughout an organization. Regular vulnerability assessments and prompt patching are critical for maintaining security posture.
Related pages
Cybersecurity Workforce Development
Initiatives to build and train cybersecurity talent to address the global shortage of skilled security professionals. These programs include academic partnerships, certification programs, and career development initiatives. Workforce development is critical for meeting growing demand for cybersecurity expertise across all industries.
Related pages
DAST (Dynamic Application Security Testing)
Security testing performed on running applications to identify vulnerabilities that manifest during execution. DAST tools simulate attacks against live applications to find security flaws that static analysis might miss. This testing approach is essential for identifying runtime vulnerabilities and configuration issues.
Related pages
Dark Caracal
A cyber espionage group believed to be operating out of Lebanon. Dark Caracal is notable for its use of a single, highly sophisticated mobile spyware platform to target a wide range of individuals across more than 20 countries. The group's activities are largely focused on surveillance.
Related pages
DarkSide
A financially motivated, Russian-speaking cybercrime group that specializes in ransomware. DarkSide gained significant infamy after carrying out the Colonial Pipeline attack, which led to a state of emergency in the United States and highlighted the vulnerability of critical infrastructure to ransomware.
Related pages
Dark Storm
A threat actor that has been observed conducting targeted attacks against organizations in the Middle East, particularly focusing on government and critical infrastructure. The group is known for its use of custom malware and sophisticated spear-phishing campaigns to gain initial access and establish persistence within targeted networks.
Related pages
Data Security
Protection of digital information from unauthorized access and corruption throughout its lifecycle. Data security includes encryption, access controls, data loss prevention, and backup strategies. Organizations must protect data whether it's at rest, in transit, or being processed.
Defense in Depth
A cybersecurity strategy that uses multiple layers of security controls to protect information and systems from threats. Each layer provides a different type of protection, so if one layer fails, other layers continue to provide security. This approach includes physical security, network firewalls, access controls, antivirus software, and user training working together.
Related pages
Defensive Security
Protective cybersecurity measures and practices focused on preventing, detecting, and responding to attacks. Defensive security includes firewalls, antivirus software, intrusion detection systems, as well as operational capabilities such as Blue Teams and Security Operations Centers (SOCs). This approach emphasizes protecting assets and maintaining security posture through layered defenses.
Related pages
Dependency Confusion Attack
Attack exploiting package management systems by substituting malicious packages with names similar to internal dependencies. Attackers upload malicious packages to public repositories, hoping developers will accidentally download them instead of legitimate internal packages. This attack type highlights the importance of securing software supply chains and package management processes.
Related pages
DevSecOps (Secure DevOps)
Integration of security practices into software development and operations processes from the earliest stages. DevSecOps emphasizes automation, continuous security testing, and collaboration between development, security, and operations teams. This approach helps organizations build security into applications rather than adding it as an afterthought.
Related pages
DFIR (Digital Forensics and Incident Response)
Investigation and response to cybersecurity incidents using forensic techniques to understand what happened and preserve evidence. DFIR teams collect and analyze digital evidence to determine the scope, impact, and attribution of security incidents. Their work is crucial for understanding attacks, preventing recurrence, and supporting legal proceedings.
Related pages
DORA (Digital Operational Resilience Act)
Adherence to the Digital Operational Resilience Act, a European Union regulation that requires financial institutions to strengthen their cybersecurity and operational resilience. DORA mandates comprehensive ICT risk management, incident reporting, digital operational resilience testing, and oversight of third-party ICT service providers. The regulation aims to ensure that banks, insurance companies, and other financial entities can withstand, respond to, and recover from ICT-related disruptions and cyber threats while maintaining critical operations.
Related pages
Enterprise Cyber Resilience
Organization-wide ability to withstand and recover from cyber threats while maintaining critical business operations. Enterprise resilience encompasses people, processes, and technology across all business functions. It requires comprehensive planning, regular testing, and continuous improvement of security and recovery capabilities.
Related pages
Ethical Hacking
Authorized penetration testing to identify security vulnerabilities using the same techniques as malicious hackers. Ethical hackers help organizations find and fix security weaknesses before they can be exploited by criminals. This practice requires explicit permission and follows strict rules of engagement to ensure no harm is caused.
Related pages
Extended Detection and Response (XDR)
Integrated security platform providing comprehensive threat detection and response across multiple security layers and data sources. XDR correlates data from endpoints, networks, cloud environments, and applications to provide unified threat visibility. This approach improves detection accuracy and enables more effective incident response.
Related pages
Fancy Bear
A Russian state-sponsored cyber espionage group, also known as APT28, believed to be affiliated with the Russian military intelligence agency (GRU). Fancy Bear is one of the most well-known threat actors for its politically motivated attacks, including the 2016 hack of the Democratic National Committee and attacks on various European political organizations.
Related pages
FIN7
A highly organized, financially motivated cybercrime group known for its sophisticated attacks on the retail and hospitality sectors. FIN7 is notorious for its ability to steal payment card data by breaching point-of-sale systems, resulting in the theft of billions of dollars.
Related pages
Fox Kitten
An Iranian-linked cyber espionage and hacktivist group known for targeting vulnerable VPN and remote desktop servers to gain a foothold in targeted networks. The group's primary objective is to steal data and credentials from a wide range of organizations, particularly in the Middle East and North America.
Related pages
HAFNIUM
A sophisticated, Chinese state-sponsored threat group that gained notoriety for exploiting zero-day vulnerabilities in Microsoft Exchange Server. HAFNIUM's attacks aimed to exfiltrate data from U.S.-based organizations, particularly those in the fields of infectious disease research, defense, and law.
Related pages
Incident Management
Structured approach to handling cybersecurity incidents from initial detection through resolution and lessons learned. Incident management ensures consistent, effective responses that minimize damage and restore normal operations quickly. This process includes escalation procedures, communication protocols, and documentation requirements.
Incident Response
Immediate actions taken to address and contain security breaches when they occur. Incident response teams follow predefined procedures to assess, contain, eradicate, and recover from security incidents. Quick, effective incident response can significantly reduce the impact of cyberattacks.
Incident Response Frameworks
Standardized procedures for responding to cybersecurity incidents that provide structure and consistency to response efforts. Popular frameworks include NIST, SANS, and ISO 27035, each offering detailed guidance for incident handling. Following established frameworks helps ensure comprehensive, effective incident response.
Indian Cyber Force
A hacktivist group known for carrying out cyberattacks against government websites and organizations of opposing nations. The group's activities are primarily politically or nationalistically motivated, often involving website defacement and data leaks.
Related pages
Insider Threats
Security risks posed by employees, contractors, or trusted individuals who have authorized access to organizational systems. Insider threats can be malicious (intentional harm) or inadvertent (accidental security breaches). These threats are particularly challenging because they involve trusted individuals with legitimate access to sensitive resources.
Related pages
ISO 27035 Compliance
Adherence to international standard for information security incident management that provides guidelines for planning and implementing incident response. This standard helps organizations establish effective incident management processes and improve their security posture. Compliance demonstrates commitment to international best practices in incident handling.
Related pages
ISRM (Information Security Risk Management)
Process of identifying and mitigating information security risks through systematic assessment and treatment strategies. ISRM helps organizations understand their risk exposure and make informed decisions about security investments. Effective risk management balances security costs with business requirements and risk tolerance.
IT Army of Ukraine
A volunteer-based cyber warfare organization formed at the onset of the 2022 Russian invasion of Ukraine. The IT Army of Ukraine engages in a range of cyber operations, including distributed denial-of-service (DDoS) attacks and intelligence gathering, to support Ukraine's defense efforts.
Related pages
Kamacite
A threat actor believed to be linked to the Russian government. Kamacite is known for its cyber espionage activities against a wide array of targets, including government agencies, military organizations, and private companies. The group often uses a variety of custom tools and malware to exfiltrate sensitive information.
Related pages
Kimusky
A cyber espionage group known for its highly targeted spear-phishing campaigns. Kimusky primarily focuses on gathering intelligence by distributing malware through malicious documents, often targeting specific individuals or small organizations.
Related pages
Lapsus$
A data extortion and hacking group known for its highly aggressive tactics, including using social engineering to gain access to corporate networks. Lapsus$ has successfully breached and extorted major tech companies, often leaking internal data and source code after a successful attack.
Related pages
Lazarus Group
A notorious North Korean state-sponsored threat actor, also known as Hidden Cobra. Lazarus Group is responsible for a series of high-profile cyberattacks, including the Sony Pictures hack and the WannaCry ransomware outbreak, with a focus on both financial gain and political sabotage.
Related pages
LulzSec
A well-known black hat hacking group that gained fame for a series of high-profile, short-lived cyberattacks in 2011. LulzSec's attacks were often carried out for amusement and notoriety, targeting major media outlets and government agencies.
Related pages
MAGNALLIUM
A financially motivated threat actor known for using a variety of malware to target organizations and individuals. The group often focuses on credential theft and the exfiltration of sensitive data for the purpose of financial gain.
Related pages
Malware Analysis
Examination of malicious software to understand its behavior and purpose, helping security teams develop appropriate countermeasures. Analysts use static and dynamic analysis techniques to reverse-engineer malware and understand its capabilities. This analysis supports threat intelligence, incident response, and the development of detection signatures.
Related pages
MITRE ATT&CK (ATT&CK Framework)
Framework mapping adversary tactics, techniques, and procedures based on real-world observations of cyberattacks. The framework provides a common taxonomy for describing and understanding cyber threats across different industries and organizations. Security teams use ATT&CK to improve their defenses and assess their security posture against known attack methods.
Related pages
Network Security
Protection of computer networks from intrusion and unauthorized access through various security controls and monitoring systems. Network security includes firewalls, intrusion detection systems, network segmentation, and access controls. Effective network security creates multiple layers of defense to protect against various types of network-based attacks.
NIST Compliance
Adherence to the National Institute of Standards and Technology cybersecurity framework that provides guidelines for managing cybersecurity risks. The NIST framework is widely adopted across industries and government agencies for its comprehensive, risk-based approach. Compliance with NIST standards demonstrates commitment to cybersecurity best practices.
Related pages
Offensive Security
Proactive security testing using attack simulation and penetration testing to identify vulnerabilities before malicious actors can exploit them. This approach includes Red Team exercises where security professionals simulate realistic attack scenarios to test organizational defenses. Offensive security professionals use the same tools and techniques as attackers to assess security posture from an adversarial perspective and help organizations understand their vulnerability to real-world threats.
Related pages
Onyx Sleet
A Microsoft-attributed threat actor that is believed to be affiliated with the Russian government. Onyx Sleet is known for its destructive cyberattacks, often using a "wiper" malware to delete data from targeted systems, with a focus on causing maximum disruption.
Related pages
Operational Technology (OT)
Hardware and software controlling industrial operations and critical infrastructure such as power plants, manufacturing systems, and transportation networks. OT security is increasingly important as these systems become more connected to corporate networks and the internet. Securing OT requires specialized knowledge of industrial protocols and operational requirements.
Related pages
OWASP
Open Web Application Security Project providing security guidance and tools for developing secure web applications. OWASP maintains the Top 10 list of web application security risks and provides extensive resources for developers and security professionals. The organization's guidance helps improve the security of web applications worldwide.
Related pages
PCI-DSS Compliance
Payment Card Industry Data Security Standard requirements for handling card data that organizations must follow to process credit card payments. PCI-DSS includes specific technical and operational requirements for protecting cardholder data. Non-compliance can result in fines, increased transaction fees, and loss of ability to process card payments.
Related pages
Penetration Testing
Simulated cyberattacks to test security defenses and identify vulnerabilities in systems, networks, and applications. Penetration testers use the same tools and techniques as real attackers to assess security posture. Regular penetration testing helps organizations identify and address security weaknesses before they can be exploited.
Related pages
Personal Cybersecurity
Individual practices to protect personal digital assets and privacy from cyber threats. This includes using strong passwords, enabling two-factor authentication, and being cautious about phishing emails and suspicious links. Personal cybersecurity awareness is important for both individual protection and organizational security.
Related pages
Phishing Simulation
Training exercises using fake phishing attacks to test user awareness and educate employees about email security threats. These simulations help organizations identify users who need additional training and measure the effectiveness of security awareness programs. Regular phishing simulations significantly improve employees' ability to recognize and report suspicious emails.
Related pages
Purple Team
Collaborative approach combining red team (offensive) and blue team (defensive) exercises to improve overall security posture. Purple teams facilitate communication and knowledge sharing between offensive and defensive security professionals. This approach maximizes the learning and improvement opportunities from security exercises.
Related pages
Quantum Cybersecurity
Security considerations for quantum computing threats and protections, including the potential for quantum computers to break current encryption methods. Organizations must prepare for post-quantum cryptography to protect against future quantum computing threats. This field also explores how quantum technologies might enhance cybersecurity capabilities.
Related pages
R00TK1T ISC CyberTeam
A hacktivist group that has been observed carrying out attacks against a variety of targets, including government and corporate entities. The group is known for its politically motivated activities, often involving website defacement and denial-of-service attacks to protest against perceived injustices.
Related pages
Ransomware Attack
Malicious software that encrypts data and demands payment for decryption, often causing significant business disruption. Ransomware attacks have become increasingly sophisticated and targeted, affecting organizations of all sizes. Prevention, detection, and recovery planning are essential for defending against these threats.
Related pages
RASP (Runtime Application Self‑Protection)
Security technology that detects attacks on applications in real-time and can automatically block malicious activities. RASP solutions are integrated into applications to provide continuous protection during execution. This technology complements traditional security measures by providing runtime visibility and protection.
Red Team
Offensive security professionals who simulate attacks to test defenses and identify security weaknesses in realistic scenarios. Red teams use adversarial techniques to challenge blue teams and assess organizational security posture. Their work helps organizations understand how they would fare against real attackers.
Related pages
Regulatory Compliance
Adherence to government and industry cybersecurity regulations that organizations must follow to operate legally. Compliance requirements vary by industry and jurisdiction but generally mandate minimum security standards. Non-compliance can result in fines, legal liability, and business disruption.
Related pages
Resilience Score
A metric measuring an organization's ability to withstand cyber threats and recover from attacks quickly. Resilience scores consider factors such as security controls, incident response capabilities, and business continuity planning. These metrics help organizations track their security improvement efforts and compare their posture to industry benchmarks.
Related pages
Reverse Engineering
Analysis of software or systems to understand their functionality, often used in malware analysis and vulnerability research. Reverse engineering helps security professionals understand how systems work and identify potential security flaws. This technique is essential for analyzing unknown threats and developing appropriate countermeasures.
Related pages
SAST (Static Application Security Testing)
Security testing that examines application source code to find vulnerabilities before software deployment. SAST tools analyze code without executing it, finding security flaws early in the development process. This testing approach helps developers fix security issues before they reach production environments.
Related pages
Salt Typhoon
A Microsoft-attributed advanced persistent threat group, believed to be state-sponsored and operating out of China. Salt Typhoon has been observed targeting a variety of organizations, particularly in the telecommunications and defense sectors, for the purpose of cyber espionage.
Related pages
Sandworm Team
A Russian military intelligence-backed advanced persistent threat group, also known as Voodoo Bear. Sandworm is infamous for its disruptive and destructive cyberattacks, including the 2015 and 2016 attacks on Ukraine's power grid and the global NotPetya ransomware outbreak in 2017.
Related pages
Scattered Spider
A financially motivated hacking group, known for its extensive use of social engineering to trick IT help desk staff and gain initial access to corporate networks. The group often uses these tactics to bypass multi-factor authentication and steal sensitive data.
Related pages
Sector 16
A financially motivated threat actor that specializes in targeting financial institutions. Sector 16 is known for its sophisticated attacks aimed at stealing banking credentials and other financial information for the purpose of large-scale theft.
Related pages
Secure SDLC
Software Development Life Cycle incorporates security at every phase from requirements gathering through deployment and maintenance. Secure SDLC ensures that security is considered throughout the development process rather than added as an afterthought. This approach significantly reduces the number of security vulnerabilities in finished applications.
Related pages
Security Awareness
Knowledge and understanding of cybersecurity risks and best practices among employees and users. Security awareness training helps people recognize and respond appropriately to cyber threats such as phishing emails and social engineering attacks. Strong security awareness culture is essential for organizational cybersecurity.
Related pages
Security Posture
Overall cybersecurity strength and readiness of an organization, encompassing people, processes, and technology. Security posture assessment considers factors such as security controls, policies, training, and incident response capabilities. Organizations regularly assess their security posture to identify improvement opportunities and track their cybersecurity maturity.
Related pages
SOAR (Security Orchestration, Automation and Response)
Platform automating security operations workflows to improve efficiency and response times. SOAR tools integrate with existing security tools to automate common tasks and orchestrate complex response procedures. These platforms help security teams handle increasing volumes of security events more effectively.
SOC (Security Operations Center)
Centralized facility for monitoring and responding to security events across an organization's IT infrastructure. SOCs operate 24/7 to detect, analyze, and respond to cybersecurity incidents in real-time. These centers are staffed by security analysts who use specialized tools to monitor security events and coordinate incident response.
Related pages
SOC Analyst
A professional who monitors and analyzes security events in a SOC, investigating potential threats and coordinating incident response. SOC analysts use security information and event management (SIEM) systems and other tools to identify and respond to security incidents. They serve as the first line of defense in many organizations' cybersecurity operations.
Related pages
SocGhoulish
A malware family primarily used by cybercriminals to distribute other malicious software, such as ransomware. The malware is often delivered through a deceptive "drive-by download" scheme where a user is tricked into downloading a fake software update from a compromised website.
Related pages
Social Engineering
Manipulation of people to divulge confidential information or perform actions that compromise security. Social engineering attacks exploit human psychology rather than technical vulnerabilities to achieve their goals. These attacks can be highly effective because they target the often weakest link in security: human behavior.
Related pages
Stalkerware
Malicious software used to secretly monitor and track individuals, often installed by intimate partners or other trusted individuals. Stalkerware represents a serious privacy threat and can enable domestic abuse and harassment. Detecting and removing stalkerware requires specialized tools and techniques.
Related pages
StrongPity
A threat actor known for its use of watering hole attacks to distribute malware. The group often compromises legitimate software download websites to infect users with a trojan, allowing them to spy on victims and steal sensitive information.
Related pages
Supply Chain Attack
A type of cyberattack targeting less-secure elements in the supply network to gain access to the ultimate target organization. These attacks exploit trust relationships between organizations and their suppliers or vendors. Supply chain attacks can be particularly effective because they leverage legitimate business relationships to bypass security controls.
Related pages
Supply Chain Cybersecurity
Protection of interconnected networks of suppliers and vendors from cyber threats that could impact the entire supply chain. This includes vetting third-party security practices and monitoring for compromised suppliers. Supply chain security is increasingly important as organizations rely more heavily on external partners and cloud services.
Related pages
Threat Detection
The process of identifying potential security threats and malicious activities before they can cause significant damage. Threat detection uses various technologies and techniques including behavioral analysis, signature-based detection, and machine learning. Effective threat detection is crucial for minimizing the impact of cyberattacks.
Threat Intelligence
Information about current and emerging cybersecurity threats that helps organizations make informed security decisions. Threat intelligence includes indicators of compromise, attack techniques, and information about threat actors. Organizations use threat intelligence to improve their detection capabilities and understand the threats they face.
Threat Intelligence Platform (TIP)
Technology solution for collecting and analyzing threat data from multiple sources to support security operations. TIPs help organizations manage large volumes of threat intelligence and integrate it into their security tools. These platforms enable more effective threat hunting and incident response.
Threat Modeling
Systematic approach to identifying and evaluating potential security threats to applications, systems, or organizations. Threat modeling helps security teams understand attack vectors and prioritize defensive measures based on risk. This process is essential for designing secure systems and allocating security resources effectively.
Transparent Tribe
A Pakistani-linked advanced persistent threat group that primarily targets military and government personnel, as well as human rights activists in India and Pakistan. The group uses a variety of custom-developed malware to conduct cyber espionage and surveillance.
Related pages
Turla
A highly sophisticated, Russian state-sponsored cyber espionage group, also known as Snake. Turla is known for its long-running and technically advanced campaigns, often targeting governments and diplomatic organizations around the world to gather intelligence.
Related pages
Van Helsing
A threat actor that is known for its use of sophisticated malware and phishing campaigns to target a variety of industries. The group's activities are largely focused on espionage and the theft of sensitive data from corporate and government entities.
Related pages
Volt Typhoon
A Chinese state-sponsored threat group that has been observed targeting U.S. critical infrastructure organizations. Volt Typhoon is unique in its focus on "living off the land" by using built-in network tools to avoid detection and maintain persistent access for potential future sabotage.
Related pages
Vulnerability Management
The process of identifying, evaluating, and mitigating security vulnerabilities in systems and applications. Vulnerability management includes regular scanning, risk assessment, and prioritized remediation of security weaknesses. This ongoing process is essential for maintaining security posture as new vulnerabilities are discovered regularly.
Related pages
Wild Neutron
A financially motivated cyber espionage group that has been active since at least 2012. Wild Neutron is known for targeting a wide range of organizations, including technology companies and law firms, to steal sensitive corporate data and intellectual property.
Related pages
Wizard Spider
A highly organized, Russian-speaking cybercrime group that is responsible for creating and operating some of the most prominent ransomware and banking trojan families, including Ryuk and Conti. The group is known for its sophisticated and profitable ransomware-as-a-service operations.
Related pages
Zero Trust Architecture
The security model requires verification for every user and device accessing resources, regardless of their location or previous authentication. Zero Trust assumes that threats can exist both inside and outside the network perimeter. This approach provides more granular security controls and better protection against advanced threats and insider attacks.
Related pages
.webp)
Company
Product