Glossary is in progress.

 

A

 

Access Control.
Access Control ensures that resources are only granted to those users who are entitled to them

Access Control List
A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource.

Adaptive Prevention
Prevention technology that stops malware and non-malware attacks by analyzing the full scope and context of every attack and applying advanced analytics to all attack data

Attack analytics
The application of advanced analytic techniques (i.e., behavioral analysis, reputation analysis, machine learning) to a series of TTPs or event tags to identify and classify attacks

Authentication
Authentication is the process of confirming the correctness of the claimed identity.

Authorization
Authorization is the approval, permission, or empowerment for someone or something to do something.

 

B

 

Backdoor
A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.

Behavioral Host Intrusion Prevention System (HIPS)
Prevention technology that identifies malware by monitoring running processes for suspicious actions, commonly related to network activity

Blue Team
A defensive team in an organization, typically responsible for responding to active incidents with a high degree of vigilance

Brute Force
A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one.

 

C

 

Cipher
A cryptographic algorithm for encryption and decryption.

Cloud Detonation
A form of dynamic analysis where a suspicious software file is sent to a cloudbased virtual environment where it is executed and monitored to determine if it is malicious

Computer Emergency Response Team (CERT)
An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.

Cookie
Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections.

Container
A Container is standardized unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.

Cyberattack
An attempt to breach a computer system, typically to steal data or disrupt operations

 

D

 
 

Decision Maker (Infrastructure)
Layer 3/Layer4 Instance where you send your traffic to expect a decision, could be a router or a firewall, which is also called Hairpinned Traffic.

Demilitarized Zone (DMZ)
In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a subnetwork) that sits between an organization's internal network and an external network, usually the Internet. DMZ's help to enable the layered security model in that they provide subnetwork segmentation based on security requirements or policy. DMZ's provide either a transit mechanism from a secure source to an insecure destination or from an insecure source to a more secure destination. In some cases, a screened subnet which is used for servers accessible from the outside is referred to as a DMZ.

Denial of Service
The prevention of authorized access to a system resource or the delaying of system operations and functions.

Domain Name Service
The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember "handle" for an Internet address.

Dynamic Analysis
A process to determine if software is safe or malicious that executes the file and monitors its behavior within a controlled environment

 

E

 

Echo Reply
An echo reply is the response a machine that has received an echo request sends over ICMP.

Echo Request
An echo request is an ICMP message sent to a machine to determine if it is online and how long traffic takes to get to it.

Encryption
Cryptographic transformation of data (called "plaintext") into a form (called "cipher text") that conceals the data's original meaning to prevent it from being known or used.

Endpoint Detection & Response (EDR)
Tools for detecting, investigating, and remediating suspicious activities, now commonly expected as part of an NGAV product

Event Stream Processing (ESP)
Foundational technology that identifies meaningful patterns within time-based and relationship-based streams of data. ESP is the underlying technology of streaming prevention

Event Tags
A “human-readable” form of TTP analysis that plainly describes each step of an attack

 

F

 

Firewall
A logical or physical discontinuity in a network to prevent unauthorized access to data or resources.

Flooding
An attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly.

Fully-Qualified Domain Name
A Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name.

 

G

 

Gateway
A network point that acts as an entrance to another network.

 

H

 

Hardening
Hardening is the process of identifying and fixing vulnerabilities on a system.
Comment: Every Device in your infrastructure should have the possibility to be harden, to install updates and more important that the vendor provide updates.

 

K

 

Kubernetes
Kubernetes is an open-source container-orchestration system for automating application deployment, scaling and management.

 

M

 

Machine-Learning AV
A form of anti-malware prevention that uses statistical analysis to determine if an executable file is malicious, replacing antivirus signatures with a sophisticated mathematical model

Malware
Executable software that runs on a target system, explicitly built for malicious purposes. A common tool of cyberattackers

Microsegementation
VMware invented Microsegmentation. It is the possibility to define Firewall Rules on a granular Level (every single virtual network interface card) that gives you the possibility to devide the data center on logical pieces. All starts with a Separation and goes into Areas, Zones and Segment, where the technology behind Microsegmentation has the flexibility to consider that requirements and make it real.

 

P

 

Process Identifier | Identification | ID
Process Identifier (PID) is a unique number that identifies each running process in an operating system

 

S

 

SIEM
Security Information and Event Management (SIEM) is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure. SIEM collects security data from network devices, servers, domain controllers, and more. SIEM stores, normalizes, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organizations to investigate any alerts.

SDDC

Software-Defined Data Center (SDDC) is a ideal architecture for private, public or hybrid cloud. Pioneered by VMware and recognized by the industry and analysts alike, SDDC extends the virtualization concepts you know— abstraction, pooling and automation — to all data center resources and services. Components of the SDDC are compute, network and storage virtualization.