Flashcards
Cloud-related threats
access control, data loss, insider threat mitigation (AUB), email security and malware protection
What is user access?
legit and malicious user activity while they are trying to access your cloud services
Suspected Bot Attack examples
User login from suspicious location; abnormal login pattern; multiple login attempts
Abnormal Admin Activity example
Abnormal user activity while using your cloud services
Malware in Cloud Drive explanation
persistent and transient threats (malware and ransomware) at your cloud services
Malware activity (service threat)
A user uploads files that might be infected with a virus or other malwares to the cloud
Suspicious Ransomware Activity
A user up-loads to the cloud service files that might be locked by a ransomware
Email Anti-phishing
Mitigates phishing emails sent to your cloud email services
Abnormal sender (email anti-phishing)
email sender tries to impersonate a legit or well-known sender or domain
Suspicious embedded content (email anti-phishing)
email includes suspicious links, embedded content or attachments
Malware on Endpoint
Mitigates the risks associated with vulnerable and infected devices that are used to access your cloud services
UAC
User access control is a mandatory access control enforcement feature introduced w/ Microsoft Windows
4 main domains
email, cloud applications, data, end point security
CCPA (California Consumer Privacy Act)
aimed to enhance privacy rights and consumer protection for residents in the state
CCPA company criteria
- Gross annual revenue over $25M
- Annually purchases or receives for commercial purposes, or sells or shares for commercial purposes, personal information for 50,000 or more consumers, households, or devices in the state of California.
- Or generates 50 percent or more of their annual gross revenue from selling personal information.
API
Automatic programming interface; allows applications to speak with each other
Proxy server / proxy-based
intermediary server separating end-user clients from the destinations that they browse
Honeypot
Fake something - typically WiFi
Domain: Email - what is Coro protecting?
attachments, body, addresses, phishing, malware
Domain: Data - what is Coro protecting?
Business data, Data integrity, DLP, Data in motion, Data at rest
Domain: Cloud Apps - what is Coro protecting
O365, Gsuite, Dropbox, Slack, SF - Anomalous login/access, Malware, Ransomware, Insider threat protection/abnormal user behavior
Domain: Endpoints - what is Coro protecting
Laptops, desktops, mobile, Wi-Fi phishing, vulnerability scanning, Anti-malware
Coro Anti-malware
Powered by Bit-Defender
Email phishing: what can Coro do?
Identify email address, display name, domain, analyze body of text
VPN
Virtual Private Network - extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network
PCI
payment card industry/information
PII
Personal identifiable information
CASB
Cloud app security
Widget based approach
Add-on’s to software platform
SIEM
Security Information Event Monitoring/management, aggregation and correlation of all devices
Types of PII
Name, alias, postal address, IP address, email address, bank account number, SSN, Drivers license, Passport
Darktrace - biggest difference
Biggest difference: pricing
PHI
protected health information
Geofencing
perimeter around device
BYOD
Bring your own device; we protect access to the data on those devices
spear phishing
hacker will target someone specifically
