Cybersecurity Glossary
Attack Based Vulnerability Management (ABVM) is a method consisting in testing an environment’s attack surface security resiliency through running production safe attacks and leverage the result to prioritize patching.
Advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a computer network and remains undetected for an extended period.
Adversary emulation is a proactive cybersecurity practice that replicates the tactics, techniques and procedures (TTPs) used by real-world threat actors. It plays a considerable role in identifying vulnerabilities, validating response capabilities and improving overall security posture.
Attack Path Analysis (APA) is a cybersecurity technique that helps security teams visualize and mitigate potential attack routes before adversaries can exploit them. It helps organizations by understanding how attackers navigate through networks to strengthen defenses, prioritize vulnerabilities, and reduce overall exposure to threats.
Attack Surface Management (ASM) emulates the adversary reconnaissance phase to oversee and secure all attack surfaces and exposed digital assets, whether internal or external. It encompasses threat discovery, threat investigation, analysis, and remediation prioritization.
Attack vector refers to the method or pathway used by an attacker to gain unauthorized access to a computer system or network. Common attack vectors include phishing emails, malware, and exploiting software vulnerabilities.
Automated penetration testing simulates cyberattacks to identify security weaknesses efficiently, replacing repetitive manual tasks with automation. It accelerates testing, conserves resources, and enhances accuracy by continuously validating security controls.
Breach and Attack Simulation (BAS) technology acts as an attacker in order to simulate thousands of possible threats your organization may encounter on a daily or hourly basis.
A blue team is tasked with protecting an organization’s asset against threats through gathering data, performing risk assessments, and tightening security control.
BYOVD (Bring Your Own Vulnerable Driver) attacks are cyber security attacks that exploit vulnerabilities in drivers, leveraging new techniques that allow them to evade traditional protections and maximize disruption.
Clone phishing is a sophisticated email phishing attack that deceives recipients by replicating a legitimate email they previously received.
Cloud security is a cybersecurity discipline focused on the unique challenges presented by the cloud’s dynamic and distributed nature. It goes beyond perimeter security, focusing on securing workloads, data, and access within the cloud itself.
Continuous Automated Red Teaming (CART) is a technology that automates Red Teaming to expand its process’ depth and breadth, enable scaling, and permit conducting red teaming exercises on a continuous basis.
Continuous security testing is the practice of challenging, measuring, and optimizing the effectiveness of security controls on an ongoing basis using automated testing tools.
Continuous Security Validation (CSV) technology continuously performs automated end-to-end attack simulations to test the efficacy of security controls and establish a prioritized list of required remediation actions and prescriptive mitigation instructions.
Continuous Threat Exposure Management (CTEM) is a program designed to continuously manage a digital infrastructure’s exposure to external and internal threats in a cyclic fashion The Continuous Threat Exposure Management cycle consists of 5 phases that are divided into two stages: Diagnose ( Scoping, Discovery, and Prioritization) and Action ( Validation and Mobilization).
Credential compromise happens when hackers gain unauthorized access to authentication credentials. These include usernames, passwords, API keys, and other login details.
Credential dumping is an attack technique in which adversaries extract authentication data (usernames, password hashes, Kerberos tickets, etc.) from a system’s memory or storage. In practice, attackers often target Windows systems’ Local Security Authority (LSASS) process or related stores (SAM database, registry) to harvest credentials in cleartext or hashed form.
Cyber Asset Attack Surface Management (CAASM) involves identifying, monitoring, and managing an organization’s digital assets to understand and reduce the potential unsecure points of entry that attackers can exploit. It aims to gain full visibility into all assets, including shadow IT and unmanaged devices, to mitigate risks and enhance the overall cybersecurity posture.
Developed by Lockheed Martin, the cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data.
A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber attack.
Cyber risk quantification (CRQ) is the process of measuring and assigning numerical values to cybersecurity risks. It often translates technical risks into financial terms. This helps organizations understand how cyber threats could impact business operations.
Cyber threat management is the continuous process of identifying, assessing, prioritizing and mitigating cyber threats to minimize risk exposure and prevent breaches.
Data drift is a shift in the patterns or distributions of data over time, causing discrepancies between training and real-world data, which can reduce machine learning model performance.
Data exfiltration is the unauthorized transfer of data from a computer that is carried out through some form of malware.
Data Security Posture Management (DSPM) is a proactive approach to protecting sensitive data. It helps organizations identify risks, enforce security policies, and maintain compliance.
Detection engineering is a specialized cybersecurity discipline focused on the structured process of designing, implementing, testing and maintaining detection logic that identifies malicious activity in an environment.
A digital footprint is the trail of data created when someone interacts online, including active inputs like social media posts and passive data like browsing history. Managing a digital footprint helps protect privacy, enhance security, and mitigate risks associated with personal or organizational data exposure.
DORA (Digital Operational Resilience Act) is an EU regulation aimed at strengthening the resilience of financial entities to digital disruptions and cyber threats. It ensures that banks, insurers, and investment firms can maintain operations and safeguard against cyber risks.
An Endpoint Protection Platform (EPP) is a security solution that protects devices like computers, mobile phones, and servers from cyber threats. It detects, prevents, and responds to attacks before they cause harm.
External Attack Surface Management (EASM) is a cybersecurity practice of continuously discovering, monitoring and securing an organization’s internet-facing assets to reduce exposure to external threats.
General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). It was adopted on April 14, 2016, and went into effect on May 25, 2018.
A Golden Ticket attack is a type of cyber attack that targets the access control of a Windows environment where the Active Directory is being used. The attacker forges Kerberos Ticket Granting Tickets (TGTs), granting them unauthorized access to any service or resource in a Windows domain, often with full administrative privileges.
Hybrid cloud security is the practice of protecting data, applications, and infrastructure in environments that combine private and public cloud resources. It involves securing data flow, managing access through tools like IAM, ensuring compliance with regulations, and implementing measures such as encryption, threat detection, and automation.
Immediate Threat Intelligence (ITI) vector helps you test your organization’s security posture against clear and present cyber threats.
Initial Access Brokers (IABs) are specialized cybercriminals who break into corporate networks and then sell that unauthorized entry to other attackers. In effect, they act as “high-value middlemen” providing “access-as-a-service,” monetizing the breach while avoiding the risk of executing the final attack.
Input validation ensures data entered into systems, such as web forms or applications, meets predefined criteria like format, type and range.
Kerberoasting is a cyberattack technique that targets the Kerberos authentication protocol within Active Directory environments. This method is commonly used for privilege escalation and identity theft in enterprise networks.
The techniques in which an attacker moves further through a network in search of valuable and secured information. The Cymulate Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat.
Living off the Land (LOTL) is a stealthy cyberattack technique where adversaries exploit legitimate, native tools and processes already present in a target system or network to carry out malicious actions
Malware (malicious software) is any program or file that is harmful to a computer.
Managed Detection and Response (MDR) is an outsourced Security-as-a-Service solution tasking a third-party provider to detect and remediate threats on an organization’s network.
An Managed Security Service Provider (MSSP) is a service provider that provisions remote software/hardware-based information or network security services to an organization.
Mean time to detect (MTTD) is the average time it takes for an organization to identify a security threat or incident. It measures how quickly a team can spot potential breaches, vulnerabilities, or attacks.
The MITRE ATT&CK Framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
MITRE D3FEND is a structured knowledge base of defensive cybersecurity techniques that complements the ATT&CK framework by cataloging countermeasures to adversary tactics.
A Pass-the-Ticket (PtT) attack is a credential theft technique where an attacker steals a valid Kerberos ticket – typically a Ticket Granting Ticket (TGT) – and uses it to impersonate a user without needing their password.
A payload is malware that the threat actor intends to deliver to the victim. Payloads can remain undetected for months prior to being triggered.
A global standard that establishes a baseline of technical and operational standards for protecting account data. Payment Card Industry Data Security Standard (PCI DSS) latest available version is PCI DSS v4.0.
Penetration testing is a cyber security assessment technique where simulated cyberattacks are conducted on a system or network to identify and exploit vulnerabilities.
Phishing is a type of social engineering scam in which cybercriminals send an email that appears to come from a legit source but is intended to gain access to personal information such as passwords, login credentials, banking details, and credit cards.
Privilege Escalation occurs when a security flaw or vulnerability has been exploited to gain access to an individual’s secured account.
Proactive security focuses on incident prevention—identifying vulnerabilities, enforcing security policies, and using advanced threat detection.
Purple Teaming is a testing exercise combining the capabilities of both the red team and the blue team.. Purple Teaming promotes inter teams collaboration, expands the validation scope, and accelerates mitigation.
The Pyramid of Pain is used as a framework to illustrate the increasing difficulty for adversaries when different types of indicators of compromise (IOCs) are detected and mitigated. It ranges from simple indicators like hash values, which are easy for attackers to change, to more complex ones like Tactics, Techniques, and Procedures (TTPs), which are harder to alter and thus more painful for adversaries to circumvent.
Ransomware is a form of malicious software that encrypts a victim’s files and demands a ransom from the victim to restore access.
Reconnaissance (Recon) is considered the foothold or planning phase of an attack. Recon is the primary and most crucial stage of an attack where hackers conduct in-depth research and exploit any vulnerabilities to their advantage.
Red teams are white-hat or ethical hackers that carry out attacks in order to test the organization’s defenses – more commonly referred to as pen–testing. Blue teams complement them by acting out the defense part of the simulation.
Risk-Based Vulnerability Management (RBVM) is a strategy prioritizing software vulnerabilities remediation according to the risk they pose to the organization.
Cyber risk exposure is the sum of the vulnerabilities and risks associated with your organization’s digital footprint, including on-premises and cloud systems, applications, data, networks, and remote devices. It represents the potential for loss or damage resulting from cyber threats (including data breaches, system failures, and ransomware attacks).
Rootkits are a type of malware designed to provide continued privileged access to a computer while actively hiding its presence.
Runtime security is the practice of protecting applications, containers, and cloud workloads while they are running by continuously monitoring their behavior and intervening in real time to stop threats.
Security Control Validation is the process of making sure that an organization’s cyber security controls are effective and functional. It validates that the implemented measures can detect, prevent, and respond to cyber threats, maintaining the desired security posture.
Security controls refer to any measure an organization puts in place to reduce the risk of breaches to information, systems, data and other infrastructure. It can be anything from physical controls such as access cards to an office environment to cyber security controls such as email and web gateways, firewalls, intrusion prevention, and data loss prevention.
Security Operations Center (SOC) is a command center for information security professionals.
Security Posture Assessment is a cyber security assessment program that is designed to give you an overall scope of your security risks and vulnerabilities. The management of the assessment is a holistic approach that combines end-to-end security validation techniques – including BAS, ASM, CART, and advanced purple teaming exercises.
The term “shift left” originated in software development to denote moving tasks earlier in the Software Development Lifecycle (SDLC). In testing, it meant running quality and validation checks during development rather than at the end
YAML has written textual signatures are designed to identify suspicious activity potentially related to cyber threats anomalies in log events. Sigma rules’ standardized format permits writing the rule once and applying it across various SIEM products.
The SLAM method is a phishing prevention technique that helps users identify suspicious emails by examining the Sender, Links, Attachments, and Message for potential red flags.
Spear phishing is a targeted form of cyber attack that involves customizing fraudulent emails, messages, or requests for information in order to deceive specific individuals or organizations.
Tactics, Techniques, and Procedures (TTP) are the patterns of activities or methods associated with a specific threat actor or group of threat actors.
TPRM is the practice of identifying and mitigating risks stemming from external business partners, suppliers, service providers and other third parties.
Vulnerability Management Lifecycle (VM) is a continuous process of identifying, assessing, prioritizing, and mitigating security vulnerabilities in an organization’s digital sphere. It includes stages such as discovery, reporting, prioritization, remediation, and verification to ensure that weaknesses in the systems are effectively managed and risks are minimized.
Vulnerability prioritization is the process of sorting through detected vulnerabilities, pinpointing those that pose the highest risk, and creating a prioritized patching list designed to minimize exposure.
Vulnerability scanning is the automated process of identifying, analyzing and assessing security weaknesses in computer systems, networks, and applications. The goal of conducting a vulnerability scan is to proactively detect security flaws and weaknesses before they can be exploited by a threat actor.
A watering hole attack is a strategy where attackers compromise a website or service frequently visited by a specific target group. The attackers infect the website with malware to gain access to the visitors’ systems, such as their employer network or a service.
A web application firewall or WAF offers protection for web servers. The Cymulate Web Application Firewall (WAF) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks.
A secured Web Gateway prevents unsecured traffic from entering an internal network of an organization and helps ensure that both company and regulatory compliance policies are met. The Cymulate Web Gateway vector is designed to test your HTTP/HTTPS outbound exposure to malicious or compromised websites.
A computer worm is a type of malware that self-replicates once it has made its way into the infected system or network. Worms differ from viruses in that they do not require a host program in order to run.
Extended Detection and Response (XDR) is a cybersecurity approach to traditional detection and incident response that integrates detection and response procedures across multiple environments.
YARA rules are a powerful way of identifying and classifying malware (or other files). The rules can be customized to specific threats and attacks that a certain environment is prone to. YARA rules consist of textual descriptions and conditions that specify what to look for in files or processes to detect malicious activity.
Zero-Day vulnerabilities are flaws in a software, firmware or hardware that are unknown to the vendor at the time of the attack. The term “zero-day” refers to the fact that developers have had zero days to address and patch the flaw before it is exploited by malicious actors. An attempt to exploit a zero-day vulnerability is known as a zero-day attack.