Active Directory Federation Service (AD FS) is a single sign on (SSO) feature developed by Microsoft that provides authenticated access to any domain, device, web application or system within the organization’s active directory (AD).
The Fundamentals of Cybersecurity
Cybersecurity is becoming increasingly important in today’s world. CrowdStrike is providing explanations, examples and best practices on fundamental principles of a variety of cybersecurity topics. If you're looking for information on endpoint protection, cloud security, types of cyber attacks and more, you’ve come to the right place – welcome to Cybersecurity 101!
Filter By Category:
Advanced endpoint protection (AEP) is a next-generation endpoint security solution that uses AI, machine learning, and other intelligent automation capabilities to provide more comprehensive cybersecurity protection from a variety of modern threats.
An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time.
Backporting is when a software patch or update is taken from a recent software version and applied to an older version of the same software.
A botnet is a network of compromised computers that are supervised by a command and control (C&C) channel.
In a brute force attack, a threat actor tries to gain access by systematically trying as many combinations of usernames and guessed passwords as possible.
A cloud access security broker (CASB) is a security check point between cloud network users and cloud-based applications that manages and enforces all data security policies and practices, including authentication, authorization, alerts and encryption.
Cloud application security is the process of securing cloud-based software applications throughout the development lifecycle.
Cloud encryption is the process of transforming data from its original plain text format to an unreadable format before it is transferred to and stored in the cloud.
Cloud security, or cloud computing security, is the strategy and solutions that protect cloud infrastructure, cloud data, and applications within a cloud environment, from threats and vulnerabilities.
A cloud security assessment is an evaluation that tests and analyzes an organization’s cloud infrastructure to ensure the organization is protected from a variety of security risks and threats.
Cloud security posture management (CSPM) automates the identification and remediation of risks across cloud infrastructures.
Cloud Workload Protection platforms offer organizations a solution to continuously monitor for, and remove threats from their cloud workloads and containers.
Container Security is the continuous process of protecting containers from vulnerabilities. This includes the container pipeline, deployment infrastructure, and supply chain.
Cross Site Scripting (XSS) is a code injection attack in which an adversary inserts malicious code within a legitimate website.
Crypto-malware is a type of malicious software, or malware, designed to carry out long-term cryptojacking cyberattacks.
Cryptojacking is the unauthorized use of a person's or organization's computing resources to mine cryptocurrency.
Cyber espionage, or cyber spying, is a type of cyberattack in which an unauthorized user attempts to access sensitive or classified data or intellectual property (IP) for economic gain, competitive advantage or political reasons.
The cyber kill chain is an adaptation of the military’s kill chain, which is a step-by-step approach that identifies and stops enemy activity.
A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.
Cybersecurity is the act of defending digital assets, including networks, systems, computers and data, from cyberattacks.
The dark web is a subsect of the internet where users can access unindexed web content anonymously through a variety of encryption techniques.
Dark web monitoring is the process of searching for, and tracking, your organization’s information on the dark web.
Data loss prevention (DLP) is an overall security strategy that focuses on detecting and preventing the loss, leakage or misuse of an organization's data.
A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests in order to disrupt business operations.
DevSecOps—short for Development Security Operations—is the practice of incorporating security continuously throughout the application development lifecycle.
Digital Forensics and Incident Response (DFIR) is a field within cybersecurity that focuses on the identification, investigation, and remediation of cyberattacks.
DDoS is short for 'distributed-denial-of-service'. A distributed-denial-of-service (DDoS) attack is an attempt to interrupt an online service by flooding the it with fake traffic.
Domain spoofing is a form of phishing where an attacker impersonates a known business or person with fake website or email domain to fool people into the trusting them.
Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.
An endpoint is any device that can be connected to a network. Common examples of endpoints include computers, laptops, mobile phones, tablets and servers.
Endpoint Detection and Response (EDR) is defined as a solution that records and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems.
Endpoint management is an IT and cybersecurity process that consists of two main tasks: evaluating, assigning and overseeing the access rights of all endpoints; and applying security policies and tools that will reduce the risk of an attack or prevent such events.
Endpoint protection software is a cybersecurity solution to defend and protect endpoints by examining files, processes and system activity for suspicious or malicious indicators.
Endpoint security, or endpoint protection, is the cybersecurity approach to defending endpoints – such as desktops, laptops, and mobile devices – from malicious activity.
An ethical hacker, also known as a ‘white hat hacker’, is employed to legally break into computers and networks to test an organization’s overall security. Ethical hackers possess all the skills of a cyber criminal but use their knowledge to improve organizations rather than exploit and damage them.
Fileless malware is a type of malicious activity that uses native, legitimate tools built in to a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.
Hacktivism is the combination of digital hacking and social activism.
Ransomware first cropped up around 2005 as just one subcategory of the overall class of scareware. Learn how it's evolved since then.
A honeypot is a cybersecurity mechanism that leverages a manufactured attack target to lure cybercriminals away from legitimate targets, and also gathers intelligence about the identity, methods and motivations of adversaries.
The hybrid cloud is an IT environment that combines elements of a public cloud, private cloud and on-premises infrastructure into a single, common, unified architecture.
Identity security is a comprehensive solution that protects all types of identities to detect and prevent identity-driven breaches.
Incident response (IR) is the steps used to prepare for, detect, contain, and recover from a data breach.
Most IR plans can be summed up in 4 common steps: Preparation, Detection & Analysis, Containment & Eradication, and Post-Incident Activity.
An Indicator of Compromise (IOC) is a piece of digital forensics that suggests that an endpoint or network may have been breached.
Indicators of Attack vs Indicators of Compromise: Defining & Understanding the Differences
IoT security is a subsect of cybersecurity that focuses on protecting, monitoring and remediating threats related to the Internet of Things (IoT) — or the network of connected devices that gather, store and share data via the internet.
IT security is the overarching term used to describe the collective strategies, methods, solutions and tools used to protect the confidentiality, integrity and availability of the organization’s data and digital assets.
Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets.
Malvertising is a relatively new cyberattack technique that injects malicious code within digital ads.
Malware (malicious software) is a term used to describe any program or code that is created with the intent to do harm to a computer, network, or server.
Malware analysis is the process of understanding the behavior and purpose of a suspicious file or URL to help detect and mitigate potential threats.
The term malware describes any program or code created with the intent to do harm to a computer, network or server. A virus is a type of malware limited only to programs or code that self-replicates or copies itself in order to spread to other devices or areas of the network.
A man-in-the-middle (MITM) attack is a type of cyberattack in which a third party infiltrates a conversation between a network user and a web application.
Managed detection and response (MDR) is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response.
The MITRE ATTACK Framework is a curated knowledge base that tracks cyber adversary tactics and techniques used by threat actors across the entire attack lifecycle.
Mobile malware is malicious software designed to target mobile devices. Click here to read about the different types and distribution methods.
Network security refers to the tools, technologies and processes that protect an organization’s network and critical infrastructure from unauthorized use, cyberattacks, data loss and other security threats.
Next-Generation Antivirus (NGAV) uses a combination of artificial intelligence, behavioral detection, machine learning algorithms, and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented.
Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.
Patch management is the process of identifying and deploying software updates, or “patches,” to a variety of endpoints, including computers, mobile devices, and servers.
Penetration testing, or pen testing, is the simulation of real-world attacks in order to test an organization’s detection and response capabilities.
Phishing is a type of cyber attack that uses email, SMS, phone, or social media to entice a victim to share sensitive information — such as passwords or account numbers — or to download a malicious file that will install viruses on their computer or phone.
Ransomware is a type of malware that encrypts a victim’s data in demand of a payment to restore access. If the ransom payment is not made, the malicious actor publishes the data on the dark web or blocks access to the files in perpetuity.
Ransomware as a Service (RaaS) is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products.
In this post, we explore 12 recent ransomware examples to outline the adversaries behind them and how they work.
A red team/blue team exercise is a cybersecurity assessment technique that uses simulated attacks to gauge the strength of the organization’s existing security capabilities and identify areas of improvement in a low-risk environment.
Rootkit malware is a collection of software designed to give malicious actors control of a computer, network or application.
Scareware is a type of malware attack that claims to have detected a virus or other issue on a device and directs the user to download or buy malicious software to resolve the problem.
Security as a service (SECaaS) is a comprehensive solution that helps an organization address any security issue without needing its own dedicated security staff.
SIEM stands for security information and event management and is a set of tools and services that enable analysts to review log and event data, understand and prepare for threats, and retrieve and report on log data.
A security operations center, or SOC, is the collective term for the people, processes and technologies responsible for monitoring, analyzing and maintaining an organization’s information security.
Building a first-class security operations center is no simple feat – maintaining it is even harder. We discuss four security operations center best practices that every organization should strive for.
Security orchestration, automation and response (SOAR) is a collection of software programs developed to bolster an organization’s cybersecurity posture. A SOAR platform enables a security analyst team to monitor security data from a variety of sources, including security information and management systems and threat intelligence platforms.
A social engineering attack is a cyberattack that relies on the manipulation of human behavior.
Spear-phishing is a targeted attack that uses fraudulent emails, texts and phone calls in order to steal a specific person's sensitive information.
The difference between phishing, spear-phishing and whaling attacks is on the scale of personalization. Phishing is the least personalized, whaling is the most, and spear-phishing lies between.
In the cybersecurity world, spoofing is the act of disguising communication or activity from an unknown source and presenting it as a familiar or trusted source.
Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent.
A supply chain attack is a type of cyberattack that targets a trusted third party vendor who offers services or software vital to the supply chain.
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.
Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor's motives, targets, and attack behaviors.
A Trojan is a type of malware that disguises itself as legitimate code or software.
Vulnerability management is the ongoing, regular process of identifying, assessing, reporting on, managing and remediating security risks to keep all systems and assets in a network protected.
There are five main stages in the vulnerability management lifecycle include: Assess, Prioritize, Act, Reassess, Improve.
A Web Application Firewall (WAF) is a security device designed to protect organizations at the application level by filtering, monitoring and analyzing HTTP and HTTPS traffic between the web application and the internet.
A whaling attack is a social engineering attack against a specific executive or senior employee with the purpose of stealing money or information, or gaining access to the person’s computer in order to execute further attacks.
XDR is a holistic approach that streamlines security data ingestion, analysis, and workflows across an organization’s entire security stack to enhance visibility around hidden and advanced threats, and to unify the response
Zero Trust is a security concept that requires all users to be authenticated and authorized before being granted access to applications and data.
In this post, we'll outline a framework for a true Zero Trust model that adheres to industry best practices while specifically avoiding the potential pitfalls.
A zero-day attack occurs when a hacker releases malware to exploit the software vulnerability before the software developer has patched the flaw.