General infosec terminology
APT: An advanced persistent threat is defined by an intruder’s ability to remain persistent within the network. A criminal hacker will attempt to maintain network access for as long as possible, without detection.
DDoS: Distributed denial of service, or DDoS, refers to the flooding of bandwidth with traffic from multiple sources and IP addresses (computers, internet connected devices, etc.) to render a web service unusable. Hackers may request a ransom with the promise of lifting the attack, or they may use DDoS as a diversion.
IOC: An indicator of compromise is any piece of forensic data that indicates a network intrusion. IOCs are usually uncovered through ongoing log data analysis. Typical IOCs include virus signatures and IP addresses, MD5 hashes of malware files, or URLs or domain names of botnet command-and-control servers.
NOC: A network operations center is a central location from where network administrators manage and control to one or more networks and a primary server across geographically distributed sites. NOC engineers deal with DDoS attacks, power outages, network failures and routing black holes.
SOC: A security operations center is the combination of cybersecurity personnel, threat detection and incident response processes, and supporting security technologies that make up an organization’s security operations. Larger enterprises typically build and manage a SOC in house. SMEs may outsource their SOC to a SOC-as-a-service that provides continuous threat detection and response services.
MSP: A managed service provider refers to any IT vendor who provides a service, software or technology on a subscription basis. The MSP is held responsible for meeting certain service-level agreements (SLAs) for the duration of a contract. Unlike technology or services that are entirely managed in-house or on-premises, ongoing maintenance of the managed service is shouldered by the MSP, typically off-site. As a result, MSPs can usually provide services with less overhead and predictable, pay-per-user pricing.
MSSP: A managed security service provider is a type of MSP that provides 24/7 management, monitoring and maintenance of security services at a fixed subscription cost. This may include configuring and monitoring firewalls, intrusion detection, endpoint protection and other cybersecurity products.
MDR: Managed detection and response providers deliver services that focus on threat detection, incident response and continuous monitoring capabilities. These services are delivered by providers that do not fit the traditional managed security service providers model.
MDR providers typically use their own cloud-based technology stack that includes a proprietary security information and event management (SIEM), and consumes log data from customers’ existing cybersecurity tools (NG firewall, web app firewall, endpoint detection and response, anti-virus, etc.). In addition to technology, MDR providers include best-of-breed processes and cybersecurity experts to hunt down and triage advanced threats, and recommend remediation/response actions.