Cybersecurity
Glossary

Attack Based Vulnerability Management (ABVM) is a method consisting in testing an environment’s attack surface security resiliency through running production safe attacks and leverage the result to prioritize patching.

Advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a computer network and remains undetected for an extended period.

Scale adversarial skills with the Advanced Purple Teaming Framework that automates the creation and deployment of security assessments unique to your environment.

Attack Surface Management (ASM) emulates the adversary reconnaissance phase to oversee and secure all attack surfaces and exposed digital assets, whether internal or external. It encompasses threat discovery, threat investigation, analysis, and remediation prioritization.

Attack Route Mapping is the process of using a lateral movement dynamic simulation to identify all possible routes an attacker could use within a digital environment.

Attack Vector is a method or path by which an attacker gains access into a network for malicious purposes.

Automated Red Teaming is the process of creating or using off-the-shelf outside-in full kill chain automated attack campaigns to uncover potential attack routes. 

Breach and Attack Simulation (BAS) technology acts as an attacker in order to simulate thousands of possible threats your organization may encounter on a daily or hourly basis.

A blue team is tasked with protecting an organization’s asset against threats through gathering data, performing risk assessments, and tightening security control.

Bring Your Own Device (BYOD) refers to employees using personal devices in the workplace such as laptops, smartphones and tablets and connecting to the organization’s networks.

Continuous Automated Red Teaming (CART) is a technology that automates Red Teaming to expand its process’ depth and breadth, enable scaling, and permit conducting red teaming exercises on a continuous basis.

The CBEST framework provides a structured and controlled approach for intelligence-led security testing within the financial sector in the UK.

Computer Emergency Response Team (CERT) is a group of experts who respond to cybersecurity incidents. (AKA CIRT – Computer Incident Response Team)

The 18 critical security controls are defined by the Center for Internet Security (CIC) as a prioritized set of actions to protect your organization and data from known cyber-attack vectors. 

A Chief Information Security Officer (CISO) is the executive responsible for an organization’s information and data security.

Computer Misuse Detection System (CMDS) is a computer security product that enables real-time detection of unauthorized computer use through audit data analysis.

The Cybersecurity Maturity Model Certification is a certification issued by the DoD to ensure that contractors meet all cyber compliance rules and regulations.

Computer Network Attack (CNA) refers to any actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves.

Compliance Enablement ensures that an organization is fully compliant with industry-wide privacy policies and information security regulations, such as GDPR, PCI, and HIPAA.

Continuous security testing is the practice of challenging, measuring, and optimizing the effectiveness of security controls on an ongoing basis, using automated testing tools.

Cloud Security Posture Management (CSPM) is an automated service that monitors risks and fixes some security issues automatically.

Continuous Security Validation (CSV) technology continuously performs automated end-to-end attack simulations to test the efficacy of security controls and establish a prioritized list of required remediation actions and prescriptive mitigation instructions.

A Chief Security Officer (CSO) is the most senior executive of an organization that oversees all aspects of risk management, security policies, and IT infrastructure.

Continuous Threat Exposure Management (CTEM)  is a program designed to continuously manage a digital infrastructure’s exposure to external and internal threats in a cyclic fashion The Continuous Threat Exposure Management cycle consists of 5 phases that are divided into two stages: Diagnose ( Scoping, Discovery, and Prioritization) and Action ( Validation and Mobilization).   

A cyber attack is a planned assault by cybercriminals that target computer networks and infrastructure with malicious intent.

Developed by Lockheed Martin, the cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data. Cymulate’s Full Kill Chain APT Simulation Module solves the challenge of security effectiveness testing across the entire cyber kill chain

A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber attack

A data breach is a security incident in which sensitive information is accessed without authorization. Data breaches can be either intentional or unintentional.

Data exfiltration is the unauthorized transfer of data from a computer that is carried out through some form of malware.

Dynamic Application Security Testing (DAST) is the process of communicating with a web application through the web front-end in order to identify potential security vulnerabilities and architectural weaknesses in the web application.

A Denial of Service (DoS) Attack is an intentional cyberattack carried out on networks, websites, and online resources to restrict access to its legitimate users.

A Distributed Denial of Service (DDoS) attack will attempt to make an online service or website unavailable by flooding it with unwanted traffic from multiple computers.

Data Loss Prevention (DLP)  is software that detects and prevents potential data breaches, exfiltration, and protects sensitive data.

Endpoint Detection and Response (EDR) is an automated solution that continuously monitors endpoints activity, identifies threats, removes or contains them, notifies the security team, and provides forensic capabilities

An email gateway is the email server through which every incoming or outgoing email passes in an organization. A Secure Email Gateway (SEG) is a device or software used to monitor emails that are being sent and received.

Email Security refers to the set of methods in which emails are protected from attacks.

Endpoint Security works by defending the perimeter from all types of cyber threats. The Cymulate Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. 

Endpoint Protection Platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.

An exploit is a piece of software that takes advantage of vulnerabilities in an application or system. 

The process of identifying, assessing, and controlling an organization’s exposure to internal and external threats potentially leading to operational or business disruption. 

General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). It was adopted on April 14, 2016, and went into effect on May 25, 2018.

Immediate Threat Intelligence (ITI) vector helps you test your organization’s security posture against clear and present cyber threats.

Indicator of Compromise (IoC) is digital forensic evidence indicating that an endpoint or a network might have experienced a breach.

Intrusion Detection and Prevention System (IDPS) is an appliance or software product automating computer systems or networks monitoring, detecting, and analyzing suspicious events and attempting to stop detected potential incidents. 

Intrusion Prevention System (IPS) is a form of network security that works to detect and prevent identified threats.

The techniques in which an attacker moves further through a network in search of valuable and secured information. The Cymulate Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. 

Malware or malicious software is any program or file that is harmful to a computer.

Managed Detection and Response (MDR) is an outsourced Security-as-a-Service solution tasking a third-party provider to detect and remediate threats on an organization’s network.

Multi Factor Authentication (MFA) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism.

Risk Mitigation refers to policies and processes put in place by companies to help prevent security incidents and data breaches.

The MITRE ATT&CK Framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.  

An Managed Security Service Provider (MSSP) is a service provider that provisions remote software/hardware-based information or network security services to an organization.

A global standard that establishes a baseline of technical and operational standards for protecting account data. Payment Card Industry Data Security Standard (PCI DSS) latest available version is PCI DSS v4.0. 

A payload is malware that the threat actor intends to deliver to the victim. Payloads can remain undetected for months prior to being triggered.  

Penetration Test (Pen Testing) is a simulated cyberattack on a system or network to exploit vulnerabilities.

Phishing is a type of social engineering scam in which cybercriminals send an email that appears to come from a legit source but is intended to gain access to personal information such as passwords, login credentials, banking details, and credit cards.

Phishing Awareness is a program to educate employees against the dangers of a phishing attack. Cymulate’s Phishing Awareness vector is designed to evaluate your employees’ security awareness. It simulates phishing campaigns and detects weak links in your organization. 

Personally Identifiable Information (PII) is information that can be used to identify an individual.

PowerShell is a task automation and configuration management framework from Microsoft.

Privilege Escalation occurs when a security flaw or vulnerability has been exploited to gain access to an individual’s secured account.  

Purple Teaming is a testing exercise combining the capabilities of both the red team and the blue team.. Purple Teaming promotes inter teams collaboration, expands the validation scope, and accelerates mitigation. 

Ransomware is a form of malicious software that encrypts a victim’s files and demands a ransom from the victim to restore access.

Reconnaissance (Recon) is considered the foothold or planning phase of an attack. Recon is the primary and most crucial stage of an attack where hackers conduct in-depth research and exploit any vulnerabilities to their advantage.

Red teams are white-hat or ethical hackers that carry out attacks in order to test the organization’s defenses – more commonly referred to as pen–testing. Blue teams complement them by acting out the defense part of the simulation.

Red Teaming is the practice of rigorously challenging plans, policies, systems, and assumptions by adopting an adversarial approach. 

Risk-Based Vulnerability Management (RBVM) is a strategy prioritizing software vulnerabilities remediation according to the risk they pose to the organization.

Rootkits are a type of malware designed to provide continued privileged access to a computer while actively hiding its presence.

Static Application Security Testing (SAST) is an application security tool that detects security vulnerabilities within applications’ source code.

Security Controls are countermeasures security practitioners use to minimize risk.

SHIELD is an acronym for Stop Hacks and Improve Electronic Data Security. The SHIELD Act requires businesses that collect private data of New York residents to follow strict data security and breach guidelines to ensure that their information remains protected.

Security Information and Event Management (SIEM) is a set of tools and services offering a comprehensive view of an organization’s information security.

Smishing (SMS Phishing) is a combination of the words SMS and Phishing. Smishing differs from traditional phishing attacks in that it targets text messages instead of emails.

Security Orchestration Automation and Response (SOAR) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human assistance. 

YAML has written textual signatures are designed to identify suspicious activity potentially related to cyber threats anomalies in log events. Sigma rules’ standardized format permits writing the rule once and applying it across various SIEM products. 

Security Operations Center (SOC) is a command center for information security professionals 

A MITRE Framework is designed to improve resilience against supply–chain attacks by addressing 14 top-level decisional risk areas associated with trust that agencies and enterprises must evaluate and make choices about during the entire life cycle of their suppliers’ activities. 

Social engineering is the art of manipulating people and coercing them to give up confidential information.  

Security Posture Assessment (SPA) is a cyber security assessment program that is designed to give you an overall scope of your security risks and vulnerabilities.

Spear phishing is a phishing technique that targets specific individuals or groups within an organization while posing as a trusted sender.

Spyware is a form of malware that spies on you and steals your personal information.

SQL injection is a code injection technique to manipulate and even destroy your database.

A Trojan or Trojan horse is a type of malware disguised as legitimate software.

Tactics, Techniques, and Procedures (TTP) are the patterns of activities or methods associated with a specific threat actor or group of threat actors.

Vulnerability Assessment (VA) is the process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the environment.

Vulnerability Management (VM) is a security practice specifically designed to proactively mitigate or prevent the exploitation of vulnerabilities that exist in an organizational environment. 

A vulnerability is a weakness that can be exploited by a cybercriminal. 

A vulnerability scanner is a computer program designed to identify and analyze weaknesses on a computer.

A web application firewall or WAF offers protection for web servers. The Cymulate Web Application Firewall (WAF) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks. 

A secured Web Gateway prevents unsecured traffic from entering an internal network of an organization and helps ensure that both company and regulatory compliance policies are met. The Cymulate Web Gateway vector is designed to test your HTTP/HTTPS outbound exposure to malicious or compromised websites.

A computer worm is a type of malware that self-replicates once it has made its way into the infected system or network. Worms differ from viruses in that they do not require a host program in order to run.  

Extended Detection and Response (XDR) is a cybersecurity approach to traditional detection and incident response that integrates detection and response procedures across multiple environments. 

Security Posture Management is a holistic approach that combines end-to-end security validation techniques – including BAS, ASM, CART, and advanced purple teaming exercises – with optimization capabilities such as analytics, mitigation guidance, and vulnerability prioritization to facilitate minimizing breach feasibility while maximizing controls efficacy. 

A Zero-day Attack or Zero Day refers to a newly discovered software vulnerability that is unknown to the parties responsible for developing a patch to fix the flaw.

A Zero-day vulnerability is a flaw in a system or device that has been disclosed but not has been mitigated yet.