Cypedia

Attack Based Vulnerability Management (ABVM) is a method consisting in testing an environment’s attack surface security resiliency through running production safe attacks and leverage the result to prioritize patching.  Read article >

Advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a computer network and remains undetected for an extended period.

Attack Path Mapping is the process of using a lateral movement dynamic simulation to identify all possible routes an attacker could use within a digital environment.

Attack Surface Management (ASM) emulates the adversary reconnaissance phase to oversee and secure all attack surfaces and exposed digital assets, whether internal or external. It encompasses threat discovery, threat investigation, analysis, and remediation prioritization.  Read article >

Attack vector refers to the method or pathway used by an attacker to gain unauthorized access to a computer system or network. Common attack vectors include phishing emails, malware, and exploiting software vulnerabilities.

Automated Red Teaming is the process of creating or using off-the-shelf outside-in full kill chain automated attack campaigns to uncover potential attack routes.   Read article >

Breach and Attack Simulation (BAS) technology acts as an attacker in order to simulate thousands of possible threats your organization may encounter on a daily or hourly basis.  Read article >

A blue team is tasked with protecting an organization’s asset against threats through gathering data, performing risk assessments, and tightening security control.  Read article >

BYOVD (Bring Your Own Vulnerable Driver) attacks are cyber security attacks that exploit vulnerabilities in drivers, leveraging new techniques that allow them to evade traditional protections and maximize disruption.  Read article >

The CBEST framework provides a structured and controlled approach for intelligence-led security testing within the financial sector in the UK.

A Chief Information Security Officer (CISO) is the executive responsible for an organization’s information and data security.  Read article >

The 18 critical security controls are defined by the Center for Internet Security (CIS) as a prioritized set of actions to protect your organization and data from known cyber-attack vectors. 

Clone phishing is a type of phishing attack where attackers create nearly identical copies of legitimate emails to trick recipients into sharing sensitive information or clicking on malicious links. These emails often use subtle changes to sender addresses, urgent language, or altered links to appear authentic and bypass security filters.  Read article >

Cloud Security Posture Management (CSPM) is an automated service that monitors risks and fixes some security issues automatically.

Continuous Automated Red Teaming (CART) is a technology that automates Red Teaming to expand its process’ depth and breadth, enable scaling, and permit conducting red teaming exercises on a continuous basis.  Read article >

Continuous security testing is the practice of challenging, measuring, and optimizing the effectiveness of security controls on an ongoing basis using automated testing tools.  Read article >

Continuous Security Validation (CSV) technology continuously performs automated end-to-end attack simulations to test the efficacy of security controls and establish a prioritized list of required remediation actions and prescriptive mitigation instructions.  Read article >

Continuous Threat Exposure Management (CTEM)  is a program designed to continuously manage a digital infrastructure’s exposure to external and internal threats in a cyclic fashion The Continuous Threat Exposure Management cycle consists of 5 phases that are divided into two stages: Diagnose ( Scoping, Discovery, and Prioritization) and Action ( Validation and Mobilization).  Read article >   

Cyber Asset Attack Surface Management (CAASM) involves identifying, monitoring, and managing an organization’s digital assets to understand and reduce the potential unsecure points of entry that attackers can exploit. It aims to gain full visibility into all assets, including shadow IT and unmanaged devices, to mitigate risks and enhance the overall cybersecurity posture.  Read article >

Developed by Lockheed Martin, the cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data.

A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber attack.  Read article >

The Cybersecurity Maturity Model Certification is a certification issued by the DoD to ensure that contractors meet all cyber compliance rules and regulations.

A data breach is a security incident in which sensitive information is accessed without authorization. Data breaches can be either intentional or unintentional.

Data exfiltration is the unauthorized transfer of data from a computer that is carried out through some form of malware.  Read article >

Data Loss Prevention (DLP)  is software that detects and prevents potential data breaches, exfiltration, and protects sensitive data.

A Denial of Service (DoS) Attack is an intentional cyberattack carried out on networks, websites, and online resources to restrict access to its legitimate users.

DORA (Digital Operational Resilience Act) is an EU regulation aimed at strengthening the resilience of financial entities to digital disruptions and cyber threats. It ensures that banks, insurers, and investment firms can maintain operations and safeguard against cyber risks.  Read Article >

A Distributed Denial of Service (DDoS) attack will attempt to make an online service or website unavailable by flooding it with unwanted traffic from multiple computers.

Dynamic Application Security Testing (DAST) is the process of communicating with a web application through the web front-end in order to identify potential security vulnerabilities and architectural weaknesses in the web application.  Read article >

An email gateway is the email server through which every incoming or outgoing email passes in an organization. A Secure Email Gateway (SEG) is a device or software used to monitor emails that are being sent and received.  Read article >

Endpoint Detection and Response (EDR) is an automated solution that continuously monitors endpoints activity, identifies threats, removes or contains them, notifies the security team, and provides forensic capabilities.  Read article >

Endpoint Protection Platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.

Endpoint Security works by defending the perimeter from all types of cyber threats. The Cymulate Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner.  Read article >

An exploit is a piece of software that takes advantage of vulnerabilities in an application or system. 

The process of identifying, assessing, and controlling an organization’s exposure to internal and external threats potentially leading to operational or business disruption.   Read article >

General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). It was adopted on April 14, 2016, and went into effect on May 25, 2018.

A Golden Ticket attack is a type of cyber attack that targets the access control of a Windows environment where the Active Directory is being used. The attacker forges Kerberos Ticket Granting Tickets (TGTs), granting them unauthorized access to any service or resource in a Windows domain, often with full administrative privileges.  Read Article >

Hybrid cloud security is the practice of protecting data, applications, and infrastructure in environments that combine private and public cloud resources. It involves securing data flow, managing access through tools like IAM, ensuring compliance with regulations, and implementing measures such as encryption, threat detection, and automation.  Read article >

Immediate Threat Intelligence (ITI) vector helps you test your organization’s security posture against clear and present cyber threats.  Read article >

Indicator of Compromise (IoC) is digital forensic evidence indicating that an endpoint or a network might have experienced a breach.

Intrusion Detection and Prevention System (IDPS) is an appliance or software product automating computer systems or networks monitoring, detecting, and analyzing suspicious events and attempting to stop detected potential incidents. 

Intrusion Prevention System (IPS) is a form of network security that works to detect and prevent identified threats.

Kerberoasting is a cyberattack technique where attackers exploit Kerberos authentication to request Service Principal Name (SPN) tickets, extract their hashes, and crack them offline to gain unauthorized access to service accounts.  Read article >

The techniques in which an attacker moves further through a network in search of valuable and secured information. The Cymulate Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat.  Read article > 

Malware (malicious software) is any program or file that is harmful to a computer.

Managed Detection and Response (MDR) is an outsourced Security-as-a-Service solution tasking a third-party provider to detect and remediate threats on an organization’s network.

An Managed Security Service Provider (MSSP) is a service provider that provisions remote software/hardware-based information or network security services to an organization.  Read article >

The MITRE ATT&CK Framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.  Read article >

Multi Factor Authentication (MFA) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism.

Network penetration testing is a simulated cyberattack performed on a network to uncover vulnerabilities, weaknesses, or misconfigurations that could be exploited by attackers. The process includes reconnaissance, vulnerability scanning, exploitation, and reporting, offering valuable insights to strengthen network security and ensure compliance with industry standards and regulations.  Read article >

A payload is malware that the threat actor intends to deliver to the victim. Payloads can remain undetected for months prior to being triggered.  

A global standard that establishes a baseline of technical and operational standards for protecting account data. Payment Card Industry Data Security Standard (PCI DSS) latest available version is PCI DSS v4.0.  Read article >

Personally Identifiable Information (PII) is information that can be used to identify an individual.

Penetration testing is a cyber security assessment technique where simulated cyberattacks are conducted on a system or network to identify and exploit vulnerabilities.  Read article >

Phishing is a type of social engineering scam in which cybercriminals send an email that appears to come from a legit source but is intended to gain access to personal information such as passwords, login credentials, banking details, and credit cards.  Read article >

PowerShell is a task automation and configuration management framework from Microsoft.

Privilege Escalation occurs when a security flaw or vulnerability has been exploited to gain access to an individual’s secured account.  

Purple Teaming is a testing exercise combining the capabilities of both the red team and the blue team.. Purple Teaming promotes inter teams collaboration, expands the validation scope, and accelerates mitigation.  Read article > 

The Pyramid of Pain is used as a framework to illustrate the increasing difficulty for adversaries when different types of indicators of compromise (IOCs) are detected and mitigated. It ranges from simple indicators like hash values, which are easy for attackers to change, to more complex ones like Tactics, Techniques, and Procedures (TTPs), which are harder to alter and thus more painful for adversaries to circumvent.  Read article >

Ransomware is a form of malicious software that encrypts a victim’s files and demands a ransom from the victim to restore access.

Reconnaissance (Recon) is considered the foothold or planning phase of an attack. Recon is the primary and most crucial stage of an attack where hackers conduct in-depth research and exploit any vulnerabilities to their advantage.  Read article >

Red teams are white-hat or ethical hackers that carry out attacks in order to test the organization’s defenses – more commonly referred to as pen–testing. Blue teams complement them by acting out the defense part of the simulation.  Read article >

Risk-Based Vulnerability Management (RBVM) is a strategy prioritizing software vulnerabilities remediation according to the risk they pose to the organization.

Rootkits are a type of malware designed to provide continued privileged access to a computer while actively hiding its presence.

Security Control Validation is the process of making sure that an organization’s cyber security controls are effective and functional. It validates that the implemented measures can detect, prevent, and respond to cyber threats, maintaining the desired security posture.  Read article >

Security controls refer to any measure an organization puts in place to reduce the risk of breaches to information, systems, data and other infrastructure. It can be anything from physical controls such as access cards to an office environment to cyber security controls such as email and web gateways, firewalls, intrusion prevention, and data loss prevention. Read article >

Security Information and Event Management (SIEM) is a set of tools and services offering a comprehensive view of an organization’s information security.

Security Operations Center (SOC) is a command center for information security professionals.  Read article >

Security Orchestration Automation and Response (SOAR) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human assistance.   Read article >

Security posture refers to the overall strength and effectiveness of an organization’s cybersecurity strategies and defenses. It includes policies, processes, technologies, and practices in place to protect and respond to cyber threats.

Security Posture Assessment is a cyber security assessment program that is designed to give you an overall scope of your security risks and vulnerabilities. The management of the assessment is a holistic approach that combines end-to-end security validation techniques – including BAS, ASM, CART, and advanced purple teaming exercises.  Read article >

SHIELD is an acronym for Stop Hacks and Improve Electronic Data Security. The SHIELD Act requires businesses that collect private data of New York residents to follow strict data security and breach guidelines to ensure that their information remains protected.

YAML has written textual signatures are designed to identify suspicious activity potentially related to cyber threats anomalies in log events. Sigma rules’ standardized format permits writing the rule once and applying it across various SIEM products.  Read article >

The SLAM method is a phishing prevention technique that helps users identify suspicious emails by examining the Sender, Links, Attachments, and Message for potential red flags.  Read Article >

Smishing (SMS Phishing) is a combination of the words SMS and Phishing. Smishing differs from traditional phishing attacks in that it targets text messages instead of emails.

Social engineering is the art of manipulating people and coercing them to give up confidential information.  

Spyware is a form of malware that spies on you and steals your personal information.

SQL injection is a code injection technique to manipulate and even destroy your database.

Static Application Security Testing (SAST) is an application security tool that detects security vulnerabilities within applications’ source code.

System of Trust (SoT) is a framework ensuring the reliability and security of technology systems by assessing and verifying the integrity, compliance, and performance of components and processes, fostering trust among users and stakeholders.

Tactics, Techniques, and Procedures (TTP) are the patterns of activities or methods associated with a specific threat actor or group of threat actors.  Read article >

A Trojan or Trojan horse is a type of malware disguised as legitimate software.

Vulnerability Assessment (VA) is the process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the environment.

Vulnerability Management Lifecycle (VM) is a continuous process of identifying, assessing, prioritizing, and mitigating security vulnerabilities in an organization’s digital sphere. It includes stages such as discovery, reporting, prioritization, remediation, and verification to ensure that weaknesses in the systems are effectively managed and risks are minimized.  Read article >

Vulnerability prioritization is the process of sorting through detected vulnerabilities, pinpointing those that pose the highest risk, and creating a prioritized patching list designed to minimize exposure.  Read article >

A watering hole attack is a strategy where attackers compromise a website or service frequently visited by a specific target group. The attackers infect the website with malware to gain access to the visitors’ systems, such as their employer network or a service.  Read article >

A web application firewall or WAF offers protection for web servers. The Cymulate Web Application Firewall (WAF) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks.  Read article > 

A secured Web Gateway prevents unsecured traffic from entering an internal network of an organization and helps ensure that both company and regulatory compliance policies are met. The Cymulate Web Gateway vector is designed to test your HTTP/HTTPS outbound exposure to malicious or compromised websites.  Read article >

A computer worm is a type of malware that self-replicates once it has made its way into the infected system or network. Worms differ from viruses in that they do not require a host program in order to run.  

Extended Detection and Response (XDR) is a cybersecurity approach to traditional detection and incident response that integrates detection and response procedures across multiple environments. 

YARA rules are a powerful way of identifying and classifying malware (or other files). The rules can be customized to specific threats and attacks that a certain environment is prone to. YARA rules consist of textual descriptions and conditions that specify what to look for in files or processes to detect malicious activity.

Zero-Day vulnerabilities are flaws in a software, firmware or hardware that are unknown to the vendor at the time of the attack. The term “zero-day” refers to the fact that developers have had zero days to address and patch the flaw before it is exploited by malicious actors. An attempt to exploit a zero-day vulnerability is known as a zero-day attack.  Read Article >