The world of cybersecurity constantly changes, so ongoing education is the key to understanding today’s new threats. Yet it all starts with a firm grasp of terminology. Here are answers to 10 commonly asked questions about cybersecurity terms to help you get started.
What Is Cybersecurity?
Cybersecurity is a set of techniques for protecting an organization’s digital infrastructure — including networks, systems, and applications — from being compromised by attackers and other threat actors. Cybersecurity combines technology, people, and processes to create strategies aimed at protecting sensitive data, ensuring business continuity, and safeguarding against financial losses.
What Is Ransomware?
Ransomware is a type of malicious software (malware) that prevents the end user from accessing a system or data. The most common form is crypto ransomware, which makes data or files unreadable through encryption, and requires a decryption key to restore access. Another form, locker ransomware, locks access rather than encrypting files. Attackers typically request a payment, often in the form of bitcoins, to decrypt files or restore access.
What Is a Ransomware Attack?
During a ransomware campaign, attackers often use phishing and social engineering to get a computer user to click on an attachment or a link to a malicious website. Some types of ransomware attacks, however, don’t require user action because they exploit website or computer vulnerabilities to deliver the payload. Once it infects your computer you know you’re a victim because the attack will launch an on-screen notification with the ransom demand.
What Is Cross-Site Scripting?
Cross-site scripting (XSS) is an attack that injects malicious scripts into a legitimate and trusted website. XSS attacks exploit vulnerabilities in web applications. The malicious code executes when an unsuspecting end-user visits the website and then may access sensitive data and session information gathered by the browser. Attackers also use XSS to plant trojans, keyloggers, and other malware.
What Is a Security Misconfiguration?
Security misconfigurations result from the failure to properly implement security controls on devices, networks, cloud applications, firewalls, and other systems, and can lead to data breaches, unauthorized access, and other security incidents. Misconfigurations can include anything from default admin credentials, open ports, and unpatched software, to unused web pages and unprotected files.
What Is a SQL Injection?
A SQL injection is a technique that inserts structured query language (SQL) code into a web application database. Web applications use SQL to communicate with their databases, and a SQL injection relies on a user to input information, such as login credentials. Attackers can use SQL injections to perform actions such as retrieval or manipulation of the database data, spoofing user identity, and executing remote commands.
What is a SIEM?
SIEM stands for security information and event management. SIEM is an integrated tool that collects and aggregates security events and alerts from different security products. The SIEM software analyzes and correlates those events to identify potential threats inside an organization’s environment.
What Are Managed Security Services?
Managed security is a service or solution provided by an outside vendor, typically as a subscription model, to manage and oversee a specific security aspect. Organizations typically use managed security services either to completely outsource their security functions or to scale their needs to complement their in-house capabilities.
What Is an MSSP?
A managed security service provider (MSSP) is a vendor that manages and monitors an organization’s security 24×7. MSSP services may include, among others, deployment of security infrastructure, monitoring endpoints, and managing network security.
What is SOC-as-a-Service?
SOC-as-a-service is a subscription-based, outsourced alternative to an in-house security operations center (SOC). A SOC-as-a-service vendor offers a comprehensive set of solutions, such as managed detection and response, and provide organizations with a dedicated team of experts who are available around the clock to detect, monitor, and respond to incidents. SOC-as-a-service combines people, processes, and technology to deliver cost-effective cybersecurity and help organizations maintain compliance.
Ask Us a Question!
Arctic Wolf’s concierge SOC-as-a-service team stands ready to monitor and protect your environment, and guide you through best practices for security. Got more questions? Send them to firstname.lastname@example.org and we’ll get them answered for you!