Access control lists (ACL) control or restrict the flow of traffic through a digital environment. ACL rules grant or deny access in two general categories: 1. Filesystem ACLs apply to files and/or directories; 2. Networking ACLs apply to the network routers and switches.
Active Directory (AD) is the proprietary directory service for Windows domain networks. It consists of a database and numerous services that connect users to network resources such as devices, data, folders, etc.
Active Directory (AD) is Microsoft’s proprietary directory service for Windows domain networks. Active Directory authentication is AD’s system for authenticating users, computers, and services. The system relies on protocols which use ticketing to securely grant access. It prevents unauthorized access to AD and aids effective role-based access control (RBAC).
Advanced threat protection is a type of cybersecurity dedicated to preventing pre-planned cyberattacks, such as malware or phishing. ATP combines cloud, file sharing, email, network, and endpoint security.
Agentless monitoring is a form of IT monitoring that does not require the installation of a software agent. Agentless monitoring protocols or APIs collect data and performance metrics from infrastructure, devices, and applications. Without the need to install agents on servers or devices, agentless monitoring offers scalability and ease of maintenance.
What Is Anomaly Detection? Anomaly detection is the process of analyzing company data to find data points that don’t align with a company's standard data pattern. Companies use anomalous activity detection to define system baselines, identify deviations from that baseline, and investigate ...
What is an Application Gateway (App Gateway)? An application gateway is a security measure that protects web applications. They replace traditional web applications that require the same login credentials as the data center. Instead, users access application gateways through mobile apps and cloud ...
Your organization's attack surface is a collection of all the external points where someone could infiltrate your corporate network. Think of your attack surface as any opportunity or vulnerability a bad agent can use to enter part of your IT infrastructure.
A runtime decision-making strategy for what features and/or data a user can access based on policies and user attributes.
Authentication is the process of verifying a user or device before allowing access to a system or resources.
The difference between an IAM role and a user is that a role can be temporarily or permanently applied to a user to give the user bulk permissions for a task. Unlike a user, a role does not have associated passwords or credentials and can be easily applied to multiple users to grant access to a set of permissions at once.
A bastion host is a server used to manage access to an internal or private network from an external network - sometimes called a jump box or jump server.
A brute force attack is a cyber attack where a hacker guesses information, such as usernames and passwords, to access a private system. The hacker uses trial-and-error until correctly guessing the credentials needed to gain unauthorized access to user accounts or organizational networks.
Software or hardware that is either hosted in the cloud or on-premises. It adds a layer of security between users and cloud service providers and often overlaps with secure web gateway (SWG) functionality.
CI/CD (continuous integration/continuous deployment) is a collection of practices for engineering, testing, and delivering software. A CI/CD pipeline is composed of the tools that developers, test engineers, and IT operations staff use to execute these practices. CI/CD pipeline tools leverage automation to improve code quality and speed time to market.
Cloud Infrastructure Entitlement Management (CIEM, pronounced “kim”) is a category of specialized software-as-a-service solutions that automate the detection, analysis, and mitigation of cloud infrastructure access risk across hybrid and multi-cloud environments.
What is Cloud Workload Security? Cloud workload security is the practice of securing applications and their composite workloads running in the cloud. Examples of cloud workloads include applications, virtual machines, containers, databases, and services. It is necessary to protect all cloud ...
Continuous Adaptive Risk and Trust Assessment (CARTA) is an IT security framework that goes beyond traditional role-based access control (RBAC). By adding attribute-based access control (ABAC), it enables continuous, context-aware security assessment in real time. Gartner introduced CARTA in 2010, building on its original Adaptive Security Architecture.
Credential stuffing is a type of cyber attack that occurs when a person or bot steals account credentials, such as usernames and passwords, and tries to use them to access multiple systems.
Cyber insurance, also called cybersecurity insurance or cyber liability insurance, is an insurance policy that covers the losses a business might suffer from a data breach or cyber attack.
Data Loss Prevention (DLP) is a series of tools and practices that help companies recognize and prevent data exposure by controlling the flow of information within and outside of the organization.
Data observability is the ability to understand, diagnose, and manage data health across multiple IT tools throughout the data lifecycle. A data observability platform helps organizations to discover, triage, and resolve real-time data issues using telemetry data like logs, metrics, and traces.
What is Defense-in-depth? Defense-in-depth began as a military term for a layered approach to protection. The NSA has taken that military strategy and applied it to cybersecurity. Defense-in-depth means applying a multi-faceted approach to reducing risk while containing and eliminating threats. ...
Deprovisioning removes the access rights and deletes the accounts associated with a user on a network. When an organization offboards an individual, it’s important to terminate the access rights to applications, systems, and data. Neglecting to do so can result in “zombie accounts,” compromised security, or data leaks.
Digital Forensics and Incident Response (DFIR) is a cybersecurity practice for identifying, investigating, and remediating cyberattacks. Computer security incident response teams (CSIRT) collect and review data from applications, networks, and endpoints in order to analyze an attack. They typically follow up with various types of responses, reporting, and remediations.
What are Directory Services? A directory service is a database containing information about users, devices, and resources. This information, such as usernames, passwords, and user preferences, allows system and network administrators to control access to applications and resources. Also known as ...
FIDO2 is the newest set of specifications from the FIDO Alliance. It enables the use of common devices to authenticate to online services on both mobile and desktop environments, using unique cryptographic login credentials for every site.
Compliance with the Health Insurance Portability and Accountability Act (HIPAA) means adhering to the rules and regulations that impact what, how, and when protected health information (PHI) can be shared, and by whom.
HITRUST is a non-profit company that delivers data protection standards and certification programs to help organizations safeguard sensitive information, manage information risk, and reach their compliance goals.
A honeypot is a phony digital asset designed to look like a poorly-guarded, valuable asset. The goal is to trick cyber attackers into targeting the vulnerable honeypot, which deflects attention away from critical assets, alerts companies to when and what type of attack is occurring, and enables them to mitigate the risk before important network security perimeters are compromised.
Identity and access management (IAM or IdAM) is a framework containing the tools and policies a company uses to verify a user’s identity, authorize controlled access to company resources, and audit user and device access across their IT infrastructure.
Identity as a Service (IDaaS) is an identity and access management (IAM) solution delivered in a cloud-based service that is hosted by a trusted third party.
Identity governance and administration (IGA), also called identity security, is a set of policies that allow firms to mitigate cyber risk and comply with government regulations to protect sensitive data. These policies help prevent breaches by ensuring that the right employees access data only as needed.
What is Identity Lifecycle Management? Identity lifecycle management is the process of managing user identities and access privileges for all members of an organization. It follows each user from onboarding to departure, provisioning, updating or revoking access to applications and resources as ...
Identity security refers to the tools and processes intended to secure identities within an organization. Based upon the Zero Trust model, identity security assumes that any identity may potentially become privileged and access important assets. It aims to protect, manage, and monitor identities to prevent unauthorized access, breaches, and theft.
An indicator of attack (IOA) is digital or physical evidence of a cyberattacker’s intent to attack. IOA detection focuses specifically on an adversary’s motive rather than specific tools or methods used. By determining an attacker’s objective early in the attack lifecycle, security teams can proactively prevent a data breach from occurring.
An insider threat is a threat to an organization that occurs when a person with authorized access—such as an employee, contractor, or business partner—compromises an organization’s data security, whether intentionally or accidentally.
ISO/IEC 27001, or ISO 27001, is the international standard that defines best practices for implementing and managing information security controls within an information security management system (ISMS).
ISO 27002, or ISO/IEC 27002:2022, provides guidance on the selection, implementation, and management of security controls based on an organization's information security risk environment.
ISO 27003, also called ISO/IEC 27003:2017, provides guidance for implementing an ISMS based on ISO 27001.
Just-in-time (JIT) access is a feature of privileged access management (PAM) solutions to grant users access to accounts and resources for a limited time when they need them.
Kerberoasting is a post-compromise attack technique for cracking passwords associated with service accounts in Microsoft Active Directory. The attacker impersonates an account user with a service principal name (SPN) and requests a service-related ticket. They then crack the password hash linked to that service account, log in with the plaintext credentials, and advance the attack.
Lateral movement is when an attacker gains initial access to one part of a network and then attempts to move deeper into the rest of the network — typically via remote desktop tools or remote administration tools (RATs).
Lightweight directory access protocol (LDAP) is an open-standard and vendor-agnostic application protocol for both verifying users' identities and giving access to on-premises servers, applications, and even some devices. After installing an LDAP client on a user device, it can use transmission control protocol/internet protocol (TCP/IP) to communicate with a directory on the network to access a resource such as an email server, printer, or data set.
Log analysis is the practice of examining event logs in order to investigate bugs, security risks, or other issues. Analyzing automatically generated log files—which capture activity taking place within applications, operating systems, and devices—can help IT staff pinpoint root causes, track user behavior, and solve customer-facing issues.
Log data—from system, application, and security log files, for example—help IT staff identify technical issues, troubleshoot, improve performance, and address security issues. Log management is the practice of collecting, processing, analyzing, and storing log data from multiple sources. It centralizes the data, enabling IT to easily access, search, and analyze it.
A man-in-the-middle (MITM) attack is a cyber attack in which a threat actor puts themselves in the middle of two parties, typically a user and an application, to intercept their communications and data exchanges and use them for malicious purposes like making unauthorized purchases or hacking.
Microsegmentation is a network security practice that creates secure zones within data center environments by segmenting application workloads into intelligent groupings and securing them individually.
Monitoring is the collection and analysis of data pulled from IT systems. DevOps monitoring uses dashboards— often developed by your internal team—to measure the health of your applications by tracking particular metrics.
Network segmentation (also known as network partitioning or network isolation) is the practice of dividing a computer network into multiple subnetworks in order to improve performance and security.
NIST compliance broadly means adhering to the NIST security standards and best practices set forth by the government agency for the protection of data used by the government and its contractors.
Observability is defined as a measure of how well the internal states of a system can be inferred from knowledge of its external outputs.
OAuth (OAuth 2.0 since 2013) is an authentication standard that allows a resource owner logged-in to one system to delegate limited access to protected information to a third party without sharing the owner’s security credentials. Instead, the third-party system obtains approval from the resource owner for a short-lived access token from an authorization server with approval of the resource owner.
OpenID Connect (OIDC) is an authentication layer built on top of the OAuth 2.0 authorization framework. OIDC allows third-party applications to obtain basic end-user profile information and verify an end user's identity. OpenID Connect (OIDC) allows a wide range of users to be identified, from single-page applications (SPAs) to native and mobile apps. Like SAML, OIDC may also be used to provide single sign-on (SSO) across apps.
Passwordless authentication is a verification method in which a user gains access to a network, application, or other system without a knowledge-based factor such as a password, security question, or PIN.
PCI compliance—or payment card industry compliance—is the process businesses follow to meet the Payment Card Industry Data Security Standard (PCI DSS).
Policy-Based Access Control (PBAC) is another access management strategy that focuses on authorization. Whereas RBAC restricts user access based on static roles, PBAC determines access privileges dynamically based on rules and policies. Although PBAC is fairly similar to ABAC, ABAC requires more IT and development resources (e.g., XML coding) as the number of attributes required increases.
In network security, least privilege is the practice of restricting account creation and permission levels to only the resources a user requires to perform an authorized activity.
Privileged access management (PAM) encompasses the policies, strategies, and technologies used to control, monitor, and secure elevated access to critical resources for human and service accounts.
Cloud privileged access management is cloud-based PAM consumed as a service, or PAMaaS. Companies can replace their on-premises PAM technology with a fully managed cloud PAM solution. Doing so offers benefits including cost savings, reduced maintenance, and improved security.
A privileged account is a user account with greater privileges than those of ordinary user accounts. Privileged accounts may access important data or systems or exercise administrative powers. For these reasons, it is especially important to secure privileged accounts to prevent unauthorized use.
Privileged identity management is the process companies use to manage which privileged users—including human users and machine users—have access to which resources.
What is Privileged Session Management? Privileged session management (PSM) is an IT security process that monitors and records the sessions of privileged accounts. When these accounts access servers, databases, and network devices, PSM captures activity, like screen output and keystrokes. ...
“Red team vs. blue team” is a cybersecurity drill during which one group, dubbed the “red team,” simulates the activities of cyberattackers. A separate group, dubbed the “blue team,” defends against the red team’s attacks. This helps organizations test their defense capabilities against real-world attack techniques, discover vulnerabilities, and develop remedies.
Remote code execution (RCE) is a cyberattack in which an attacker remotely executes commands to place malicious code on a computing device. Input or activity on the part of the target (such as downloading malware) is not necessary. RCE can compromise a device and exfiltrate data with nothing more than a public or private network connection.
What is Robotic Process Automation (RPA) Security? Robotic process automation (RPA) is software that mimics human actions to automate digital tasks. Having many RPA robots, or bots, in production poses a significant security risk by increasing the surface area for cyberattacks. Organizations can ...
Role-based access control (RBAC) is a security approach that authorizes and restricts system access to users based on their role(s) within an organization.
SAML is a popular online security protocol that verifies a user’s identity and privileges. It enables single sign-on (SSO), allowing users to access multiple web-based resources across multiple domains using only one set of login credentials.
SAML enables SSO by defining how organizations can offer both authentication and authorization services as part of their infrastructure access strategy. As an open standard, SAML can be implemented by a wide variety of identity and access management (IAM) vendors. Additionally, IdPs and service providers that adhere to the standard can communicate freely, regardless of vendor.
Secrets management is a cybersecurity best practice for securing digital authentication credentials. It relies on various tools and methods to store, access, and manage these credentials.
Secure Access Service Edge (more commonly known by the SASE acronym) is a cloud architecture model that combines network and security-as-a-service functions to deliver them as a single cloud-based service.
A Security Incident Response Policy (SIRP) establishes that your organization has the necessary controls to detect security vulnerabilities and incidents, as well as the processes and procedures to resolve them.
Security Operations (SecOps) is a methodology that fuses IT operations and information security. Its goal is to reduce security risks and vulnerabilities in applications without compromising performance, uptime, or business agility and innovation.
What is Shadow IT? Shadow IT is software or hardware in use in an organization without the knowledge of the IT department. Business units or individuals may adopt cloud services, software, or devices without informing IT to help boost productivity. Shadow IT can result in application sprawl, ...
Single-factor authentication (SFA) or one-factor authentication involves matching one credential to gain access to a system (i.e., a username and a password). Although this is the most common and well-known form of authentication, it is considered low-security and the Cybersecurity and Infrastructure Security Agency (CISA) recently added it to its list of Bad Practices.
SOC 2 stands for “Systems and Organizations Controls 2” and is sometimes referred to as SOC II. It is a framework designed to help software vendors and other companies demonstrate the security controls they use to protect customer data in the cloud.
With a software-defined network, networking devices directly connect to applications through application programming interfaces (APIs), making SDN programmable and independent from the hardware infrastructure.
SOX compliance is an annual obligation derived from the Sarbanes-Oxley Act (SOX) that requires publicly traded companies doing business in the U.S. to establish financial reporting standards, including safeguarding data, tracking attempted breaches, logging electronic records for auditing, and proving compliance.
Derived from the Greek roots tele ("remote") and metron ("measure”), telemetry is the process by which data is gathered from across disparate systems to paint a picture of the internal state of the larger system that contains them.
Threat hunting is the cyber defense practice of proactively searching for threats within a network. Threat hunters look for threats that may have evaded an organization’s existing endpoint security. Their main aim is to prevent any present threats or attacks from advancing and doing serious harm.
The ultimate findings from cyberthreat analyses are referred to as threat intelligence. Producing threat intelligence involves a cycle of collecting data and information on threats, analyzing it, and then carefully interpreting it. Threat intelligence can inform evidence-based decisions on how best to prevent or halt cyberattacks.
Two-factor authentication (2FA) adds a second layer of protection to your access points. Instead of just one authentication factor, 2FA requires two factors of authentication out of the three categories: 1. Something you know (i.e., username and password). 2. Something you have (e.g., a security token or smart card). 3. Something you are (e.g., TouchID or other biometric credentials).
Vulnerability management (VM) is the proactive, cyclical practice of identifying and fixing security gaps. It typically leverages scanning software to pinpoint vulnerabilities in endpoints, applications, operating systems, and so forth. Security teams may apply patches or reconfigure settings, for example, to eliminate vulnerabilities before attackers can exploit them.
WebAuthn is the API standard that allows servers, applications, websites, and other systems to manage and verify registered users with passwordless authentication such as a biometric or possession-based device authenticator.
Active Directory (AD) bridging lets users log into non-Windows systems with their Microsoft Active Directory account credentials. This extends AD benefits across Windows and non-Windows systems and network devices, such as Linux, UNIX, and so forth. It also facilitates identity consolidation and limits the number of local accounts across IT systems, reducing attack surface.
Zero Trust is a modern security model founded on the design principle “Never trust, always verify.” It requires all devices and users, regardless of whether they are inside or outside an organization's network, to be authenticated, authorized, and regularly validated before being granted access.