Active Directory is a crucial directory service provided by Microsoft Windows, assisting administrators in setting up permissions and managing network access.

"Attack surface" is the vulnerable areas within a system or organization that can be exploited by hackers. These points of access provide unauthorized individuals with the opportunity to infiltrate the system and inflict harm.

Managing attack surfaces involves the ongoing process of identifying, monitoring, assessing, prioritizing, and addressing potential vulnerabilities within an organization's IT infrastructure.

An advanced persistent threat (APT) is a complex and long-lasting cyberattack where an intruder quietly infiltrates a network to steal sensitive data over an extended period. "APT" can also be used to describe a specific type of attacker, implying they are an advanced and persistent threat in comparison to other threats within the, referenced threat landscape.

ASPM, or Application Security Posture Management, is a vital process that assists organizations in evaluating, managing, and enhancing the security of their custom applications throughout the development life cycle. Utilizing ASPM tools enables organizations to pinpoint vulnerabilities, evaluate risks, and prioritize actions to prevent breaches, protect sensitive data, and uphold compliance with industry regulations.

Business email compromise (BEC) is a cyberattack method where hackers pretend to be a trusted person online to deceive employees or customers into doing something they want, like sending money, sharing information, or revealing sensitive data.

A cloud access security broker (CASB) acts as a security gatekeeper between cloud network users and cloud-based applications, overseeing and enforcing data security policies such as authentication, authorization, alerts, and encryption.

Cloud Workload Protection platforms provide organizations with the means to consistently monitor and eliminate threats from their cloud workloads and containers.

A cloud workload protection platform (CWPP) is a comprehensive cloud security solution that provides ongoing threat monitoring and detection for cloud workloads in various modern cloud environments.

A cloud-native application protection platform (CNAPP) is a comprehensive software solution designed to streamline the monitoring, detection, and response to potential security threats and vulnerabilities in the cloud environment.

Cross Site Scripting (XSS) is a form of cyber attack where hackers inject malicious code into a legitimate website.

Credential theft involves the unauthorized acquisition of personal information like usernames, passwords, and financial details with the intention of accessing online accounts or systems.

Credential stuffing is a type of cyberattack in which cybercriminals exploit stolen login credentials from one system to try to gain access to another system.

Cybersquatting is a harmful practice where internet domain names are registered and used in a deceptive manner, resembling trademarks, service marks, personal names, or company names, with the malicious intention of redirecting traffic for financial gain, distributing malware, or stealing intellectual property.

Cyber insurance, also known as cyber liability insurance or cyber risk insurance, serves as a protective shield for policyholders by minimizing liability and covering recovery expenses in the case of a cyberattack, data breach, or cyberterrorism incident.

Data exfiltration refers to the unauthorized removal or transfer of data from a device or network.

Email spoofing is a sneaky cyberattack that aims to deceive businesses by sending emails with fake sender addresses. When recipients believe the email is from a trusted source, they are more inclined to open it and engage with its potentially harmful links or attachments.

An ethical hacker, also referred to as a 'white hat hacker', is hired to ethically penetrate computers and networks in order to assess an organization's security measures. Ethical hackers have the same skillset as cyber criminals but leverage their expertise to enhance organizations rather than harm them.

Endpoint security, also known as endpoint protection, is a vital cybersecurity strategy aimed at safeguarding endpoints like desktops, laptops, and mobile devices from harmful threats and attacks.

An endpoint protection platform (EPP) is a comprehensive set of endpoint security tools, including antivirus software, data encryption features, and data loss prevention mechanisms. These technologies collaborate on an endpoint device to identify and thwart security risks such as file-based malware attacks and malicious behavior.

Human Intelligence (HUMINT) involves gathering information on the ground through human sources.

A hybrid cloud merges components of a public cloud, private cloud, and on-premises infrastructure into a cohesive, unified architecture, facilitating the sharing of data and applications across the diverse IT environment.

Identity and access management (IAM) serves as a foundational framework that empowers the IT team to regulate access to systems, networks, and assets, all tailored to each user's unique identity.

Incident response (IR) involves the necessary steps to proactively prepare for, promptly detect, effectively contain, and efficiently recover from a data breach.

IaaS, or Infrastructure as a Service, is a cloud computing model where a third-party provider offers virtualized compute resources like servers, data storage, and network equipment to clients over the internet on demand.

Lateral movement is the method by which a cyberattacker, upon initial access, navigates further into a network to locate valuable assets and sensitive data.

A managed security service provider (MSSP) is an external entity that offers cybersecurity services to its clientele.

Managed detection and response (MDR) is a cybersecurity service that integrates advanced technology and expert human analysis to proactively identify, monitor, and swiftly address potential threats.

The MITRE ATTACK Framework serves as a curated knowledge base that monitors the tactics and techniques employed by cyber adversaries throughout the entire attack lifecycle.

Mobile threat defense integrates real-time threat detection, automated response and remediation, and comprehensive visibility and control across mobile devices.

Patch management involves identifying and deploying software updates, or “patches,” to a range of devices, such as computers, mobile devices, and servers.

Passwordless authentication is a solution that removes the need for traditional passwords, boosting security and simplifying the user authentication process.

Penetration testing, also known as pen testing, involves simulating real-world cyber attacks to assess an organization's ability to detect and respond effectively.

Pretexting is a deceptive tactic used in social engineering to gain access to information, systems, or services. Attackers create false scenarios or pretexts to establish trust with their victims, often posing as experienced investors, HR representatives, IT specialists, or other seemingly legitimate sources like family members, or school administration.

Pretexting can also be a tactic used in pressure-reliant extortion attempts - eg. a family member who has been SIM Swapped/had their number used for the purposes of spoofing may send you a fake "Emergency SOS" message, followed by a call from a stranger (or even an AI-synthesized "known good voice") asking for medical details or payments. For clarity, the attacker is in control of and/or spoofing their phone number, and is more than likely the person calling you asking for personal information about the victim - there was never an emergency, it was all a lie.

Ransomware is a form of malicious software that encrypts a victim's data until a ransom is paid to the attacker. Upon payment, the victim is provided with a decryption key to regain access to their files. Failure to pay the ransom may result in the attacker publishing the data on data leak sites or permanently blocking access to the files.

Ransomware as a Service (RaaS) is a business model employed by ransomware developers, where they offer ransomware variants for lease, similar to how legitimate software developers provide SaaS products.

Red team testing involves ethical hacking to simulate real-world techniques, allowing your team to pinpoint vulnerabilities in your system and hone response strategies. Red teaming surpasses a mere penetration test by pitting a team of adversaries — the red team — against an organization’s security team — the blue team.

Remote monitoring and management (RMM) is a valuable tool utilized by IT departments in numerous organizations to effectively oversee and manage IT systems from a remote location.

Scareware is a form of malware attack that falsely claims to have identified a virus or other problem on a device, leading the user to download or purchase malicious software as a solution.

SEO poisoning is a tactic employed by cybercriminals to boost the visibility of their harmful websites, giving them a false sense of legitimacy to unsuspecting users.

Security automation involves utilizing technology to carry out repetitive IT security tasks, like endpoint scanning and incident response, with minimal human involvement.

A security operations center, also known as a SOC, serves as the central hub where security professionals monitor, detect, analyze, respond to, and report security incidents.

The Shared Responsibility Model outlines that cloud providers are responsible for monitoring and addressing security threats concerning the cloud and its infrastructure, while end users are accountable for safeguarding their data and assets stored in any cloud environment.

Smishing is a deceitful practice that involves sending fraudulent text messages with the intention of deceiving individuals into disclosing sensitive information like passwords, usernames, and credit card numbers.

SQL injection (SQLi) is a type of cyberattack where malicious SQL code is inserted into an application, giving the attacker access to view or alter a database. Injection attacks, such as SQL injections, ranked as the third most severe web application security threat in 2021.

Threat hunting involves actively searching for hidden cyber threats within a network. This practice delves deep to uncover malicious actors in your system that may have evaded your initial endpoint security measures.

Threat intelligence refers to the information gathered, processed, and examined to gain insight into the motives, targets, and tactics of threat actors.

Zero Trust network access (ZTNA) is a modern IT technology solution that mandates all users to undergo authentication, authorization, and continuous validation for security configuration and posture, ensuring secure access to applications and data.