Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • supply chain security - Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker can use to determine the state of a communications port without establishing a full connection.
  • timing attack - A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about or access a system.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Tor browser - The Tor (the onion routing) browser is a web browser designed for anonymous web surfing and protection against traffic analysis.
  • TrickBot malware - TrickBot is sophisticated modular malware that started as a banking Trojan but has evolved to support many different types of attacks, including ransomware.
  • Trojan horse - In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.
  • trusted computing base (TCB) - A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.
  • Trusted Platform Module (TPM) - A Trusted Platform Module (TPM) is a specialized chip on a device designed to secure hardware with cryptographic keys.
  • tunneling or port forwarding - Tunneling or port forwarding is the transmission of data intended for use only within a private -- usually corporate -- network through a public network in such a way that the public network's routing nodes are unaware that the transmission is part of a private network.
  • virtual local area network hopping (VLAN hopping) - Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system.
  • virtual machine escape - A virtual machine escape is an exploit in which an attacker runs code on a VM that lets the operating system (OS) running within it break out and interact directly with the hypervisor.
  • virus (computer virus) - A computer virus is a type of malware that attaches itself to a program or file.
  • virus hoax - A virus hoax is a false warning about a computer virus.
  • virus signature (virus definition) - A virus signature, also known as a 'virus definition,' is a piece of code with a unique binary pattern that identifies a computer virus or family of viruses.
  • vishing (voice or VoIP phishing) - Vishing (voice or VoIP phishing) is a type of cyber attack that uses voice and telephony technologies to trick targeted individuals into revealing sensitive data to unauthorized entities.
  • voice squatting - Voice squatting is an attack vector for voice user interfaces, or VUIs, that exploits homonyms -- words that sound the same, but are spelled differently -- and input errors -- words that are mispronounced.
  • vulnerability assessment - A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.
  • vulnerability disclosure - Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.
  • war driving (access point mapping) - War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks (WLANs) while driving around a city or elsewhere.
  • Web bug (Web beacon) - A Web bug, also known as a Web beacon, is a file object (usually a graphic image such as a transparent GIF) that is placed on a Web page or in an e-mail message to monitor user behavior.
  • What are social engineering attacks? - Social engineering is an attack vector that relies heavily on human interaction and often involves psychological manipulation of people into breaking normal security procedures and best practices to gain unauthorized access.
  • What are the top 10 spyware threats? - The top 10 spyware list describes the most common spyware threats behind famous spyware attacks and is frequently identified by leading antispyware tools from vendors like Webroot, Norton and Malwarebytes.
  • What is a block cipher? - A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
  • What is a botnet? - A botnet is a collection of internet-connected devices -- including PCs, servers, mobile devices and internet of things (IoT) devices -- infected and controlled by a common type of malware, often unbeknownst to their owners.
  • What is a brute-force attack? - A brute-force attack is a trial-and-error hacking method cybercriminals use to decode login information and encryption keys to gain unauthorized access to systems.
  • What is a buffer overflow? How do these types of attacks work? - A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold.
  • What is a certificate authority (CA)? - A certificate authority (CA) is a trusted entity that issues digital certificates to authenticate content sent from web servers.
  • What is a certificate revocation list (CRL) and how is it used? - A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.
  • What is a computer exploit? - A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.
  • What is a cookie? - A cookie is a text file carrying some information that a website places on a user's computer.
  • What is a cyberthreat hunter (cybersecurity threat analyst)? - A cyberthreat hunter, also called a cybersecurity threat analyst, proactively identifies security incidents that might go undetected using automated security tools such as malware detectors and firewalls.
  • What is a denial-of-service attack? - A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, networks, services or other IT resources.
  • What is a disaster recovery plan (DRP)? - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume operations after an unplanned incident.
  • What is a firewall and why do I need one? - A firewall is a network security device that prevents unauthorized access to a network by inspecting incoming and outgoing traffic using a set of predetermined security rules.
  • What is a hacker? - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • What is a honeypot? How it protects against cyberattacks - A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to help organizations detect, deflect and study hacking attempts to gain unauthorized access to IT.
  • What is a micro VM (micro virtual machine)? - A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.
  • What is a password? - A password is a string of characters used to verify the identity of a user during the authentication process.
  • What is a potentially unwanted program (PUP)? - A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.
  • What is a private cloud? Definition and examples - Private cloud is a type of cloud computing that delivers advantages similar to public cloud, including scalability and self-service, but through a proprietary architecture.
  • What is a private key? - A private key, also known as a secret key, is a variable in cryptography used with an algorithm to encrypt or decrypt data.
  • What is a public key and how does it work? - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • What is a public key certificate? - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • What is a risk management specialist, and what does one do? - A risk management specialist is a role appointed within organizations to identify potential risks that might negatively affect the business.
  • What is a rootkit? - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • What is a security operations center (SOC)? - A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks.
  • What is a session key? - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • What is a SIM swap attack (SIM intercept attack)? - A SIM swap attack (SIM intercept attack) is a form of identity fraud in which the attacker transfers a user's phone number to a different SIM card to gain access to the user's phone calls, text messages, bank accounts, credit card numbers and other sensitive information.
  • What is a smart home? Everything you need to know - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • What is a stealth virus and how does it work? - A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • What is a stream cipher? - A stream cipher is an encryption method in which data is encrypted one byte at a time.
  • What is a SYN flood DoS attack? - A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.
  • What is a threat actor? - A threat actor, also called a malicious actor, is an entity that poses a security risk and seeks to cause harm to individuals, devices, networks or digital systems, often by exploiting vulnerabilities.
  • What is a threat intelligence feed? - A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security.
  • What is a watering hole attack? - A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.
  • What is a web application firewall (WAF)? WAF explained - A web application firewall (WAF) is a firewall that is meant to protect web applications against common web-based threats.
  • What is a whaling attack (whaling phishing)? - A whaling attack, also known as 'whaling phishing' or a 'whaling phishing attack,' is a specific type of phishing attack that targets high-profile employees, such as the chief executive officer (CEO) or chief financial officer, to steal sensitive information from a company.
  • What is AI red teaming? - AI red teaming is the practice of simulating attack scenarios on an artificial intelligence application to pinpoint weaknesses and plan preventative measures.
  • What is an advanced persistent threat (APT)? - An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.
  • What is an asymmetric cyberattack? - An asymmetric cyberattack refers to cyberwarfare that inflicts a proportionally large amount of damage compared to the resources used by targeting the victim's most vulnerable security measure.
  • What is an attack surface? Examples and best practices - An attack surface is the total number of possible entry points and attack vectors an organization or system has that are susceptible to unauthorized access.
  • What is an attack vector? - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server to deliver a payload or malicious outcome.
  • What is an executable file (EXE file)? - An executable file (EXE file) is a computer file that contains an encoded sequence of instructions the system executes when the user clicks the file icon.
  • What is an initialization vector? - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • What is an input validation attack? - An input validation attack is any malicious cyberattack that involves an attacker manually entering strange, suspicious or unsafe information into a normal user input field of a target computer system.
  • What is an intrusion detection system (IDS)? - An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.
  • What is antimalware? - Antimalware is a software program created to protect IT systems and individual computers from malicious software, or malware.
  • What is antivirus software? - Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices.
  • What is application allowlisting? - Application allowlisting, previously known as 'application whitelisting,' is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is biometric verification? - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • What is biometrics? - Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.
  • What is BitLocker? - BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption feature included with certain Windows versions.
  • What is Blowfish? - Blowfish is a variable-length, symmetric, 64-bit block cipher.
  • What is cipher block chaining (CBC)? - Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block.
  • What is cloud infrastructure entitlement management (CIEM)? - Cloud infrastructure entitlement management (CIEM) is a modern cloud security discipline for managing identities and privileges in cloud environments.
  • What is cloud security? - Cloud security, or cloud computing security, is a set of policies, practices and controls deployed to protect cloud-based data, applications and infrastructure from cyberattacks and cyberthreats.
  • What is Common Vulnerabilities and Exposures (CVE)? - Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of known security threats.
  • What is continuous monitoring? - Continuous monitoring constantly observes the performance and operation of IT assets to help reduce risk and improve uptime instead of taking a point-in-time snapshot of a device, network or application.
  • What is counterintelligence? - Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary's knowledge collection activities or attempts to cause harm through sabotage or other actions.
  • What is crypto ransomware? - Crypto ransomware is a form of ransomware that uses cryptography to encrypt computer files so that the victim cannot access them.
  • What is cryptography? - Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.
  • What is cryptology? - Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.
  • What is cyber attribution? - Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation.
  • What is cyber hijacking? - Cyber hijacking, or computer hijacking, is a type of network security attack in which the threat actor takes control of computer systems, software programs and network communications.
  • What is cyber insurance, and why is it important? - Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract a business or other organization can purchase to reduce the financial risks associated with doing business online.
  • What is cyber resilience? - Cyber resilience is the ability of a computing system to identify, respond to and recover quickly from a security incident.
  • What is cybercrime and how can you prevent it? - Cybercrime is any criminal activity that involves a computer, network or networked device.
  • What is cybersecurity? - Cybersecurity is the practice of protecting systems, networks and data from digital threats.
  • What is cyberstalking and how to prevent it? - Cyberstalking is a crime in which someone harasses or stalks a victim using electronic or digital means, such as social media, email, instant messaging (IM) or messages posted to a discussion group or forum.
  • What is Data Encryption Standard (DES)? - Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.
  • What is data poisoning (AI poisoning) and how does it work? - Data or AI poisoning attacks are deliberate attempts to manipulate the training data of artificial intelligence and machine learning models to corrupt their behavior and elicit skewed, biased or harmful outputs.
  • What is data security posture management (DSPM)? - Data security posture management, or DSPM, is an approach that combines technologies and processes to provide a holistic view of a company's sensitive data, including where the data is, who has access to it, how it has been used and its security posture.
  • What is domain generation algorithm (DGA)? - A domain generation algorithm (DGA) is a program that generates a large list of domain names.
  • What is double extortion ransomware? How to defend your organization - Double extortion ransomware is a type of cyberattack that encrypts a victim's data, like in a traditional ransomware attack, while also adding a second attack vector of stealing that data.
  • What is elliptical curve cryptography (ECC)? - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.
  • What is email spam and how to fight it? - Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients.
  • What is email spoofing? - Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.