Active Directory security is vital to protect user credentials, company systems, sensitive data, software applications, and more from unauthorized access. Active Directory (AD) is a Microsoft Windows directory service that allows IT administrators to manage users, applications, data, and various other aspects of their organization’s network. A security compromise of AD can essentially undermine the integrity of your identity management infrastructure, leading to catastrophic levels of data leakage and/or system corruption/destruction.
Application control is a cybersecurity measure that regulates and manages the execution of software applications on a computer or network. It involves defining and enforcing policies that dictate whether applications can run, as well as how they are allowed to execute.
Application-to-application password management solutions are designed to automate the identification, security, and distribution of application passwords and credentials in an auditable fashion. In turn, this approach reduces the risk of a breach where an exposed application password is used, either to gain access to sensitive information or to move further into the network. Application password management tools relieve the manual burden of managing application passwords, approving credential requests, and other tasks subject to human error or negligence.
Cloud security—also called cloud computing security—refers to the discipline and practice of protecting cloud computing environments, applications, data, and information. Cloud security entails securing cloud environments against unauthorized use/access, distributed denial of service (DDOS) attacks, hackers, malware, and other risks. While cloud security applies to security for cloud environments, the related term, cloud-based security, refers to the software as a service (SaaS) delivery model of security services, which are hosted in the cloud rather than deployed via on-premise hardware or software.
The cyber-attack chain (also referred to as the cyber kill chain) is a way to understand the sequence of events involved in an external attack on an organization’s IT environment. Understanding the cyber-attack chain model can help IT security teams put strategies and technologies in place to “kill” or contain the attack at various stages, and better protect the IT ecosystem.
Cyber Security refers to the practice of reducing cyber risk through the protection of the entire information technology (IT) infrastructure, including systems, applications, hardware, software, and data. Information security (InfoSec), or data security, is a chief component of cyber security and entails ensuring the confidentiality, integrity, and availability of data.
DevOps security refers to the discipline and practice of safeguarding the entire DevOps environment through strategies, policies, processes, and technology. DevOps security should enable a productive DevOps ecosystem, while helping to identify and remediate code vulnerabilities and operational weaknesses long before they become an issue.
A digital identity is typically defined as a one-to-one relationship between a human and their digital presence. A digital presence can consist of multiple accounts, credentials, and entitlements associated with an individual. This may be a person, organization, application, or device used for authentication, authorization, automation, and even impersonation during runtime.
Endpoint security refers to the strategies and technologies for preventing, containing, mitigating, and remediating threats to endpoints. In this glossary post, we will explore what endpoint security is, including the challenge of managing and securing endpoints, some key endpoint attack vectors, and strategies and technologies for implementing endpoint protection.
File integrity monitoring (FIM) is an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted. FIM, which is a type of change auditing, verifies and validates these files by comparing the latest versions of them to a known, trusted “baseline.”
If FIM detects that files have been altered, updated, or compromised, it can generate alerts to ensure further investigation. Then, if necessary, remediation takes place. File integrity monitoring encompasses both reactive (forensic) auditing as well as proactive, rules-based active monitoring.
Hardcoded passwords, also often referred to as embedded credentials, are plain text passwords or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non-encrypted) passwords and other secrets (SSH Keys, DevOps secrets, etc.) into the source code. Default, hardcoded passwords may be used across many of the same devices, applications, and systems, which helps simplify set up at scale, but at the same time, poses considerable cybersecurity risk.
Identity and Access Management (IAM), also called identity management, refers to the IT security discipline, framework, and solutions for managing digital identities. Identity management encompasses the provisioning and de-provisioning of identities, securing and authentication of identities, and the authorization to access resources and/or perform certain actions. While a person (user) has only one singular digital identity, they may have many different accounts representing them. Each account can have different access controls, both per resource and per context.
Least privilege, often referred to as the principle of least privilege (PoLP), refers to the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, authorized activities. Privilege itself refers to the authorization to bypass certain security restraints. A least privilege security model entails enforcing the minimal level of user rights, or lowest clearance level, that allows the user to perform his/her role. However, least privilege also applies to processes, applications, systems, and devices (such as IoT), in that each should have only those permissions required to perform an authorized activity.
A logic bomb is a type of malicious code embedded in software that remains dormant until specific conditions are met. When triggered, a logic bomb virus executes a destructive action, such as deleting files or disrupting critical systems.
Malware, short for 'malicious software,' refers to any computer software (including firmware, microcode, etc.) created with the purpose of causing harm, such as stealing data or disrupting computers, systems, and other equipment.
Managed security service providers (MSSPs) are IT service businesses that specialize in providing security-as-a-services offerings for their customers. While MSPs (managed services providers) have been around for 20+ years, MSSP practices have gained more momentum in more recent years.
A Managed Services Provider (MSP) typically provides an array of IT services for their customers. While a traditional value-added reseller (VAR) operates on a transactional and short-term basis (such as around a hardware/software purchase and deployment), MSPs typically forge long-term partnerships with their customers over annual, or multi-year periods, and receive recurring income for continuous services. While any type of customer may seek out an MSP depending on their needs, MSPs commonly serve small to mid-sized business which may be understaffed, with some organizations lacking an in-house IT staff altogether.
A multi-factor authentication (MFA) fatigue attack – also known as MFA Bombing or MFA Spamming – is a social engineering cyberattack strategy where attackers repeatedly push second-factor authentication requests to the target victim’s email, phone, or registered devices.
An orphaned account (also called an orphan account) is a user account (employee or vendor) that retains access to applications and systems on a network without an active owner. There are many reasons why the original account owner (identity) may be inactive in the system. Inside this glossary definition, learn more about what causes orphaned accounts to occur, their top security risks, and how to discover and eliminate them in your own network.
Pass-The-Ticket Attacks are a type of cyberattack where an attacker steals a Kerberos ticket-granting ticket (TGT) from one user and uses it to impersonate that user on a network, bypassing authentication mechanisms and gaining unauthorized access to resources.
A Password is a word, phrase, or string of characters intended to differentiate an authorized user or process (for the purpose of permitting access) from an unauthorized user, or put another way, a password is used to prove one’s identity, or authorize access to a resource. It’s strongly implied that a password is secret. A password is usually paired with a username or other mechanism to provide authentication.
Password Rotation refers to the changing/resetting of a password(s). Limiting the lifespan of a password reduces vulnerability to password-based attacks and exploits, by condensing the window of time during which a stolen password may be valid.
Privileged access management (PAM) consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment. By dialing in the appropriate level of privileged access controls, PAM helps organizations condense their organization’s attack surface, and prevent, or at least mitigate, the damage arising from external attacks as well as from insider malfeasance or negligence.
A privileged account is any account granting access and privileges beyond those of non-privileged accounts. While some privileged accounts are associated with employee identities, other privileged accounts are associated with contractors, vendors, auditors or machines and applications. The credentials associated with privileged accounts are referred to as privileged credentials.
Privileged Password Management is the secure storing, sharing, creating, and handling of privileged passwords. Privileged password management may alternatively be referred to as privileged credential management, enterprise password management, enterprise password management, enterprise password security.
Ransomware is a type of malicious software that disrupts computers, servers, and other devices by installing itself and then blocking access, deleting, or otherwise compromising legitimate data and applications. It typically demands a payment, or ransom, to “unlock” the computer and grant full access to the device and any related data and applications.
Secrets management refers to the tools and methods for managing digital authentication credentials (secrets), including passwords, keys, APIs, and tokens for use in applications, services, privileged accounts and other sensitive parts of the IT ecosystem.
Secure Socket Shell (SSH) Key Management, also called Secure Shell Management, is a special network protocol leveraging public-key cryptography to enable authorized users to remotely access a computer or other device via access credentials called SSH keys. Because they are used to access sensitive resources and perform critical, highly privileged activities, it’s vital to properly manage SSH keys as you would other sensitive credentials.
Separation of privilege, also called privilege separation, is an information technology best practice applied by organizations to broadly separate users and processes based on different levels of trust, needs, and privilege requirements. Similar to the concept of network segmentation, separation of privileges essentially creates “moats” around specific parts of an IT environment. It helps contain intruders close to the point of compromise and restrict lateral movement, while also ensuring that employees, applications, and system processes do not have access to more data than they need. Segmenting privileges and the tasks associated with them also provides the benefit of a cleaner audit trail and simplifying compliance.
Systems hardening is a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas. The goal of systems hardening is to reduce security risk by eliminating potential attack vectors and condensing the system’s attack surface. By removing superfluous programs, accounts functions, applications, ports, permissions, access, etc. attackers and malware have fewer opportunities to gain a foothold within your IT ecosystem.
Vulnerability assessment refers to the process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the IT ecosystem. Vulnerability assessments provide security teams and other stakeholders with the information they need to analyze and prioritize risks for potential remediation in the proper context.
Vulnerability scanning is the process of discovering, analyzing, and reporting on security flaws and vulnerabilities. Vulnerability scans are conducted via automated vulnerability scanning tools to identify potential risk exposures and attack vectors across an organization’s networks, hardware, software, and systems. Vulnerability scanning and assessment is an essential step in the vulnerability management lifecycle.
A Pass-the-Hash Attack (PtH) is a technique whereby an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication and potentially lateral access to other networked systems. The threat actor doesn’t need to decrypt the hash to obtain a plain text password. PtH attacks exploit the authentication protocol, as the passwords hash remains static for every session until the password is rotated. Attackers commonly obtain hashes by scraping a system’s active memory and other techniques.
Windows auditing is the process of tracking, analyzing, and understanding events that take place on Windows-based computer systems. Windows auditing can reveal important contextual information about the who, what, when, and where, of system events. Administrators and security specialists can setup Windows auditing across various desktops, servers, and other devices on a Microsoft Windows-based network. Windows auditing watches for certain events taking place on Windows machines and logs those events. Security experts can then use computer forensic analysis to review these events and identify unusual or risky access or behavior.
Zero Standing Privileges (ZSP) refers to an IT environment in which there are no persistent, always-on privileged access rights. This requires the elimination of all standing privileges. ZSP is the desired end state of a just-in-time (JIT) privileged access management model and essential to achieving true least privilege.