Glossary

GLIMPS offers a glossary of cybersecurity terms

Backdoor

The principle behind a backdoor is to provide access to data contained in software or hardware that is kept secret from the legitimate user.

Backup

Computer backup is the oldest and undoubtedly most common means of protecting data. Nevertheless, it remains indispensable in the face of the risk of physical loss of the medium or computer attack.

Bastion

In information systems security, a bastion (bastion host) is a computer network element located in an area accessible from the outside, such as the Internet, by placing it either in front of the firewall of an intranet (private information system) or in a demilitarized zone (DMZ) of this intranet, partially filtered by a firewall.

Blackbox

It’s the representation of a system without considering its inner workings. The latter is either inaccessible or deliberately omitted.

BCP

Business Continuity Planning
Plan to ensure that business processes can continue in the event of an emergency or disaster.

BDA

Battle Damage Assessment
During an incident response action, the BDA is the map of the elements (equipment) compromised at a given time.

BEC

Business Email Compromise
Represents all the types of computer attack an organization can face by clicking on a fraudulent e-mail at work.

CASB

Cloud Access Security Broker
On-premise or cloud-based software that sits between cloud service users and cloud applications, monitoring all activities and enforcing security policies.

CIS

Center for Internet Security
A non-profit organization founded in 2000 and based in New York. The organization was created to help companies achieve a high level of security, through the implementation of recommendations and the application of benchmarking techniques (i.e., a marketing technique which consists of studying and analyzing the management techniques of other organizations in order to draw inspiration from them and get the best out of them).

CERT  – FR

Computer Emergency Response Team France
Created in February 2000 under the name CERTA, it is the governmental center for monitoring, alert and response to computer attacks in France. It is part of the international CERT (Computer Emergency Response Team) network. Since January 2014, CERTA has become CERT-FR.

CERT

Computer emergency response team
CERT is a watchdog. Its mission is to manage and process incident alerts, and to prevent IT security incidents.

Cobalt Strike

Commercial tool used by cybercriminals. It greatly simplifies the task of offensive security teams, generally referred to as “Red Teams”. Cobalt Strike is a kind of “Swiss Army knife”, combining several functions, such as payload generation for connection to the command and control server.

Cobit

Control Objectives for Information Technologies
American standard for best practices in IT auditing and information systems governance.

Cryptolocker

Cryptolocker is ransomware malware that targets both local and remote computer data carriers (hard disks, corporate networks, USB sticks, data in the cloud, etc.).

CSIRT

Computer security incident response team.
This term is used instead of CERT in countries other than the USA, as the term CERT is a trademark of Carnegie-Mellon University.

CSPM

Cloud Security Posture Management
Market segment for IT security tools designed to identify misconfiguration issues and compliance risks in the cloud. An important objective of CSPM programming is to continuously monitor cloud infrastructure for gaps in security policy enforcement.

CSRF

Cross-site Request Forgery
Type of vulnerability in web authentication services.

CTI

Cyber Threat Intelligence
Discipline based on intelligence techniques, the aim of which is to collect and organize all information relating to threats in cyberspace. The aim is to build up a picture of attackers or to highlight trends.

CVE

Common Vulnerability and Exposure
Refers to a public list of computer security flaws. When we speak of a CVE, we are generally referring to a security flaw to which a CVE identifier has been assigned.

CVSS

Common Vulnerability Scoring System
Standardized system for assessing the criticality of vulnerabilities according to objective, measurable criteria.

Cyberattack

Malicious attack on computer systems.

Cyberspace

All the networks linking connected objects.

C2 or C&C

Command and Control
Attacker technique to maintain communication with compromised devices after initial exploitation.

DA

Domain Admin
Members of this group have full control of the domain. By default, this group is a member of the administrator group on all domain controllers, all domain workstations and all domain member servers at the time they are joined to the domain. By default, the administrator account is a member of this group.

DC

Domain Controller
On Microsoft servers, a domain controller is a server computer that responds to security authentication requests within a Windows domain.

DDOS

Distributed Denial of Service
Denial-of-service attack aimed at making one or more services unavailable.

DLL

Dynamic Link Library
A DLL is a software library whose functions are loaded into memory by a program, as required, during execution, as opposed to static or shared software libraries whose functions are loaded into memory before program execution begins.

DLP

Data Loss Prevention
Data leakage protection system.

DMZ

Demilitarized zone
Hosts services that are displayed and accessible from outside a company.

DNS

Domain Name Server
Service whose main function is to translate a domain name into an IP address. DNS acts as a directory that a computer consults when accessing another computer on a network.

Downloader

Malware that downloads (and executes) other malware on affected systems. Examples: Qakbot / Bumblebee

DPO

Data Protection Owner
It ensures that the law governing the protection of personal data is properly applied.

EBIOS RISK MANAGER

Expressing needs and identifying safety objectives
The benchmark French risk analysis method, enables organizations to assess and treat risks.

ECW

European Cyber Week
Annual European cyberdefense and cybersecurity forum in Rennes.

EDR

Endpoint Detection and Response
Tools and solutions for detecting threats on terminals.

EMM

Enterprise Mobility Management
Enterprise Mobility Management is the set of people, processes and technologies focused on managing mobile devices, wireless networks and other mobile IT services in a business context.

ESG

Email Security Gateway
A type of mail server that protects an organization’s or user’s internal mail servers. This server acts as a gateway through which all incoming and outgoing e-mails pass. A Security Email Gateway is a device or software used to monitor sent and received e-mail.

Exploit

A tool designed to exploit a vulnerability.

2FA

Two-factor authentification
Strong authentication method by which a user can access a computer resource (a computer, a smartphone or a website) after presenting two distinct proofs of identity to an authentication mechanism.

False negative

Failure to detect an incident when it should have been detected.

False Positive

Event, detection of an abnormal action (e.g. an intrusion) when it is a legitimate action.

FIC

Forum international de la Cybersécurité
Annual European cybersecurity forum in Lille.

FIM

File Integrity Monitoring
Protect sensitive data and meet compliance requirements.

Firewall

Network security device that monitors incoming and outgoing network traffic and authorizes or blocks data packets based on a set of security rules.

Forensic

Digital investigation
Refers to the discipline of investigating the aftermath of a computer attack. Investigators try to understand how the attack was carried out, looking for clues left by the attacker(s). Forensic analysis is carried out on a variety of digital data sources (disk dump, memory, network captures, logs, etc.), wherever possible starting with the most volatile (RAM and network pcap, then hard disks and logs).

Full disclosure

Vulnerabilities that are made public and corrected. They are processed in full disclosure.

GDPR

General Data Protection Regulation
GDPR provides a framework for the processing of personal data within the European Union.

GPO

Group Policy Object
GPOs are settings, deployed by the administrators of a Windows computer network, on all or some of the company’s workstations and servers. These settings can apply restrictions, privileges or scripts, or modify system parameters, without the administrator having to perform these operations manually on every machine in the environment.

GRC

Governance, Risk and Compliance
Activities designed to ensure that the IT organization takes into account the company’s current and future needs, and complies with all IT-related mandates.

Greybox

A type of audit in which auditors have access to several user accounts in the same application, corresponding to different privilege levels.

Hardening

This is the process of securing a system.

HIP

Hack in Paris
An event for cybersecurity experts and enthusiasts.

HIPAA

Health Insurance Portability and Accountability Act
Legislation that sets the standard for the protection of sensitive patient data. Companies handling protected health information (PHI) must have physical, network and process security measures in place, and follow them to ensure HIPAA compliance.

Keychain

This is the system developed by Apple for its macOS and iOS systems, enabling secure storage and access control of user “secrets” (passwords, encryption keys, certificates, etc.).

Keylogger

Spyware generally collects computer data. A keylogger collects only keystrokes or mouse movements.

Killchain

Representation to describe the phases of a cyber attack, from reconnaissance to data exfiltration.

LAN

Local Area Network
Refers to a company’s internal computer network, which is supposed to be unreachable from the Internet.

MAAS

Malware as a service
A model for exploiting malware (infrastructure, payloads, etc.), making hacking accessible to anyone who acquires it. Often offered for sale on the darkweb or for rent.

Malware

Malware, also known as malicious software, is a program developed with the aim of damaging a computer system, without the consent of the user whose computer is infected.

Malware variant

Cybercriminals are continually modifying malware to be unpredictable and effective.

MDM

Mobile Device Management
Mobile Device Management (MDM) is software that enables IT administrators to control, secure and enforce policies on smartphones, tablets and other devices.

MDR

Managed detection and response services
Managed solutions (managed by a cybersecurity provider) for incident detection and response.

MFA

Multi-factor Authentification
Mainly known for providing an additional defense and making it more difficult for an unauthorized person to gain access to a network or database (thanks to strong authentication).

MITM

Man in the Middle attack
Man-in-the-middle attack aims to intercept communications between two parties, without either of them suspecting that the communication channel has been compromised.

MITRE ATT&CK

Conflicting tactics, techniques and common knowledge
Knowledge base of techniques and tactics used by hackers. Best known for its matrix form, this tool is used to model and conceptualize computer attacks.

ML

Machine Learning
Field of study of artificial intelligence, concerns the design, analysis, development and implementation of methods enabling a machine (in the broadest sense) to evolve through a systematic process, and thus perform difficult or problematic tasks by more conventional algorithmic means.

MSSP

Managed Security Service Providers
Outsourced service provider for event monitoring and management of security devices and systems in the customer’s environment.

MTBF

Mean Time Between Failures
Mean time between failures. Refers to the mean time between non-repairable failures of a technological product. The higher the MTBF, the more reliable the system.

MTTA

Mean Time to Acknowledge
Average acknowledgement time. Average time between the triggering of an alert and the start of work to resolve the problem.

MTTC

Mean Time to Contain
To calculate MTTC, take the sum of the hours spent detecting, acknowledging and resolving an alert, and divide it by the number of incidents. Many consider MTTC to be one of the most important incident response metrics, as a low MTTC gives an overall picture of how well your team is working together.

MTTD

Mean Time to Detect
Cybersecurity teams track incidents in their MTTD environment, or mean time to discover. The lower an organization’s MTTD, the more likely it is to limit the damage caused by a cyber incident.

MTTR

Mean Time to Respond to threat
Average response time. Average time taken to recover from a product or system failure, from the moment you are first notified of the failure.

NAS

Network Attached Storage
A storage device used for storing and sharing files over a network (usually Ethernet or WAN). It is a file server capable of operating autonomously.

NDR

Network Detection and Response
These are solutions designed to detect cyber threats on corporate networks using machine learning and data analysis.

NHT

Non-Human Traffic
Non-human traffic is the generation of online page views and clicks by automated robots, rather than human activity. This automated bot traffic often acts with malicious intent to steal your content, access confidential data about your company and users, or skew your analytics.

NIS

Network an Information System Security
European directive adopted in 2016 to address the risks of cyberattacks. Piloted and applied in France by ANSSI.

NIST

National Institute of Standards and Technology
The NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the U.S. National Institute of Standards and Technology based on existing standards, guidelines and practices.

NOC

Network Operations Center
One or more sites from which a computer network, telecommunications network or satellite network is monitored and controlled.

ODR

Online Dispute Resolution
Online dispute resolution mechanism.

Obfuscation

Code darkening technique that consists in rendering source code unintelligible to a human. Sometimes used by malware authors to slow down retro-design or evade the checks and detections of anti-malware tools.

On premise

Installed software that runs on computers on the premises of the person or organization using the software.

OT

Operational Technology
OT stands for operating technology. It is responsible for industrial information systems, usually referred to as IIS.

Payload

In computing, a payload is the carrying capacity of a packet or other unit of transmission data. The term has its roots in the military and is often associated with the ability of executable malicious code to cause damage. The term payload has two meanings: data payload, which relates to the transport of data over a network, and malware payload, which refers to malicious code used to exploit and compromise computer networks and systems.

PAM

Privileged Access Management
PAM is a tool or strategy for managing privileged access. It defines the access levels associated with user profiles, as well as the data subject to these restrictions.

Password Dumper

A popular technique whereby an attacker scans a compromised computer for credentials to move laterally and/or carry out other attacks.

PCI – DSS

Payment Card Industry / Data Security Standard
Payment card industry security standard.

Pentest

Penetration testing
Method for assessing the security of an information system or computer network.

Phishing

A technique used by fraudsters to obtain personal information in order to perpetrate identity theft.

POC

Proof of concept
It’s the positive demonstration of a certain idea or method.

PUP

Potentially Unwanted Program
A potentially unwanted program is one that a user may perceive as undesirable. It is a term used by security and parental control products to subjectively designate certain software.

RAAS

Ransomware as a service
Based on the same principle as Maas, but applied solely to ransomware.

RANSOMWARE

Shortcut for Ransom Software
A type of computer threat that renders a system’s data inaccessible by encrypting it with a key. The attacker then demands a ransom in exchange for the key to decrypt the files, or for non-disclosure of the data.

RAT

Remote Administration Tool
Computer software enabling remote control of a computer. RAT is not necessarily a virus.

Reverse-engineering

Refers to a method of studying the operation of compiled software without having access to its source code. This makes it possible to understand how a threat works, with the aim of blocking or analyzing legitimate software for exploitable vulnerabilities.

Rootkit

Malware package
Designed to enable an intruder to gain unauthorized access to a computer or network. Rootkits are difficult to detect and can conceal their presence in an infected system.

Sandbox

Dynamic analysis in a confined environment for behavioral observation. In other words, an isolated virtual machine in which potentially dangerous software code can run without affecting network resources or local applications.

SIEM

Security Information Management System
Security information management system in a single tool. A SIEM solution combines security information management (SIM) and security event management (SEM) functions.

SMTP

Simple Mail Transfer Protocol
Communication protocol used to transfer e-mail to e-mail servers.

SOAR

Security Orchestration, Automation and Response
Is a stack of solutions that enables a company to collect data on security threats from multiple sources and respond to low-level security incidents without human intervention.

SOC

Security Operations Center
Division of a company responsible for overseeing IS to protect against cyber-attacks and ensure the IT security of all infrastructures.

Social engineering

All computer attacks focusing on human vulnerabilities.

Spyware

Form recovery. Malware designed to capture and record user input and activity.

SSID

Service Set Identifier
Name of a wireless network according to the IEEE 802.11 standard. This name consists of a string of characters from 0 to 32 bytes. In infrastructure mode, it identifies the wireless access point. In ad-hoc or peer-to-peer mode, it identifies the connection.

SSL

Secure Sockets Layer
Security protocol used to secure information exchanges between devices connected to an internal network or the Internet.

SSO

Single Sign-On
Single point of authentication. Solution that centralizes the authentication systems of several applications or systems.

SSTIC

Symposium on information and communication technology security
French-speaking conference on information security.

STIG

Security Technical Implantation Guides
A security implementation guide is a configuration standard containing the cybersecurity requirements for a specific product.

SQLI

Structured Query Language Injection
A form of cyberattack in which a hacker uses a piece of SQL (Structured Query Language) code to manipulate a database and gain access to potentially important information.

SWIFT

Society for Worldwide Interbank Financial Telecommunication
International organization that organizes communication between banks worldwide. Means “prompt”, “fast” in English.

TDR

Threat Detection and Response
Enables security operators to detect and neutralize attacks before they cause disruption or turn into breaches.

Threat Hunting

Proactive search for cyber threats that are present in a network but have not yet been detected (used by endpoints).

TLS

Transport Layer Security
Protocols for securing computer network exchanges, especially over the Internet.

Threat Intel

Threat Intelligence ou Cyber Threat Intelligence
Action that consists in identifying and analyzing cyber threats, then examining and identifying the issues to be addressed and deploying solutions.

Trojan

Hidden malware that can infiltrate software.

TTP

Tactics, Techniques, and Procedures
Key concept in cybersecurity and threat intelligence. The aim is to identify patterns of behavior that can be used to defend against specific strategies and threat vectors used by malicious actors.

UEBA

User and Entity Behaviour Analytics
Innovative cybersecurity technology that uses machine-learning algorithms to create a baseline of normal user behavior within your network. It observes everyone’s behavior.

VPD

Vulnerablities per Device
Vulnerabilities are the gateway to cybersecurity attacks.

VPN

Virtual Private Network
Virtual private network. A system for creating a direct link between remote computers, isolating their exchanges from the rest of the traffic taking place on public telecommunication networks.

WAF

Web Application Firewall
A type of firewall that protects the Web application server in the backend against various attacks. WAF ensures that web server security is not compromised by examining HTTP / HTTPS request packets and web traffic patterns.

WAN

Wide Area Network
A WAN is a wide-area computer network linking, for example, all a company’s resources between different cities, regions or countries. The Internet is often referred to as the largest WAN.

Worm

Malware attempting to spread to other systems or devices.

WSG

Web Security Gateway
A secure Web gateway is a cybersecurity product that protects corporate data and enforces corporate security policies. According to Gartner, a secure web gateway should, at a minimum, include URL filtering, malicious code detection and filtering, as well as controls for popular cloud applications such as instant messaging and Skype.

XDR

eXtended Detection and Response
Monitor continuously and proactively, for early warning of suspected attacks.

XSS

Cross-site scripting
A type of website security flaw that allows content to be injected into a page, causing actions to be taken by web browsers visiting the page.

0 day attack

Unpublished vulnerability with no known patch.

ZTNA

Zero Trust Security Model
Sometimes referred to as perimeterless security, describes an approach to the design and implementation of IT systems. Unlike a VPN, which focuses exclusively on the network, ZTNA mounts a layer, effectively providing network-independent application security. It is also transparent, which can significantly enhance the user experience.