Welcome to Cybersecurity 101
A glossary of cybersecurity terms
Browse Illumio’s library of cybersecurity 101 articles to learn about the fundamentals, key trends, and latest insights.
Application discovery and dependency mapping gives you an overview of what is on your network and how it operates.
Application dependency mapping is the process to determine the following:
An attack surface is all of an organization's IT assets that are exposed to a potential attacker.
These assets may have physical or digital vulnerabilities that an unauthorized user can leverage to gain access to a corporate network and extract data. People themselves can also be an attack surface when they are targeted with phishing emails and other types of social engineering.
Botnets are networks of computers that have been hijacked by malware and used to carry out cyberattacks. Most of the time, devices that are part of the botnet or "bots", are not the target of the attack and may only experience slower processing speeds when the bot software uses resources.
But if your network or applications are a target of a botnet, the bots in a botnet will point all of their processing power toward that one target, creating much more damage than one computer can inflict.
Cloud migration is a process many companies are undergoing to modernize their IT infrastructure. In this article, we explain what cloud migration is, how an enterprise can benefit from it, and strategies you can use to implement it. Before we learn about cloud migration, let's look at cloud computing.
Cloud security is the protection of data, technologies, controls, policies, and services in cloud computing environments from cyber threats and cyber attacks. Cloud security is a form of cybersecurity.
Cloud applications and workloads are distributed across the country or the world to provide speed, access, and scalability. Cloud workload protection keeps these workloads secure as they move between different cloud environments. Older security strategies like endpoint protection and firewalls miss what is happening in the cloud environment.
Common Criteria or CC is an international standard for computer security. It is a framework that computer users can employ to specify functional and assurance requirements for security.
The US, Canada, the Netherlands, Germany, France, and the UK developed the Common Criteria for Information Technology Security Evaluation in 1994. They defined a set of security requirements that products and systems must meet for government deployments. Since then, many other countries have signed the agreement.
Container orchestration is the automated management of containers. This allows a software team to maneuver these containers. This is done using strategic deployment, managing lifecycles, load balancing, and networking. An application consists of different microservices. One of which, the frontend, is what end-users interact with. However, in addition to the frontend, there are other microservices. These all work together to make the application function. A container orchestration platform manages each microservice of a container environment.
Containers are often penetrated by attacks like access control or application code exploits, or attackers take advantage of container image vulnerabilities. This can lead to kernel panics, the execution of privilege escalations, or other threats against your system.
Despite these risks, containerization offers several benefits. They’re fast, lightweight, making it easy to replicate your apps’ environments. They're also a great asset during the testing and refinement phase of the development process.
A cyberattack is an assault that cybercriminals have launched to target a network or the devices, applications, and data on a network. Attackers can steal data, disable or damage devices, and leave malware behind that can launch future attacks on other networks. The methods used to deploy a cyberattack can include malware, phishing, ransomware, distributed denial of service attacks, and other techniques.
Any device or network connected to the Internet is exposed to many types of threats. Cyberattacks are one type of threat targeting systems that connect to the Internet.
Cybersecurity is a term that defines the processes, technologies, and practices used to safeguard devices, applications, networks, and data from damage or unauthorized access. Cybersecurity is also known as electronic information security or information technology security.
DevSecOps means "development, security and operations". It is a mindset and a way of working that ensures everyone is accountable for the security of the IT in the organization. When DevSecOps best practices are implemented, everyone is responsible for making good security decisions and taking action throughout the development process and with regard to how solutions are deployed, used and managed.
A distributed denial of service attack (DDoS) is an attempt to make an online service inaccessible by hitting it with a massive amount of traffic from a variety of machines. A DDoS attack can block access to servers, devices, databases, networks, and applications.
The difference between a DDoS attack and a standard denial of service attack is that a DDoS attack comes from multiple machines rather than just one. Let's look at how this is accomplished.
Many employees today are issued laptops. Some workers at the office even have desktop systems, often for development work. These are the endpoints that need to be protected from malware with endpoint security.
Why? Because attacks start at an endpoint or are headed to one.
That being the case, you’ll probably want to know, “What is endpoint security?” Let’s examine how today’s endpoint security, consisting of tools like next-generation antivirus (NGAV), endpoint segmentation, or endpoint detection and response (EDR), came to be.
A firewall is a network security device that monitors and controls incoming and outgoing network traffic. Security rules set in the firewall device determine what type of data packets will be allowed into or out of a network.
Any device connected to the internet needs to be secured from the risks that come with being connected. A firewall is one type of device used for internet security.
A hypervisor is what makes virtualization technology possible. A hypervisor is a layer of software that allows a host machine to host multiple virtual machines. Let's look at the definition of virtualization to get a clearer understanding of what hypervisors do.
A hypervisor manages the partitioning of host hardware into separate virtual machines and runs these virtual machines. Another name for a hypervisor is a virtual machine monitor or VMM.
Kubernetes security is an open-source system for automating the deployment, scaling, and management of containerized applications. It is easier to manage, secure, and discover containers when they are grouped into logical units, and Kubernetes is the leading container management system in the market today. Securing your systems with Kubernetes requires understanding how the system works and when and how vulnerabilities of different types can enter your system when creating, deploying, or running applications using Kubernetes.
Lateral movement has become synonymous with data breaches over the past several years, which references cybercriminals' techniques once they gain access to a network. Lateral movement allows hackers to move deeper into a system to track sensitive data, intellectual information, and other high-value assets.
Malware is a catch-all phrase that is a shortened version of "malicious software," which means it is any type of software that can damage devices, steal data, and cause chaos. This differs from a bug in software because while a bug is an accident, attackers create malware to intentionally cause harm.
While malware won't most usually damage physical hardware or systems, it can steal information, encrypt data and demand a ransom, delete files, spy on you to capture personal data, or hijack your system to use for free processing resources.
Micro-segmentation is a security technique that breaks data centers and cloud environments into segments down to the individual workload level. Organizations implement micro-segmentation to reduce attack surface, achieve regulatory compliance, and contain breaches.
Micro-segmentation detaches segmentation from the network by leveraging the host workload firewall to enforce policy across east-west communication, not just north-south.
A network access control (NAC) system is a network solution that allows only authenticated, compliant, and reliable endpoint nodes, users, and devices to gain access to corporate networks and otherwise restricted access areas. Once devices are connected, these systems provide visibility into what is on the network, on both managed and unmanaged devices.
NAC systems also control where users may go on a network once they have been granted access. This process is also known as segmentation, which takes larger networks and compartmentalizes them into smaller pieces or networks.
Network Security is an umbrella term that encompasses the security measures which are taken to protect computer systems, the data they store, transport and utilize, and also the people who use and look after these systems and data. It is concerned with the hardware, software, and policies that aid in the quest to protect computer networks, especially where sensitive information is involved.
Network segmentation is the practice of breaking larger networks or environments into smaller pieces or networks, sometimes down to the host itself.
How to do network segmentation? There are multiple ways to segment a network. One common approach is relying on the network itself. Another way is to deploy hardware firewall appliances. Newer approaches enforce network segmentation on the host workload itself, so segmentation is carried out without touching the network.
PCI DSS stands for Payment Card Industry Data Security Standard, and is a set of information security standards for any organization that handles and accepts branded credit cards from the major credit card networks—American Express, Discover Financial Services, JCB International, MasterCard, and Visa. PCI DSS has been around since 2006 and covered organizations are currently required to comply with PCI DSS 3.2.1.
Personally identifiable information (PII) is any sensitive information or data intended to identify an individual. Sometimes a single piece of PII can identify a specific person, while at other times, other relevant PII details are required to result in a precise match to an individual.
Phishing attacks are an attempt to trick people into doing things they would "never" do using social engineering. By masquerading as people with authority and using fear tactics, scammers can scare people into submitting their login credentials on a site that looks just like their banking site but isn't.
Ransomware is a type of malware that encrypts files and information on a system and prevents access to the information until a ransom is paid via cryptocurrency to decrypt them. The hallmark of ransomware has been the conspicuous ransom note that appears on victims’ computer screens indicating files have been encrypted. Victims are often given a specified amount of time to pay the ransom prior to their files being destroyed. For example, CryptoWall gave victims three days to pay.
Role-based access control (RBAC) is a way of limiting or managing access to or use of an application or network, based on an individual or device’s role in the organization and the permissions assigned to their role. RBAC allows employees to have access only to the applications and information necessary to do their job, and limits access to any information that doesn’t pertain to their role.
Many of us have experienced it at one time or another – we go to log into an online account only to discover that we’ve been hacked. We’ve lost access, and there’s a good chance that at least some of our sensitive, personal data is now in unknown hands. But data theft doesn’t just happen to individuals; often, businesses and other organizations are the victims of corporate security breaches.
A security breach is when an attacker circumvents organizational security controls to illicitly access and steal corporate data.
An information technology (IT) security policy sets the rules and procedures for users who access a company's IT resources. These rules protect an enterprise's data and systems from unauthorized access, use, modification, or destruction. They establish the incident response actions that will be taken if IT systems are ever compromised. These security standards are also used to configure authentication services and other security-based software.
Software-defined networking is a modern, dynamic alternative to traditional networking that aims to make the network easier to administrate and troubleshoot. In place of hardware devices like routers and switches, SDN communicates within the infrastructure established using APIs or software-based controls. This makes an SDN a more efficient alternative to an old fashioned network as improving network performance is much simpler for administrators.
Threat intelligence is the information that a business or other organization uses to identify potential cybersecurity threats that it will face. Professionals look into these potential threats so that they can be prepared for a breach to take place pre-emptively. This means that the organization can install antiviral and malware-combatting software, back up necessary data, and stop valuable resources from being stolen or lost.
Virtual Desktop Infrastructure (VDI) is a technology that allows the hosting of desktop environments on a central server or a cloud provider. End users can then access these virtual desktop environments remotely over the network from their personal laptops or tablets. A VDI can host virtual PCs, virtual tablets, thin clients, and other device images.
Vulnerability management is the process of discovering, prioritization, remediation, and ongoing measurement and reporting of security vulnerabilities in software and systems. This process is essential for organizations to understand and address vulnerabilities to minimize their "attack surface."
Learn what a zero-day exploit vs. a zero-day vulnerability is, how they are used in cyber attacks, and why your organization needs to be able to protect against zero-day attacks.
Zero Trust architecture is a security strategy eliminating implicit trust by using micro-segmentation to help prevent breaches, ransomware, and lateral movement.
Zero Trust Network Access (ZTNA) models adaptively grant access to authorized users or devices based on contextual awareness. These systems set access permissions to deny by default, and only authorized users who are approved based on identity, time, device, and other configurable parameters are provided access to your network, data, or applications. Access is never implicitly granted and is only granted on a preapproved and need-to-know basis.