Cybersecurity 101:
The Fundamentals of Cybersecurity

Cybersecurity is becoming increasingly important in today’s world. CrowdStrike is providing explanations, examples and best practices on fundamental principles of a variety of cybersecurity topics. If you're looking for information on endpoint protection, cloud security, types of cyber attacks and more, you’ve come to the right place – welcome to Cybersecurity 101!

Access LogRead Post >

An access log is a log file that records all events related to client applications and user access to a resource on a computer. Examples can be web server access logs, FTP command logs, or database query logs.

Active Directory Federation Service (AD FS)Read Post >

Active Directory Federation Service (AD FS) is a single sign on (SSO) feature developed by Microsoft that provides authenticated access to any domain, device, web application or system within the organization’s active directory (AD).

Address Resolution Protocol (ARP) SpoofingRead Post >

Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of spoofing attack that hackers use to intercept data. A hacker commits an ARP spoofing attack by tricking one device into sending messages to the hacker instead of the intended recipient.

Advanced Endpoint Protection (AEP)Read Post >

Advanced endpoint protection (AEP) is a next-generation endpoint security solution that uses AI, machine learning, and other intelligent automation capabilities to provide more comprehensive cybersecurity protection from a variety of modern threats.

Advanced Persistent Threat (APT)Read Post >

An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time.

AdwareRead Post >

Adware — or advertising-supported software — is automated, unwanted software designed to monitor online user behavior and bombard them with targeted advertisements, banners and pop-ups.

API SecurityRead Post >

API security involves implementing measures to safeguard data confidentiality, integrity, and availability. These measures include setting up authentication and authorization mechanisms that permit only authorized users and applications to access the API.

Application LogRead Post >

Software applications generate logs when something occurs within (or affects) the application. IT teams typically use application log data to investigate outages, troubleshoot bugs, or analyze security incidents.

Application MonitoringRead Post >

Application monitoring is the process of collecting log data in order to help developers track availability, bugs, resource use, and changes to performance in applications that affect the end-user experience (UX).

Application SecurityRead Post >

Application security is a set of measures designed to prevent data or code at the application level from being stolen or manipulated. It involves security during application development and design phases as well as systems and approaches that protect applications after deployment.

Attack SurfaceRead Post >

An attack surface is the sum of all possible security risk exposures in an organization’s software environment.

Attack Surface ManagementRead Post >

Attack surface management is the continuous discovery, monitoring, evaluation, prioritization and remediation of attack vectors within an organization's IT infrastructure.

Attack VectorsRead Post >

An attack vector is the method or combination of methods that cybercriminals use to breach or infiltrate a victim’s network.

Audit LogsRead Post >

Audit logs are a collection of records of internal activity relating to an information system. Audit logs differ from application logs and system logs.

AWS CloudTrail Vs AWS CloudWatchRead Post >

Amazon Web Services (AWS) offers various monitoring tools to assist users in monitoring their cloud systems. In this post, we’ll compare the AWS CloudTrail and AWS CloudWatch tools, exploring their key features, capabilities, differences, and similarities.

AWS Infrastructure ObservabilityRead Post >

In this article, we’ll cover the benefits of implementing infrastructure observability on AWS. We will explore a few key observability services from AWS, along with external services that you can integrate with your AWS account to enhance your monitoring capabilities.

AWS MisconfigurationsRead Post >

In this article, we’ll explore the most common sets of misconfigurations across the most common services, and give advice on how to stay safe and prevent potential breaches when making any modification to your infrastructure

Backdoor AttacksRead Post >

A backdoor attack is a clandestine method of sidestepping normal authentication procedures to gain unauthorized access to a system. It’s like a secret entrance that a burglar can use to get into a house — but instead of a house, it’s a computer or a network.

BackportingRead Post >

Backporting is when a software patch or update is taken from a recent software version and applied to an older version of the same software.

BootkitRead Post >

Bootkit is a type of malware used by a threat actor to attach malicious software to a computer system and can be a critical threat to your business.

BotnetRead Post >

A botnet is a network of computers infected with malware that are controlled by a bot herder.

Brute Force AttacksRead Post >

A brute force attack is uses a trial-and-error approach to systematically guess login info, credentials, and encryption keys. The attacker submits combinations of usernames and passwords until they finally guess correctly.

Business Email Compromise (BEC)Read Post >

Business email compromise (BEC) is a cyberattack technique whereby adversaries assume the digital identity of a trusted persona in an attempt to trick employees or customers into taking a desired action, such as making a payment or purchase, sharing data or divulging sensitive information.

BYOD (Bring-Your-Own-Device)Read Post >

Bring Your Own Device (BYOD) refers to a business policy that allows employees to use personally owned devices for work purposes. Common personal devices include smartphones, laptops, tablets, and flash drives.

Centralized LoggingRead Post >

Centralized logging is the process of collecting logs from networks, infrastructure, and applications into a single location for storage and analysis.

CI/CDRead Post >

CI/CD combines the practices of continuous integration (CI) and Continuous Delivery (CD) to allow DevOps teams to deliver code updates frequently, reliably, and quickly.

Cloud Access Security Broker (CASB)Read Post >

A cloud access security broker (CASB) is a security check point between cloud network users and cloud-based applications that manages and enforces all data security policies and practices, including authentication, authorization, alerts and encryption.

Cloud AnalyticsRead Post >

Cloud analytics is an umbrella term encompassing data analytics operations that are carried out on a cloud platform to produce actionable business insights.

Cloud ComplianceRead Post >

Cloud compliance is the act of complying with regulatory standards of cloud usage. The key difference between traditional and cloud compliance is largely how you go about meeting such requirements.

Cloud ComputingRead Post >

Cloud computing, commonly referred to as “the cloud", provides easy online access to a shared pool of configurable computing resources such as servers, storage, applications, and services.

Cloud Data SecurityRead Post >

Cloud data security refers to the technologies, policies, services and security controls that protect any type of data in the cloud from loss, leakage or misuse through breaches, exfiltration and unauthorized access.

Cloud EncryptionRead Post >

Cloud encryption is the process of transforming data from its original plain text format to an unreadable format before it is transferred to and stored in the cloud.

Cloud GovernanceRead Post >

Cloud governance is a set of policies and rules used by companies who build or work in the cloud. This framework is designed to ensure data security, system integration and the deployment of cloud computing are properly managed.

Cloud InfrastructureRead Post >

Cloud infrastructure is a collective term used to refer to the various components that enable cloud computing and the delivery of cloud services to the customer. This includes hardware, software, network devices, data storage and an abstraction layer that allows users to access virtualized resources. 

Cloud Infrastructure Entitlement Management (CIEM)Read Post >

CIEM helps enterprises to manage entitlements across all of their cloud infrastructure resources. The primary goal of this tool is to mitigate the risk that comes from the unintentional and unchecked granting of excessive permissions to cloud resources.

Cloud MigrationRead Post >

Cloud migration is the process of transferring all business data capabilities — such as applications, workloads, and IT processes — into a cloud computing environment, popularly referred to as “the cloud.”

Cloud MonitoringRead Post >

Cloud monitoring is the practice of measuring, evaluating, monitoring, and managing workloads inside cloud tenancies against specific metrics and thresholds. It can use either manual or automated tools to verify the cloud is fully available and operating properly.

Cloud NativeRead Post >

This article will explore the fundamental principles of cloud native, why it is essential for modern software development, and how you can build apps securely in the cloud.

Cloud SecurityRead Post >

Cloud security is a collection of technologies, policies, services, and security controls to protect an organization’s sensitive data, applications, and environments in cloud computing systems.

Cloud Security ArchitectureRead Post >

Cloud security architecture is the umbrella term used to describe all hardware, software and infrastructure that protects the cloud environment and its components, such as data, workloads, containers, virtual machines and APIs.

Cloud Security AssessmentRead Post >

A cloud security assessment is an evaluation that tests and analyzes an organization’s cloud infrastructure to ensure the organization is protected from a variety of security risks and threats.

Cloud Security FrameworksRead Post >

Cloud security frameworks are sets of guidelines, best practices, and controls organizations use to approach the security of their data, applications, and infrastructure in cloud computing environments.

Cloud VulnerabilitiesRead Post >

As companies increase their use of cloud hosting for storage and computing, so increases the risk of attack on their cloud services. Companies must acknowledge this risk and defend their organization against potential cloud vulnerabilities.

Compromise Assessments ExplainedRead Post >

Compromise assessments are high-level investigations where skilled teams utilize advanced tools to dig more deeply into their environment to identify ongoing or past attacker activity in addition to identifying existing weaknesses in controls and practices. The intent of the comprehensive assessment is to answer the critical question: “Has my organization been breached?”

computer wormRead Post >

A computer worm is a type of malware that can automatically propagate or self-replicate without human interaction, enabling its spread to other computers across a network.

Container SecurityRead Post >

Container Security is the continuous process of using security tools to protect containers from cyber threats and vulnerabilities throughout the CI/CD pipeline, deployment infrastructure, and the supply chain.

Container-as-a-Service (CaaS)Read Post >

This guide will explore containerization's key role in modern application development and deployment. It will also discuss how containers as a service (CaaS) fits into the broader cloud service landscape, helping you stay ahead of the curve in this ever-evolving field.

ContainerizationRead Post >

Containerization is a software deployment technology that allows developers to package software and applications in code and run them in isolated compute environments as immutable executable images containing all the necessary files, configurations, libraries, and binaries needed to run that specific application.

Continuous MonitoringRead Post >

Continuous monitoring is an approach where an organization constantly monitors its IT systems and networks to detect security threats, performance issues, or non-compliance problems in an automated manner.

Credential HarvestingRead Post >

Credential harvesting is a cyberattack technique where cybercriminals gather user credentials — such as user IDs, email addresses, passwords, and other login information — en masse.

Credential StuffingRead Post >

Credential stuffing is a cyberattack where cybercriminals use stolen login credentials from one system to attempt to access an unrelated system.

Credential TheftRead Post >

Credential theft is the act of stealing personal information such as usernames, passwords and financial information in order to gain access to an online account or system.

CRUDRead Post >

CRUD is the acronym for CREATE, READ, UPDATE and DELETE. These terms describe the four essential operations for creating and managing persistent data elements, mainly in relational and NoSQL databases.

CRUD vs RESTRead Post >

In this article, we will introduce CRUD and REST, explain their similarities and differences, and then consider how to best monitor their performance.

Crypto-MalwareRead Post >

Crypto-malware is a type of malicious software, or malware, designed to carry out long-term cryptojacking cyberattacks.

CryptojackingRead Post >

Cryptojacking is the unauthorized use of a person's or organization's computing resources to mine cryptocurrency.

CVERead Post >

Common Vulnerabilities and Exposures (CVEs) is a framework and international effort to maintain updated registry of all known computer security vulnerabilities and exposures.

Cyber Big Game HuntingRead Post >

Cyber big game hunting is a type of cyberattack that usually leverages ransomware to target large, high-value organizations or high-profile entities.

Cyber EspionageRead Post >

Cyber espionage, or cyber spying, is a type of cyberattack in which an unauthorized user attempts to access sensitive or classified data or intellectual property (IP) for economic gain, competitive advantage or political reasons.

Cyber HygieneRead Post >

Cyber hygiene refers to the practices computer users adopt to maintain the safety and security of their systems in an online environment.

Cyber InsuranceRead Post >

Cyber insurance, sometimes referred to as cyber liability insurance or cyber risk insurance, is a type of insurance that limits a policy holder’s liability and manages recovery costs in the event of a cyberattack, data breach or act of cyberterrorism.

Cyber Kill ChainRead Post >

The cyber kill chain is an adaptation of the military’s kill chain, which is a step-by-step approach that identifies and stops enemy activity.

Cyber ResilienceRead Post >

Cyber resilience is the concept that describes an organization’s ability to minimize the impact of an adverse cyber event and restore their operational systems to maintain business continuity.

Cyber RiskRead Post >

Cyber risk measures the likelihood (probability) that an attacker may exploit a cyber threat, as well as considers the potential impact of that bad event, such as the loss of confidentiality, integrity and availability of an organization’s information.

CyberattackRead Post >

A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.

CybersecurityRead Post >

Cybersecurity is the act of defending digital assets, including networks, systems, computers and data, from cyberattacks.

Cybersecurity SandboxingRead Post >

Cybersecurity sandboxing is the use of an isolated, safe space to study potentially harmful code. This practice is an essential tool for security-conscious enterprises and is instrumental in preventing the spread of malicious software across a network.

CybersquattingRead Post >

Cybersquatting is the abusive practice of registering and using an internet domain name that is identical or similar to trademarks, service marks, personal names or company names with the bad faith intent of hijacking traffic for financial profit, delivering malware payloads or stealing intellectual property.

Dark WebRead Post >

The dark web is the part of the internet where users can access unindexed web content anonymously through special web browsers like TOR.

Data BreachRead Post >

A data breach is a security incident where an organization’s data is illegally stolen, copied, viewed, or released by an unauthorized individual or group.

Data ComplianceRead Post >

Data compliance is the practice of ensuring that sensitive and protected data is organized and managed in a way that enables organizations and government entities to meet relevant legal and government regulations.

Data LoggingRead Post >

Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and help predict future events.

Data ObfuscationRead Post >

​​Data obfuscation is the process of disguising confidential or sensitive data to protect it from unauthorized access. Data obfuscation tactics can include masking, encryption, tokenization, and data reduction.

Data ProtectionRead Post >

Data protection involves the policies, procedures, and technologies used to secure data from unauthorized access, alteration, or destruction.

Data SecurityRead Post >

Data security is the practice of protecting digital data from unauthorized access, use or disclosure in a manner consistent with an organization’s risk strategy.

Debug LoggingRead Post >

Debug logging specifically focuses on providing information to assist in identifying and resolving bugs or defects. 

Deep Web vs Dark webRead Post >

“Deep web” and “dark web” are NOT interchangeable terms. The deep web is any part of the Net that is not indexed by search engines. The dark web uses encryption software to provide even greater security.

Defense in DepthRead Post >

Defense in depth provides intensive security measures using a layered approach to protect your company from cyberattacks.

DevOpsRead Post >

DevOps is a set of practices, tools, and a cultural mindset that follows a collaborative organizational model. It combines the software development and operations teams into one collaborative group that helps an organization gain competitive edge through fast, high-quality service and application delivery.

DevOps MonitoringRead Post >

DevOps monitoring is the practice of tracking and measuring the performance and health of systems and applications in order to identify and correct issues early.

DevOps vs. DevSecOpsRead Post >

DevOps and DevSecOps share cultural similarities but address different business goals. Knowing when to use each practice or transition from DevOps to DevSecOps can improve your business.

DevSecOpsRead Post >

DevSecOps – short for development, security, and operations – is the practice of integrating security continuously throughout the software and application development lifecycle to ensure optimal security and performance efficiency.It is considered a necessary extension of the DevOps methodology.

Domain SpoofingRead Post >

Domain spoofing is a form of phishing where an attacker impersonates a known business or person with fake website or email domain to fool people into the trusting them.

EDR vs MDR vs XDRRead Post >

Learn the differences between endpoint detection and response (EDR), managed detection and response (MDR) and extended detection and response (XDR).

Email SpoofingRead Post >

Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.

EndpointRead Post >

An endpoint is any device that can be connected to a network. Common examples of endpoints include computers, laptops, mobile phones, tablets and servers.

Endpoint Detection and Response (EDR)Read Post >

Endpoint Detection and Response (EDR), also referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that continuously monitors endpoint devices to detect and mitigate cyber threats.

Endpoint ManagementRead Post >

Endpoint management is an IT and cybersecurity process that consists of two main tasks: evaluating, assigning and overseeing the access rights of all endpoints; and applying security policies and tools that will reduce the risk of an attack or prevent such events.

Endpoint Protection Platforms (EPP)Read Post >

An endpoint protection platform (EPP) is a suite of endpoint security technologies such as antivirus, data encryption, and data loss prevention that work together on an endpoint device to detect and prevent security threats like file-based malware attacks and malicious activity.

Endpoint Protection SoftwareRead Post >

Endpoint protection software offers a centralized management system from which security administrators can monitor, protect, and investigate vulnerabilities across all endpoints, including computers, mobile devices, servers and connected devices.

Endpoint SecurityRead Post >

Endpoint security, or endpoint protection, is the cybersecurity approach to defending endpoints – such as desktops, laptops, and mobile devices – from malicious activity.

EPP vs. EDRRead Post >

EPP and EDR are two critical and distinct components within a comprehensive cybersecurity strategy.

Error LogRead Post >

An error log is a file that contains detailed records of error conditions a computer software encounters when it’s running.

Ethical HackerRead Post >

An ethical hacker, also known as a ‘white hat hacker’, is employed to legally break into computers and networks to test an organization’s overall security. Ethical hackers possess all the skills of a cyber criminal but use their knowledge to improve organizations rather than exploit and damage them.

Event LogRead Post >

An event is any significant action or occurence that's recognized by a software system and is then recorded in a special file called the event log.

Exploit KitsRead Post >

An exploit kit is a toolkit that cybercriminals use to attack specific vulnerabilities in a system or code.

External Attack Surface Management (EASM)Read Post >

External Attack Surface Management (EASM) refers to the continuous discovery, monitoring, evaluation, prioritization, and remediation of attack vectors of an organization's external attack surface. An External Attack Surface, also known as Digital Attack Surface, is the sum of an organization’s internet-facing assets and the associated attack vectors which can be exploited during an attack.

File Integrity MonitoringRead Post >

File integrity monitoring (FIM) is a security process that monitors and analyzes the integrity of critical assets, including file systems, directories, databases, network devices, the operating system (OS), OS components and software applications for signs of tampering or corruption, which may be an indication of a cyberattack.

Fileless MalwareRead Post >

Fileless malware is a type of malicious activity that uses native, legitimate tools built in to a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.

General Data Protection Regulation (GDPR)Read Post >

The General Data Protection Regulation (GDPR) is the European Union's (EU) personal data protection law that aims to protect the privacy of EU citizens. Enacted in May 2018, it imposes a unified set of rules on all organizations that process personal data originating from the EU, regardless of location.

Golden Ticket AttackRead Post >

A Golden Ticket attack is a malicious cybersecurity attack in which a threat actor attempts to gain almost unlimited access to an organization’s domain.

HacktivismRead Post >

Hacktivism is a combination of the words “hack” and “activism”. Hacktivists engage in disruptive or damaging activity on behalf of a cause, be it political, social or religious in nature.

HIPAARead Post >

The HIPAA Security Rule specifies security standards  for protecting individuals' electronic personal health information (ePHI) that is received, used, maintained, or transmitted by covered entities and their business associates.

HoneypotsRead Post >

A honeypot is a cybersecurity mechanism that leverages a manufactured attack target to lure cybercriminals away from legitimate targets and gather intelligence about the identity, methods and motivations of adversaries.

HoneytokensRead Post >

Honeytokens are digital resources that are purposely designed to be attractive to an attacker, but signify unauthorized use.

How Does Ransomware SpreadRead Post >

As ransomware operators continue to evolve their tactics, it’s important to understand the 10 most common attack vectors used so that you can effectively defend your organization.

How To Protect Against RansomwareRead Post >

Businesses of all sizes are vulnerable to cyberattacks like ransomware. To protect against this increasing risk, business owners can invest in endpoint protection solutions and educate themselves about how to prevent and mitigate the impact of ransomware.

Hybrid CloudRead Post >

A hybrid cloud combines elements of a public cloud, private cloud and on-premises infrastructure into a single, common, unified architecture allowing data and applications to be shared between the mixed IT environment.

Hybrid Cloud SecurityRead Post >

Hybrid cloud security is the protection of data and infrastructure that combines elements of private cloud, public cloud, and on-premises infrastructure into a unified architecture.

Hypervisor (VMM)Read Post >

A hypervisor, or virtual machine monitor (VMM), is virtualization software that creates and manages multiple virtual machines (VMs) from a single physical host machine.

Identity ProtectionRead Post >

Identity protection, also known as identity security, is a comprehensive solution that protects all types of identities within the enterprise

Identity SegmentationRead Post >

Identity segmentation is a method to restrict access to applications/resources based on identities. These identities could be human accounts, service (programmatic accounts), or privileged accounts.

Identity Threat Detection and Response (ITDR)Read Post >

Identity threat detection and response (ITDR) is a security procedure for identifying, reducing, and responding to potential identity-based threats, such as compromised user accounts, leaked passwords, data breaches, and fraudulent activity.

IIS LogsRead Post >

IIS creates log files for each website it serves. You can set the log file location for an IIS-hosted website from the “Logging” section of the website.

Infrastructure as a Service (IaaS)Read Post >

Infrastructure as a Service (IaaS) is a cloud computing model in which a third-party cloud service provider offers virtualized compute resources such as servers, data storage and network equipment on demand over the internet to clients.

Infrastructure as Code (IaC)Read Post >

Infrastructure as Code (IaC) is the process of dynamically managing and provisioning infrastructure through code instead of a manual process to simplify app development, configuration, and runtime.

Insider Threat IndicatorsRead Post >

An insider threat refers to the potential for a person to leverage a position of trust to harm the organization through misuse, theft or sabotage of critical assets.

Insider ThreatsRead Post >

An insider threat is a cybersecurity risk that comes from within the organization — usually by a current or former employee or other person who has direct access to the company network, sensitive data and intellectual property (IP).

Internet of Things (IoT) SecurityRead Post >

IoT security focuses on protecting, monitoring and remediating threats related to the Internet of Things (IoT) — the network of connected devices equipped to gather, store and share data via the internet. 

IT SecurityRead Post >

IT security is the overarching term used to describe the collective strategies, methods, solutions and tools used to protect the confidentiality, integrity and availability of the organization’s data and digital assets.

Kerberoasting AttacksRead Post >

Kerberoasting is a post-exploitation attack technique that attempts to crack the password of a service account within the Active Directory (AD).

KeyloggersRead Post >

Keyloggers, or keystroke loggers, are tools that record what a person types on a device. While there are legitimate and legal uses for keyloggers, many uses for keyloggers are malicious.

Kubernetes vs DockerRead Post >

Docker is a versatile platform responsible for creating, managing, and sharing containers on a single host, while Kubernetes is a container orchestration tool responsible for the management, deployment, and monitoring of clusters of containers across multiple nodes.

Kubernetes vs. MesosRead Post >

Container orchestration engines (COEs) make managing containerized workloads easier by automating operational tasks. Kubernetes and Apache Mesos are two of the most popular COEs.

Kubernetes with Admission ControllersRead Post >

In this article, we’ll take a deep dive into the world of Kubernetes admission controllers by discussing their importance, internal mechanisms, image scanning capabilities, and significance in the security posture of Kubernetes clusters.

Lateral MovementRead Post >

Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets.

Living off the Land (LOTL) AttacksRead Post >

Living off the land (LOTL) is a fileless malware cyberattack technique where the cybercriminal uses native, legitimate tools within the victim’s system to sustain and advance an attack.

Log AggregationRead Post >

Log aggregation is the mechanism for capturing, normalizing, and consolidating logs from different sources to a centralized platform for correlating and analyzing the data.

Log AnalysisRead Post >

Log analysis is the process of reviewing computer-generated event logs to proactively identify bugs, security threats, factors affecting system or application performance, or other risks.

Log File FormatsRead Post >

A log format defines how the contents of a log file should be interpreted. Typically, a format specifies the data structure and type of encoding.

Log FilesRead Post >

A log file is an event that took place at a certain time and might have metadata that contextualizes it.

Log ManagementRead Post >

Log management is the practice of continuously gathering, storing, processing, synthesizing and analyzing data from disparate programs and applications.

Log ParsingRead Post >

Log parsing is the process of converting log data into a common format to make them machine-readable.

Log RotationRead Post >

Learn about the basics of log rotation—why it’s important, and what you can do with your older log files.

Logging as a Service (LaaS)Read Post >

Logging as a service (LaaS) is a solution that centralizes the collection, analysis, monitoring and management of logs. In this article, you’ll learn what LaaS is and why it's important. You’ll also discover the differences between LaaS and traditional log monitoring solutions, and how to choose a LaaS provider.

Logging LevelsRead Post >

Setting up meaningful log levels is an important step in the log management process. Logging levels allow team members who are accessing and reading logs to understand the significance of the message they see in the log or observability tools being used.

Logging vs MonitoringRead Post >

In this article, we’ll explore logging and monitoring processes, looking at why they’re important for managing applications. We’ll also cover best practices to integrate logging with monitoring to obtain robust visibility and accessibility over an entire application.

Machine Learning (ML) & CybersecurityRead Post >

This article provides an overview of foundational machine learning concepts and explains the growing application of machine learning in the cybersecurity industry, as well as key benefits, top use cases, common misconceptions and CrowdStrike’s approach to machine learning.

Malicious CodeRead Post >

Malicious code is a term for code designed to cause damage, security breaches, or other threats to application security.

MalvertisingRead Post >

Malvertising is a relatively new cyberattack technique that injects malicious code within digital ads.

MalwareRead Post >

Malware (malicious software) is an umbrella term used to describe a program or code created to harm a computer, network, or server. Cybercriminals develop malware to infiltrate a computer system discreetly to breach or destroy sensitive data and computer systems.

Malware AnalysisRead Post >

Malware analysis is the process of understanding the behavior and purpose of a suspicious file or URL to help detect and mitigate potential threats.

Malware DetectionRead Post >

Malware detection is a set of defensive techniques and technologies required to identify, block and prevent the harmful effects of malware. This protective practice consists of a wide body of tactics, amplified by various tools.

Malware HostingRead Post >

Malware hosting occurs when cybercriminals use a free or compromised hosting account to host malware while using the hosting provider's reputation as cover.

Malware vs VirusRead Post >

The term malware describes any program or code created with the intent to do harm to a computer, network or server. A virus is a type of malware limited only to programs or code that self-replicates or copies itself in order to spread to other devices or areas of the network.

Managed XDRRead Post >

Managed XDR (MXDR) is an outsourced security service that provides advanced detection and response capabilities using a combination of digital technologies and human-led expertise.

MDR vs MSSPRead Post >

In this post, we explore these two services, outline their key differentiators and help organizations decide which option is best for their business.

Mean Time to RepairRead Post >

Mean time to repair (MTTR) is a key performance indicator (KPI) that represents the average time required to restore a system to functionality after an incident.

Microservices ArchitectureRead Post >

A microservice-based architecture is a modern approach to software development that breaks down complex applications into smaller components that are independent of each other and more manageable.

MITRE ATT&CK FrameworkRead Post >

The MITRE ATTACK Framework is a curated knowledge base that tracks cyber adversary tactics and techniques used by threat actors across the entire attack lifecycle.

Mobile MalwareRead Post >

Mobile malware is malicious software designed to target mobile devices. Click here to read about the different types and distribution methods.

MSP vs. MSSPRead Post >

While both MSPs and MSSPs are third-party providers, the primary difference between the two is the scope of their offerings. Learn more here!

Multi-CloudRead Post >

Multi-cloud is when an organization leverages multiple public cloud services. These commonly consist of compute and storage solutions, but there are numerous options from various platforms to build your infrastructure.

Multi-factor Authentication (MFA)Read Post >

Multi-factor authentication (MFA) is a multi-layered security system that grants users access to a network, system or application only after confirming their identity with more than one credential or authentication factor.

Network SecurityRead Post >

Network security refers to the tools, technologies and processes that protect an organization’s network and critical infrastructure from unauthorized use, cyberattacks, data loss and other security threats.

Next-Generation Antivirus (NGAV)Read Post >

Next-Generation Antivirus (NGAV) uses a combination of artificial intelligence, behavioral detection, machine learning algorithms, and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented.

NTLM ExplainedRead Post >

Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.

Open XDRRead Post >

Open XDR is a type of extended detection and response (XDR) security solution or platform that supports third-party integrations to collect specific forms of telemetry to enable threat detection, hunting and investigation across the different data sources and execute response actions.

Open XDR vs. Native XDRRead Post >

Extended detection and response (XDR) is often broken into two main categories: open XDR and native XDR. Open XDR relies on third party integrations for full coverage of telemetry, while native XDR handles all collection and response tasks from a single vendor platform.

Pass-the-Hash AttackRead Post >

Pass the hash is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network.

Password SprayingRead Post >

A Password spraying attack involve an attacker using a single common password against multiple accounts on the same application.

Password StorageRead Post >

Cybersecurity experts strongly recommend using a password manager to safely store account information on all connected devices, including desktops, laptops, tablets and smartphones.

Patch ManagementRead Post >

Patch management is the process of identifying and deploying software updates, or “patches,” to a variety of endpoints, including computers, mobile devices, and servers.

PCI DSS ComplianceRead Post >

The Payment Card Industry Data Security Standard (PCI DSS) is a framework developed by the Payment Card Industry Security Standards Council (PCI SSC) to help secure and protect all payment card account data.

Penetration TestingRead Post >

Penetration testing, or pen testing, is the simulation of real-world attacks in order to test an organization’s detection and response capabilities. 

PhishingRead Post >

Phishing is an email scam that impersonates a reputable person or organization with the intent to steal credentials or sensitive information.

Platform as a Service (PaaS)Read Post >

Platform as a Service (PaaS) is a cloud computing model in which a third-party cloud provider maintains an environment for customers on a pay-as-you-go basis to build, develop, run and manage their own applications.

Policy As Code (PaC)Read Post >

Policy as Code is the representation of policies and regulations as code to improve and automate policy enforcement and management.

Polymorphic VirusRead Post >

A polymorphic virus, sometimes referred to as a metamorphic virus, is a type of malware that is programmed to repeatedly mutate its appearance or signature files through new decryption routines.

PostgreSQL vs MySQLRead Post >

In this article, we will learn about the main features of PostgreSQL and MySQL, compare the two database management systems, and learn when to use PostgreSQL vs MySQL.

PretextingRead Post >

Pretexting is a form of social engineering in which an attacker gets access to information, a system or a service through deceptive means. The attacker will present a false scenario — or pretext — to gain the victim’s trust and may pretend to be an experienced investor, HR representative, IT specialist or other seemingly legitimate source.

Public CloudRead Post >

A public cloud is a third-party IT management solution that hosts on-demand cloud computing services and physical infrastructure using the public internet.

Public Cloud vs Private CloudRead Post >

The key difference between public and private cloud computing relates to access. In a public cloud, organizations use shared cloud infrastructure, while in a private cloud, organizations use their own infrastructure.

Purple TeamingRead Post >

A purple team is a group of cyber security professionals who simulate malicious attacks and penetration testing in order to identify security vulnerabilities and recommend remediation strategies for an organization’s IT infrastructure.

RansomwareRead Post >

Ransomware is a type of malware that encrypts a victim’s data until a payment is made to the attacker. If the payment is made, the victim receives a decryption key to restore access to their files. If the ransom payment is not made, the malicious actor publishes the data on data leak sites (DLS) or blocks access to the files in perpetuity.

Ransomware Allow Hackers toRead Post >

In a ransomware attack, hackers use malware to encrypt, delete or manipulate data, intellectual property or personal information. This allows attackers to hold the information, device or system digitally hostage until the victim meets the cybercriminal’s ransom demands, which usually involve secure, untraceable payment.

Ransomware as a Service (RaaS)Read Post >

Ransomware as a Service (RaaS) is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products.

Ransomware DetectionRead Post >

Ransomware detection is the first defense against dangerous malware since it finds the infection earlier so that victims can take action to prevent irreversible damage.

Ransomware RecoveryRead Post >

A ransomware recovery plan is a playbook to address a ransomware attack, which includes an incident response team, communication plan, and step-by-step instructions to recover your data and address the threat.

Real User Monitoring (RUM)Read Post >

Real User Monitoring (RUM) monitors application performance by capturing every user interaction on a website or mobile application. In this article, we’ll learn about RUM and why businesses need it. We’ll consider its benefits and how you can choose a RUM solution for your business.

Red Team VS Blue TeamRead Post >

In a red team/blue team exercise, the red team is made up of offensive security experts who try to attack an organization's cybersecurity defenses. The blue team defends against and responds to the red team attack.

Red TeamingRead Post >

Red team testing uses ethical hacking by simulating real-world techniques so your team can identify vulnerabilities in your system and practice response methods. Red teaming goes beyond a penetration test, or pen test, because it puts a team of adversaries — the red team — against an organization’s security team — the blue team.

Remote Code Execution (RCE)Read Post >

Remote code execution (RCE) refers to a class of cyberattacks in which attackers remotely execute commands to place malware or other malicious code on your computer or network.

Rootkit MalwareRead Post >

Rootkit malware is a collection of software designed to give malicious actors control of a computer, network or application.

Runtime Application Self-Protection (RASP)Read Post >

Runtime Application Self-Protection (RASP) is a term coined by Gartner to describe a technology that incorporates security functionality within software applications to prevent malicious attacks while the application is running.

SBOMRead Post >

In this post, we will cover the key parts of an SBOM, the benefits and challenges for an organization adopting SBOMs, and how an organization might integrate the usage of SBOMs within its current suite of security tools.

ScarewareRead Post >

Scareware is a type of malware attack that claims to have detected a virus or other issue on a device and directs the user to download or buy malicious software to resolve the problem.

SecOpsRead Post >

SecOps is an approach that combines the processes, tools, and highly skilled staff from both security and IT departments into a single, unified team.

Security AutomationRead Post >

Security automation is the practice of using technology to perform recurring IT security tasks, such as endpoint scanning and incident response, with limited human intervention.

Security Information and Event Management (SIEM)Read Post >

Security information and event management (SIEM) is a set of tools and services that combine security events management (SEM) and security information management (SIM) capabilities that helps organizations recognize potential security threats and vulnerabilities before business disruptions occur.

Security MisconfigurationRead Post >

Security misconfiguration is any error or vulnerability present in the configuration of code that allows attackers access to sensitive data. There are many types of security misconfiguration, but most present the same danger: vulnerability to data breach and attackers gaining unauthorized access to data.

Security Orchestration, Automation and Response (SOAR)Read Post >

Security orchestration, automation and response (SOAR) is a collection of software programs developed to bolster an organization’s cybersecurity posture. A SOAR platform enables a security analyst team to monitor security data from a variety of sources, including security information and management systems and threat intelligence platforms.

Security PostureRead Post >

An organization’s security posture is a holistic snapshot of their security strengths and vulnerabilities across hardware, software, data, and user behavior.

Security TestingRead Post >

Security testing is a type of software testing that identifies potential security risks and vulnerabilities in applications, systems and networks.

SEO PoisoningRead Post >

SEO poisoning is a technique used by threat actors to increase the prominence of their malicious websites, making them look more authentic to consumers.

Server MonitoringRead Post >

Server monitoring provides visibility into network connectivity, available capacity and performance, system health, and much more.

Serverless ArchitectureRead Post >

Serverless architecture is a software development approach in which developers can run applications without managing the underlying infrastructure. In the serverless computing model, the cloud provider handles all infrastructure setup, maintenance, and scaling.

Shadow ITRead Post >

Shadow IT is the unauthorized use of any digital service or device that is not formally approved of and supported by the IT department.

Shared Responsibility ModelRead Post >

The Shared Responsibility Model dictates that a cloud provider must monitor and respond to security threats related to the cloud itself and its underlying infrastructure and end users are responsible for protecting data and other assets they store in any cloud environment.

Shift Left SecurityRead Post >

Shift Left security embeds security into the earliest phases of the application development process. Vulnerable code is identified as it is developed rather than in the testing phase, which reduces costs and results in more secure apps.

SmishingRead Post >

Smishing is the act of sending fraudulent text messages designed to trick individuals into sharing sensitive data such as passwords, usernames and credit card numbers.

Snort and Snort RulesRead Post >

Snort is an open-source network intrusion detection and prevention system (IDS/IPS) that monitors network traffic and identifies potentially malicious activities on Internet Protocol (IP) networks.

SOA vs MicroservicesRead Post >

As development teams require more flexibility, scalability and speed, traditional monolithic software development models have become largely obsolete. To meet the needs of the modern landscape, two options have emerged for effectively and efficiently building and running large-scale, complex applications: service oriented architecture (SOA) and microservices.

SOC-as-a-ServiceRead Post >

SOC-as-a-Service (SOCaaS) is a security model wherein a third-party vendor operates and maintains a fully-managed SOC on a subscription basis via the cloud.

Social EngineeringRead Post >

Social engineering is an umbrella term that describes a variety of cyberattacks that use psychological tactics to manipulate people into taking a desired action, like giving up confidential information.

Software as a Service (SaaS)Read Post >

Software as a Service (SaaS) is a cloud-based software delivery model that allows users to access applications through an internet-connected device rather than requiring an upfront purchase and installation of physical software.

Software SecurityRead Post >

Software security refers to a set of practices that developers incorporate into the software development life cycle and testing processes to ensure their digital solutions remain secure and are able to function in the event of a malicious attack.

Spear-PhishingRead Post >

Spear-phishing is a targeted attack that uses fraudulent emails, texts and phone calls in order to steal a specific person's sensitive information.

SpywareRead Post >

Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent.

SQL Injection (SQLi)Read Post >

SQL injection (SQLi) is a cyberattack that injects malicious SQL code into an application, allowing the attacker to view or modify a database. Injection attacks, which include SQL injections, were the third most serious web application security risk in 2021.

Structured, Unstructured and Semi Structured LoggingRead Post >

Structured, semi structured and unstructured logging falls on a large spectrum each with its own set of benefits and challenges. Unstructured and semi structured logs are easy to read by humans but can be tough for machines to extract while structured logs are easy to parse in your log management system but difficult to use without a log management tool.

Supply Chain AttackRead Post >

A supply chain attack is a type of cyberattack that targets a trusted third party vendor who offers services or software vital to the supply chain.

Threat ActorRead Post >

A threat actor, also known as a malicious actor, is any person or organization that intentionally causes harm in the digital sphere.

Threat HuntingRead Post >

Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.

Threat IntelligenceRead Post >

Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor's motives, targets, and attack behaviors.

Threat Intelligence PlatformsRead Post >

A Threat Intelligence Platform automates the collection, aggregation, and reconciliation of external threat data, providing security teams with most recent threat insights to reduce threat risks relevant for their organization.

Threat ModelRead Post >

A threat model evaluates threats and risks to information systems, identifies the likelihood that each threat will succeed and assesses the organization's ability to respond to each identified threat.

TrickBot MalwareRead Post >

TrickBot malware is a banking Trojan released in 2016 that has since evolved into a modular, multi-phase malware capable of a wide variety of illicit operations.

TrojanRead Post >

A Trojan Horse (Trojan) is a type of malware that disguises itself as legitimate code. Attackers can export files, modify data, and delete files on your device.

Types of Cyber AttacksRead Post >

Cyberattacks can target a wide range of victims from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details.

Types of Cyber VulnerabilitiesRead Post >

In this article, we review the 7 most common types of vulnerabilities, including: misconfigurations, unsecured APIs, zero days, unauthorized access, and unpatched software.

Types of MalwareRead Post >

While there are many different variations of malware, there are several types that you are more likely to encounter.

VishingRead Post >

Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice messages pretending to be from a reputable organization to convince individuals to reveal private information such as bank details and passwords.

Vulnerability AssessmentRead Post >

Vulnerability assessment is the ongoing, regular process of defining, identifying, classifying and reporting cyber vulnerabilities across endpoints, workloads, and systems.

Vulnerability ManagementRead Post >

Vulnerability management is the ongoing, regular process of identifying, assessing, reporting on, managing and remediating security risks to keep all systems and assets in a network protected.

Web Application Firewall (WAF)Read Post >

A Web Application Firewall (WAF) is a security device designed to protect organizations at the application level by filtering, monitoring and analyzing HTTP and HTTPS traffic between the web application and the internet.

Web Server LogRead Post >

A web server log is a text document that contains a record of all activity related to a specific web server over a defined period of time.

Whaling AttackRead Post >

A whaling attack is a social engineering attack against a specific executive or senior employee with the purpose of stealing money or information, or gaining access to the person’s computer in order to execute further attacks.

XDRRead Post >

XDR (extended detection and response) collects and correlates data from endpoints, cloud workloads, networks and email, analyzes and prioritizes them, and delivers them to security teams in a normalized format through a single console.

XDR vs SIEM vs SOARRead Post >

XDR, SIEM, and SOAR address similar use cases but take fundamentally different approaches. Learn how they relate and how they differ.

Zero Trust SecurityRead Post >

Zero Trust is a security concept that requires all users to be authenticated and authorized before being granted access to applications and data.

Zero Trust StrategyRead Post >

In this post, we'll outline a framework for a true Zero Trust model that adheres to industry best practices while specifically avoiding the potential pitfalls.

Zero Trust vs. SASERead Post >

We will take a closer look at Zero Trust and SASE and answer some common questions that organizations have when incorporating these into their overarching cybersecurity framework.

Zero-Day ExploitRead Post >

A Zero-Day Exploit is the technique or attack a malicious actor deploys to leverage an unknown security vulnerability to gain access into a system.

Zeus Trojan MalwareRead Post >

The two primary goals of the Zeus trojan horse virus are stealing people’s financial information and adding machines to a botnet.

Back to Top