terms

Question 1

remediation

Answer 1

process of addressing a breach and limiting damage to environment

Q: What is your plan for remdiation?

Question 2

IOA

Answer 2

Indicator of attack - a tool that recognizes patterns of attacks

Q: Does your current provider have a tool like this?

Question 3

Next Gen AV

Answer 3

Advanced AV software that protects against more sophisticated malware signatures because of its cloud approach

Q: What kind of AV do you have in place?

Question 4

EDR

Answer 4

Falcon Insight -
Endpoint Detection & Response - an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware

EX: DVR that records everything thats happening on the endpoint and feeding back up into our cloud , which we call the threat graph. once data is received, our EDR team solution will act on it.

Question: what is your experience with EDR?
What are you using for EDR (if any) today?

Question 5

Dwell Time

Answer 5

time vistor spends on page

Question 6

Workload

Answer 6

IT resources hosted by DC or cloud platforms

ex: the comp power to run an application

Question 7

SEIM

Answer 7

Security Event and Incident Management - provides real time analysis, monitoring/alerting on security logs from apps, hosts, devices
Brands of SEIM: Solarwinds has one, although thats not what they do

Question 8

MDR

Answer 8

Managed detection and response - outsourced cybsec services to protect data even if a threat eludes common sec org controls

Question 9

Threat Containment

Answer 9

A threat incident that is recognized, contained, and put on a path to eradication

Question 10

TEI

Answer 10

Total economic impact - forester report that measures benefits, costs, risk flexibility

lets customer compare from a credible source

Question 11

Biggest competitors (not all encompassing)

Answer 11

Sentinel One, Artic Wolf (MDR), Sophos, trend micro, fireeye

Question 12

Silo

Answer 12

isolated point on system where data is kept segregated from other parts of the architecture

Q: Have you experienced Silos getting in the way? - that’s a sign of a potential hacker using that to distract attention

Question 13

Ransomware

Answer 13

Malware designed to deny a user/org access to their file

Example: WannaCry outbreak demanding ransom payment for decryption key
Question: Have you experienced ransomware before?

Question 14

Malware

Answer 14

software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system
Example: computer virus, crypto-mining, ransomware

Question 15

Sensor

Answer 15

input devices that record data about the physical environment around it
Example: Data recorded from a detection connected to a light, heat, motion
Question:

Question 16

Script

Answer 16

program or sequence of instructions that is interpreted or carried out by another program rather than by the computer processor
Example: Python runs scripts on the server / app side. on the client side, java script

Question 17

Encryption

Answer 17

the process of converting information or data into a code, especially to prevent unauthorized access
Example: When a confidential email needs to be sent and you use a program that obscures its content
Question:

Question 18

BlackListing

Answer 18

collection of entities that are blocked from communicating with or logging into a computer, site
Example: IP address’ to bad sites like pornography, certain email domains, etc.

Question 19

Hashing

Answer 19

transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string
Example:

Question 20

telemetry

Answer 20

communication processes from multiple data sources

Question 21

SOC

Answer 21

Security Operation Center - centralized function within an organization, employing people, processes, and tech to imptove an organizations security

Question 22

Triage

Answer 22

Automated incident response software that companies use to to investigate network alerts

Question 23

Agent Bloat

Answer 23

program or machine code that is too long, slow, or wasteful to the
Ex: old legacy AV can be heavy on a users endpoint, and slow down other applications/processes

Question 24

Zero Day attacks

Answer 24

an attack that exploits a security weakness that the vendor may be unaware of
ex: Stuxnet: This malicious computer worm that targeted computers used for manufacturing purposes

Question 25

Security Hygiene

Answer 25

the practice of maintaining the basic health and security of software and hardware asset. everythings in compliance, has the latest version installed, etc.

Question 26

Endpoint

Answer 26

anything used from a computer perspective - computer, server, mobile device

Question 27

Application Whitelisting

Answer 27

process of denying software application or executable files to be present on the endpoint
pitch point: typical AVs will notify you of suspicious software to allow you to whitelist

Question 28

Sandbox

Answer 28

isolated environment that enables users to open files without affecting an application

Question 29

Exploit mitigation

Answer 29

stops attacks on common apps that the vendor has not patched on windows

Question 30

Patching

Answer 30

modification to a program to improve security, performance

ex: referred to as bug fix because of an imperfection in the application
question: do you have any patching software?

Question 31

Kernel Level

Answer 31

What is the kernel level? - core of your operating system and it runs at the lowest level possible

Why is it important for us? - allows us to get better visibility into malicious commands / process executions then other vendors

we can see more. we can stop more