terms Flashcards
remediation
process of addressing a breach and limiting damage to environment
Q: What is your plan for remdiation?
IOA
Indicator of attack - a tool that recognizes patterns of attacks
Q: Does your current provider have a tool like this?
Next Gen AV
Advanced AV software that protects against more sophisticated malware signatures because of its cloud approach
Q: What kind of AV do you have in place?
EDR
Falcon Insight -
Endpoint Detection & Response - an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware
EX: DVR that records everything thats happening on the endpoint and feeding back up into our cloud , which we call the threat graph. once data is received, our EDR team solution will act on it.
Question: what is your experience with EDR?
What are you using for EDR (if any) today?
Dwell Time
time vistor spends on page
Workload
IT resources hosted by DC or cloud platforms
ex: the comp power to run an application
SEIM
Security Event and Incident Management - provides real time analysis, monitoring/alerting on security logs from apps, hosts, devices
Brands of SEIM: Solarwinds has one, although thats not what they do
MDR
Managed detection and response - outsourced cybsec services to protect data even if a threat eludes common sec org controls
Threat Containment
A threat incident that is recognized, contained, and put on a path to eradication
TEI
Total economic impact - forester report that measures benefits, costs, risk flexibility
lets customer compare from a credible source
Biggest competitors (not all encompassing)
Sentinel One, Artic Wolf (MDR), Sophos, trend micro, fireeye
Silo
isolated point on system where data is kept segregated from other parts of the architecture
Q: Have you experienced Silos getting in the way? - that’s a sign of a potential hacker using that to distract attention
Ransomware
Malware designed to deny a user/org access to their file
Example: WannaCry outbreak demanding ransom payment for decryption key
Question: Have you experienced ransomware before?
Malware
software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system
Example: computer virus, crypto-mining, ransomware
Sensor
input devices that record data about the physical environment around it
Example: Data recorded from a detection connected to a light, heat, motion
Question:
Script
program or sequence of instructions that is interpreted or carried out by another program rather than by the computer processor
Example: Python runs scripts on the server / app side. on the client side, java script
Encryption
the process of converting information or data into a code, especially to prevent unauthorized access
Example: When a confidential email needs to be sent and you use a program that obscures its content
Question:
BlackListing
collection of entities that are blocked from communicating with or logging into a computer, site
Example: IP address’ to bad sites like pornography, certain email domains, etc.
Hashing
transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string
Example:
telemetry
communication processes from multiple data sources
SOC
Security Operation Center - centralized function within an organization, employing people, processes, and tech to imptove an organizations security
Triage
Automated incident response software that companies use to to investigate network alerts
Agent Bloat
program or machine code that is too long, slow, or wasteful to the
Ex: old legacy AV can be heavy on a users endpoint, and slow down other applications/processes
Zero Day attacks
an attack that exploits a security weakness that the vendor may be unaware of
ex: Stuxnet: This malicious computer worm that targeted computers used for manufacturing purposes
Security Hygiene
the practice of maintaining the basic health and security of software and hardware asset. everythings in compliance, has the latest version installed, etc.
Endpoint
anything used from a computer perspective - computer, server, mobile device
Application Whitelisting
process of denying software application or executable files to be present on the endpoint
pitch point: typical AVs will notify you of suspicious software to allow you to whitelist
Sandbox
isolated environment that enables users to open files without affecting an application
Exploit mitigation
stops attacks on common apps that the vendor has not patched on windows
Patching
modification to a program to improve security, performance
ex: referred to as bug fix because of an imperfection in the application
question: do you have any patching software?
Kernel Level
What is the kernel level? - core of your operating system and it runs at the lowest level possible
Why is it important for us? - allows us to get better visibility into malicious commands / process executions then other vendors
we can see more. we can stop more