Lesson 10 - Endpoint Security Capabilities Flashcards
FDE
Full Disk Encryption
- Encryption of all data on a disk (including system files, temporary files, and the pagefile) can be accomplished via a supported OS, thirdparty software, or at the controller level by the disk device itself.
SED
Self-Encrypting Drives
- A disk drive where the controller can automatically encrypt data that is written to it.
DEK/MEK
Data/Media Encryption Key
KEK
Key Encryption Key
- In storage encryption, the private key that is used to encrypt the symmetric bulk media encryption key (MEK). This means that a user must authenticate to decrypt the MEK and access the media.
EDR
Endpoint Detection and Response
- A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
XDR
Extended Detection and Response
- expands on EDR by providing broader visibility and response capabilities by extending protection beyond endpoints by incorporating data from the network, cloud platforms, email gateway, firewall, and other essential infrastructure components
HIDS
Host-Based Intrusion Detection System
- A type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system’s state.
FIM
File Integrity Monitoring
- A type of software that reviews system files to ensure that they have not been tampered with.
- core feature of HIDS
HIPS
Host-Based Intrusion Prevention System
- Endpoint protection that can detect and prevent malicious activity via signature and heuristic pattern matching.
UBA/UEBA
User Behavior Analytics/User and Entity Behavior Analytics
- A system that can provide automated identification of suspicious activity by user accounts and computer hosts.
PoLP
Principle of Least Privilege
- an information security concept which maintains that a user or entity should only have access to the specific data, resources and applications needed to complete a required task.
ACE
Access Control Entry
- a component of an Access Control List (ACL) that defines the access permissions granted to a user or group, ensuring only authorized individuals can perform specific actions on a system or resource
SIEM
Security Information and Event Management
- a technology that collects, analyzes, and manages security data from various sources to detect and respond to potential threats in real-time.
BYOD
Bring Your Own Device
- Security framework and tools to facilitate use of personally owned devices to access corporate networks and data.
COBO
Corporate Owned, Business Only
- Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.
COPE
Corporate Owned, Personally Enabled
- Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.
CYOD
Choose Your Own Device
- Enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.
MDM
Mobile Device Management
- Process and supporting technologies for tracking, controlling, and securing the organization’s mobile infrastructure.
IPS
Indoor Positioning System
- Technology that can derive a device’s location when indoors by triangulating its proximity to radio sources such as Bluetooth beacons or Wi-Fi access points.
PANs
Personal Area Networks
- A network scope that uses close-range wireless technologies (usually based on Bluetooth or NFC) to establish communications between personal devices, such as smartphones, laptops, and printers/peripheral devices.
BSC
Bluetooth Secure Connections
BLE Privacy
Bluetooth Low Energy Privacy
