terms Flashcards

1
Q

remediation

A

process of addressing a breach and limiting damage to environment

Q: What is your plan for remdiation?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IOA

A

Indicator of attack - a tool that recognizes patterns of attacks

Q: Does your current provider have a tool like this?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Next Gen AV

A

Advanced AV software that protects against more sophisticated malware signatures because of its cloud approach

Q: What kind of AV do you have in place?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

EDR

A

Falcon Insight -
Endpoint Detection & Response - an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware

EX: DVR that records everything thats happening on the endpoint and feeding back up into our cloud , which we call the threat graph. once data is received, our EDR team solution will act on it.

Question: what is your experience with EDR?
What are you using for EDR (if any) today?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Dwell Time

A

time vistor spends on page

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Workload

A

IT resources hosted by DC or cloud platforms

ex: the comp power to run an application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SEIM

A

Security Event and Incident Management - provides real time analysis, monitoring/alerting on security logs from apps, hosts, devices
Brands of SEIM: Solarwinds has one, although thats not what they do

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

MDR

A

Managed detection and response - outsourced cybsec services to protect data even if a threat eludes common sec org controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Threat Containment

A

A threat incident that is recognized, contained, and put on a path to eradication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

TEI

A

Total economic impact - forester report that measures benefits, costs, risk flexibility

lets customer compare from a credible source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Biggest competitors (not all encompassing)

A

Sentinel One, Artic Wolf (MDR), Sophos, trend micro, fireeye

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Silo

A

isolated point on system where data is kept segregated from other parts of the architecture

Q: Have you experienced Silos getting in the way? - that’s a sign of a potential hacker using that to distract attention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ransomware

A

Malware designed to deny a user/org access to their file

Example: WannaCry outbreak demanding ransom payment for decryption key
Question: Have you experienced ransomware before?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Malware

A

software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system
Example: computer virus, crypto-mining, ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Sensor

A

input devices that record data about the physical environment around it
Example: Data recorded from a detection connected to a light, heat, motion
Question:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Script

A

program or sequence of instructions that is interpreted or carried out by another program rather than by the computer processor
Example: Python runs scripts on the server / app side. on the client side, java script

17
Q

Encryption

A

the process of converting information or data into a code, especially to prevent unauthorized access
Example: When a confidential email needs to be sent and you use a program that obscures its content
Question:

18
Q

BlackListing

A

collection of entities that are blocked from communicating with or logging into a computer, site
Example: IP address’ to bad sites like pornography, certain email domains, etc.

19
Q

Hashing

A

transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string
Example:

20
Q

telemetry

A

communication processes from multiple data sources

21
Q

SOC

A

Security Operation Center - centralized function within an organization, employing people, processes, and tech to imptove an organizations security

22
Q

Triage

A

Automated incident response software that companies use to to investigate network alerts

23
Q

Agent Bloat

A

program or machine code that is too long, slow, or wasteful to the
Ex: old legacy AV can be heavy on a users endpoint, and slow down other applications/processes

24
Q

Zero Day attacks

A

an attack that exploits a security weakness that the vendor may be unaware of
ex: Stuxnet: This malicious computer worm that targeted computers used for manufacturing purposes

25
Security Hygiene
the practice of maintaining the basic health and security of software and hardware asset. everythings in compliance, has the latest version installed, etc.
26
Endpoint
anything used from a computer perspective - computer, server, mobile device
27
Application Whitelisting
process of denying software application or executable files to be present on the endpoint pitch point: typical AVs will notify you of suspicious software to allow you to whitelist
28
Sandbox
isolated environment that enables users to open files without affecting an application
29
Exploit mitigation
stops attacks on common apps that the vendor has not patched on windows
30
Patching
modification to a program to improve security, performance ex: referred to as bug fix because of an imperfection in the application question: do you have any patching software?
31
Kernel Level
What is the kernel level? - core of your operating system and it runs at the lowest level possible Why is it important for us? - allows us to get better visibility into malicious commands / process executions then other vendors we can see more. we can stop more