The world of cybersecurity constantly changes, so ongoing education is the key to understanding today’s new threats. But how do you even begin?
It all starts with a firm grasp of terminology. However, knowing all the different terms can feel overwhelming. Don't worry. We got you.
Here are a variety of important terms, attack types, regulations, commonly asked questions, and even steps to help you learn how to defend against cyberattacks.
Cybersecurity 101: Terminology
What Is Cybersecurity?
Is there a better place to start? "Cybersecurity" is a set of techniques for protecting an organization’s digital infrastructure—including networks, systems, and applications—from being compromised by attackers and other threat actors. Cybersecurity combines technology, people, and processes to create strategies aimed at protecting sensitive data, ensuring business continuity, and safeguarding against financial losses.
What Are The Types of Cybersecurity Solutions?
Anti-virus is a type of IT security software that scans for, detects, blocks and eliminates malware. AV programs will typically run in the background, scanning for known malware signatures and behavior patterns that may indicate the presence of malware.
Endpoint detection and response is a category of tools and solutions that focus on detecting, investigating and mitigating suspicious activity on endpoints and hosts. The value of EDR is in its ability to detect advanced threats that may not have a known behavioral pattern or malware signature. EDR can also trigger an adaptive response based on the nature of detected threats. Arctic Wolf’s security offerings complement EDR solutions to provide a higher level of overall security.
Managed detection and response is a component of SOC-as-a-service that offers comprehensive solutions for continuous monitoring, threat detection, and incident response by a third-party vendor. It's a holistic, turnkey solution for real-time, advanced threat management that helps in-house IT teams prioritize incidents and improve their organization’s security posture.
A network operations center is a central location from where network administrators manage and control one or more networks and a primary server across geo- graphically distributed sites. NOC engineers deal with DDoS attacks, power outages, network failures and routing black holes. A NOC is not a security solution. A customer with a NOC, or NOC services, is not protected from advanced cyberthreats.
A security operations center is the combination of cybersecurity personnel, threat detection and incident response processes, and supporting security technologies that make up an organization’s security operations. Larger enterprises typically build and manage a SOC in-house. Organizations of every size may choose to outsource their SOC to a SOC-as-a-service provider like Arctic Wolf.
SIEM stands for security information and event management. SIEM is an integrated tool that collects and aggregates security events and alerts from different security products. The SIEM software analyzes and correlates those events to identify potential threats inside an organization’s environment.
Vulnerability management solutions identify, track, and prioritize internal and external cybersecurity vulnerabilities, optimizing cyberattack prevention activities such as patching, upgrades, and configuration fixes. Arctic Wolf Managed Risk is a market-leading continuous VM service.
Vulnerability assessment is the process of identifying, classifying, and prioritizing vulnerabilities in business systems. Assessments can focus on internal, external, or host-based vulnerabilities.
What are the Different Cyberattack Types?
A brute-force attack is an attempt by a malicious actor to gain unauthorized access to secure systems by trying all possible passwords and guessing the correct one. Arctic Wolf MDR service tracks login attempts and failures, and can detect brute-force attacks.
Cross-site scripting (XSS) is an attack that injects malicious scripts into a legitimate and trusted website. XSS attacks exploit vulnerabilities in web applications. The malicious code executes when an unsuspecting end-user visits the website and then may access sensitive data and session information gathered by the browser. Attackers also use XSS to plant trojans, keyloggers, and other malware.
A data breach refers to any event where unauthorized users steal sensitive information from a company. Often this information is personally identifiable information (PII) or financial information for resale. Arctic Wolf MR can identify vulnerabilities hackers are likely to exploit before they attack, and Arctic Wolf MDR can detect hackers attempting to breach a system, or any actor removing data in violation of policy.
A distributed denial-of-service attack seeks to crash a web server or an online service by flooding it with more traffic than it can handle. The attack is executed in stages that include installing command-and-control (C2) software on victim devices and creating botnets that are programmed to target the online server or service.
DNS hijacking, also known as DNS redirection and DNS poisoning, redirects queries to a Domain Name System (DNS), typically to a malicious website that contains malware or advertising or other unwanted content. DNS is the equivalent of a series of internet phone books, and DNS hijacking essentially forces the browser to go to the wrong location.
In a drive-by attack, the user doesn't have to download malware, click on a malicious link, or take some other action. Instead, malicious code is downloaded automatically to the user's device, typically when the user visits a compromised website.
An exploit is a malicious application or script that takes advantage of a vulnerability in endpoints and other hardware, networks, or applications. Attackers typically use exploits to take control of a system or device, to steal data, or to escalate access privileges. Exploits are often used as a component of a multi-layered attack.
Malware is malicious software that spreads via an email attachment or a link to a malicious website. It infects the endpoints when a user opens the attachment or clicks on the link.
Ransomware is a type of malicious software (malware) that prevents the end user from accessing a system or data. The most common form is crypto ransomware, which makes data or files unreadable through encryption, and requires a decryption key to restore access. Another form, locker ransomware, locks access rather than encrypting files. Attackers typically request a payment, often in the form of bitcoins, to decrypt files or restore access.
What Happens During a Ransomware Attack?
During a ransomware campaign, attackers often use phishing and social engineering to get a computer user to click on an attachment or a link to a malicious website. Some types of ransomware attacks, however, don’t require user action because they exploit website or computer vulnerabilities to deliver the payload. Once it infects your computer you know you’re a victim because the attack will launch an on-screen notification with the ransom demand.
Phishing is a malicious email that tricks users to surrender their user credentials. The email may appear legitimate, as if coming from your bank, and ask you to reset your password. In a spearphishing attack, an individually-crafted email targets a key executive or decision maker. Arctic Wolf MDR can detect and warn you of phishing and spearphishing.
Security misconfigurations result from the failure to properly implement security controls on devices, networks, cloud applications, firewalls, and other systems, and can lead to data breaches, unauthorized access, and other security incidents. Misconfigurations can include anything from default admin credentials, open ports, and unpatched software, to unused web pages and unprotected files.
An SQL injection is a technique that inserts structured query language (SQL) code into a web application database. Web applications use SQL to communicate with their databases, and a SQL injection relies on a user to input information, such as login credentials. Attackers can use SQL injections to perform actions such as retrieval or manipulation of the database data, spoofing user identity, and executing remote commands.
A Trojan horse is typically a legitimate-looking but malicious code or application that can be used for a variety of nefarious actions, including to steal, delete, or modify data—and disrupt computers or a network. Trojans have different categories, such as exploits, backdoors, and rootkits.
What Are the Different Kinds of Regulations?
The California Consumer Privacy Act applies to all businesses selling products and services to Californians, regardless of the business' physical location or presence in the state. CCPA enables consumers to request information about what data the business collects about them and for what purposes. Businesses that don't meet certain minimum thresholds are exempt.
The Payment Card Industry Data Security Standard (PCI-DSS) was developed to protect credit, debit and cash card transactions and prevent misuse of cardholders’ personal information by any companies/ merchants that electronically handle cardholder data. PCI imposes compliance requirements on any company that processes customer payments. Arctic Wolf helps customers meet PCI compliance goals.
The National Institute of Standards and Technology is a non-regulatory entity under the umbrella of the United States Department of Commerce. NIST Publication Series 800 provides a comprehensive listing of information security measures and controls based on extensive research. Arctic Wolf delivers prevention, detection, and response functions as defined by NIST.
The Health Insurance Portability and Accountability Act protects the privacy of patient health records. Title II, in particular, governs the secure storage, processing, transfer and access of electronic protected health information (ePHI). HIPAA imposes compliance requirements on health- care providers and related companies. Arctic Wolf helps customers meet HIPAA compliance goals.
The Defense Federal Acquisition Regulation Supplement (DFARS) to the Federal Acquisition Regulation (FAR). DFARS is administered by the Department of Defense (DoD), and applies to DoD contractors that process, store, or transmit unclassified, nonpublic information.
The General Data Protection Regulation is a legal framework that sets guidelines for the collection and processing of individuals’ personal information within the European Union (EU). Organizations must comply regardless of their physical location or presence in the EU if they process or store data of EU subjects.
What Are Managed Security Services?
Managed security is a service or solution provided by an outside vendor, typically as a subscription model, to manage and oversee a specific security aspect. Organizations typically use managed security services either to completely outsource their security functions or to scale their needs to complement their in-house capabilities.
What Is an MSSP?
A managed security service provider (MSSP) is a vendor that manages and monitors an organization’s security 24×7. MSSP services may include, among others, deployment of security infrastructure, monitoring endpoints, and managing network security.
What is SOC-as-a-Service?
SOC-as-a-service is a subscription-based, outsourced alternative to an in-house security operations center (SOC). A SOC-as-a-service vendor offers a comprehensive set of solutions, such as managed detection and response, and provide organizations with a dedicated team of experts who are available around the clock to detect, monitor, and respond to incidents. SOC-as-a-service combines people, processes, and technology to deliver cost-effective cybersecurity and help organizations maintain compliance.
What Are the Necessary Steps to Protect Against Cyber Threats?
You cannot protect what you don't know you have—the first step in protecting against threats is to identify the vulnerabilities in your environment. A risk assessment helps you identify and manage vulnerabilities. Once you perform a vulnerability scan, you can prioritize mitigation steps based on the top risks. Since your environment continuously changes—and therefore so do your risks—identifying vulnerabilities should be a continuous, ongoing process.
To protect your IT infrastructure against threats, you need multi-layered defenses across your perimeter, as well as anywhere your data resides or is accessed. This includes your cloud applications and workloads, BYOD devices, and any place where users may access your network and sensitive resources.
Threats will slip through, as no protection is fool proof, no matter how many layers you have. Detection helps you find the threats that got past your defenses, whether that's never-before-seen malware, or an attacker using stolen credentials. You should monitor your environment 24x7, and detection can't rely on technology alone. You need skilled security analysts who can make the type of decisions that require human intelligence.
The quicker you respond, the better your chances to limit the "blast radius"—that is, the damage an attack can inflict on your organization—and prevent data exfiltration. In addition to analysts to monitor alerts, your security team needs responders who can quickly make decisions to minimize an incident. Automating some of the response actions will also speed up the remediation cycle.
Recovery is the final step after an incident, and recovery preparedness includes more than simply ensuring data backup. After an attack, you need to both quickly restore affected systems and operations, as well as ensure that the threat is eradicated. It's also highly recommended to include data recovery processes and procedures into your disaster recovery plan.
Ask Us a Question!
Arctic Wolf’s concierge SOC-as-a-service team stands ready to monitor and protect your environment, and guide you through best practices for security. Got any questions? Feel free to reach out. Send them to email@example.com and we’ll get them answered for you!