Cybersecurity 101:
The Fundamentals of Cybersecurity

Cybersecurity is becoming increasingly important in today’s world. CrowdStrike is providing explanations, examples and best practices on fundamental principles of a variety of cybersecurity topics. If you're looking for information on endpoint protection, cloud security, types of cyber attacks and more, you’ve come to the right place – welcome to Cybersecurity 101!

a
Active Directory Federation Service (AD FS)Read Post >

Active Directory Federation Service (AD FS) is a single sign on (SSO) feature developed by Microsoft that provides authenticated access to any domain, device, web application or system within the organization’s active directory (AD).

Address Resolution Protocol (ARP) SpoofingRead Post >

Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of spoofing attack that hackers use to intercept data. A hacker commits an ARP spoofing attack by tricking one device into sending messages to the hacker instead of the intended recipient.

Advanced Endpoint Protection (AEP)Read Post >

Advanced endpoint protection (AEP) is a next-generation endpoint security solution that uses AI, machine learning, and other intelligent automation capabilities to provide more comprehensive cybersecurity protection from a variety of modern threats.

Advanced Persistent Threat (APT)Read Post >

An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time.

AdwareRead Post >

Adware – or advertising supported software – is an automated, unwanted software designed to bombard users with advertisements, banners and pop-ups.

Attack Surface ManagementRead Post >

Attack surface management is the continuous discovery, monitoring, evaluation, prioritization and remediation of attack vectors within an organization's IT infrastructure.

b
BackportingRead Post >

Backporting is when a software patch or update is taken from a recent software version and applied to an older version of the same software.

BotnetRead Post >

A botnet is a network of computers infected with malware that are controlled by a bot herder.

Brute Force AttacksRead Post >

In a brute force attack, a threat actor tries to gain access by systematically trying as many combinations of usernames and guessed passwords as possible.

c
Cloud Access Security Broker (CASB)Read Post >

A cloud access security broker (CASB) is a security check point between cloud network users and cloud-based applications that manages and enforces all data security policies and practices, including authentication, authorization, alerts and encryption.

Cloud EncryptionRead Post >

Cloud encryption is the process of transforming data from its original plain text format to an unreadable format before it is transferred to and stored in the cloud.

Cloud Infrastructure Entitlement Management (CIEM)Read Post >

CIEM helps enterprises to manage entitlements across all of their cloud infrastructure resources. The primary goal of this tool is to mitigate the risk that comes from the unintentional and unchecked granting of excessive permissions to cloud resources.

Cloud SecurityRead Post >

Cloud security combines technology, policies, services, and controls to protect cloud computing systems against cybersecurity threats.

Cloud Security ArchitectureRead Post >

Cloud security architecture is the umbrella term used to describe all hardware, software and infrastructure that protects the cloud environment and its components, such as data, workloads, containers, virtual machines and APIs.

Cloud Security AssessmentRead Post >

A cloud security assessment is an evaluation that tests and analyzes an organization’s cloud infrastructure to ensure the organization is protected from a variety of security risks and threats.

Cloud Security Best PracticesRead Post >

Learn the constructs of cloud security, how to implement the right tools and best practices to protect your cloud-hosted workloads, and how to evolve the maturity of your security practices.

Compromise Assessments ExplainedRead Post >

Compromise assessments are high-level investigations where skilled teams utilize advanced tools to dig more deeply into their environment to identify ongoing or past attacker activity in addition to identifying existing weaknesses in controls and practices. The intent of the comprehensive assessment is to answer the critical question: “Has my organization been breached?”

Container SecurityRead Post >

is the continuous process of using security tools to protect containers, the container pipeline, deployment infrastructure, and the supply chain from cyber threats and vulnerabilities.

Credential StuffingRead Post >

Credential stuffing is a cyberattack where cybercriminals use stolen login credentials from one system to attempt to access an unrelated system.

Crypto-MalwareRead Post >

Crypto-malware is a type of malicious software, or malware, designed to carry out long-term cryptojacking cyberattacks.

CryptojackingRead Post >

Cryptojacking is the unauthorized use of a person's or organization's computing resources to mine cryptocurrency.

Cyber Big Game HuntingRead Post >

Cyber big game hunting is a type of cyberattack that usually leverages ransomware to target large, high-value organizations or high-profile entities.

Cyber EspionageRead Post >

Cyber espionage, or cyber spying, is a type of cyberattack in which an unauthorized user attempts to access sensitive or classified data or intellectual property (IP) for economic gain, competitive advantage or political reasons.

Cyber Kill ChainRead Post >

The cyber kill chain is an adaptation of the military’s kill chain, which is a step-by-step approach that identifies and stops enemy activity.

CyberattackRead Post >

A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.

CybersecurityRead Post >

Cybersecurity is the act of defending digital assets, including networks, systems, computers and data, from cyberattacks.

d
Dark WebRead Post >

The dark web is a subsect of the internet where users can access unindexed web content anonymously through a variety of encryption techniques.

Defense in DepthRead Post >

Defense in depth provides intensive security measures using a layered approach to protect your company from cyberattacks.

DevSecOpsRead Post >

DevSecOps—short for Development, Security and Operations— is the practice of integrating security continuously throughout the software and/or application development lifecycle.

Domain SpoofingRead Post >

Domain spoofing is a form of phishing where an attacker impersonates a known business or person with fake website or email domain to fool people into the trusting them.

e
Email SpoofingRead Post >

Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.

EndpointRead Post >

An endpoint is any device that can be connected to a network. Common examples of endpoints include computers, laptops, mobile phones, tablets and servers.

Endpoint Detection and Response (EDR)Read Post >

Endpoint Detection and Response (EDR), also referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that continuously monitors endpoint devices to detect and mitigate cyber threats.

Endpoint ManagementRead Post >

Endpoint management is an IT and cybersecurity process that consists of two main tasks: evaluating, assigning and overseeing the access rights of all endpoints; and applying security policies and tools that will reduce the risk of an attack or prevent such events.

Endpoint Protection Platforms (EPP)Read Post >

An endpoint protection platform (EPP) is a suite of endpoint security technologies such as antivirus, data encryption, and data loss prevention that work together on an endpoint device to detect and prevent security threats like file-based malware attacks and malicious activity.

Endpoint Protection SoftwareRead Post >

Endpoint protection software is a cybersecurity solution to defend and protect endpoints by examining files, processes and system activity for suspicious or malicious indicators.

Endpoint SecurityRead Post >

Endpoint security, or endpoint protection, is the cybersecurity approach to defending endpoints – such as desktops, laptops, and mobile devices – from malicious activity.

Ethical HackerRead Post >

An ethical hacker, also known as a ‘white hat hacker’, is employed to legally break into computers and networks to test an organization’s overall security. Ethical hackers possess all the skills of a cyber criminal but use their knowledge to improve organizations rather than exploit and damage them.

f
File Integrity MonitoringRead Post >

File integrity monitoring (FIM) is a security process that monitors and analyzes the integrity of critical assets, including file systems, directories, databases, network devices, the operating system (OS), OS components and software applications for signs of tampering or corruption, which may be an indication of a cyberattack.

Fileless MalwareRead Post >

Fileless malware is a type of malicious activity that uses native, legitimate tools built in to a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.

h
HoneypotsRead Post >

A honeypot is a cybersecurity mechanism that leverages a manufactured attack target to lure cybercriminals away from legitimate targets and gather intelligence about the identity, methods and motivations of adversaries.

How to Protect Against Ransomware:Read Post >

Businesses of all sizes are vulnerable to cyberattacks like ransomware. To protect against this increasing risk, business owners can invest in endpoint protection solutions and educate themselves about how to prevent and mitigate the impact of ransomware.

Hybrid CloudRead Post >

The hybrid cloud is an IT environment that combines elements of a public cloud, private cloud and on-premises infrastructure into a single, common, unified architecture.

i
Identity SecurityRead Post >

Identity security is a comprehensive solution that protects all types of identities to detect and prevent identity-driven breaches.

Identity SegmentationRead Post >

Identity segmentation is a method to restrict access to applications/resources based on identities. These identities could be human accounts, service (programmatic accounts), or privileged accounts.

Infrastructure as a Service (IaaS)Read Post >

Infrastructure as a Service (IaaS) is a cloud computing model in which a third-party cloud service provider offers virtualized compute resources such as servers, data storage and network equipment on demand over the internet to clients.

Insider ThreatsRead Post >

An insider threat is a cybersecurity risk that comes from within the organization — usually by a current or former employee or other person who has direct access to the company network, sensitive data and intellectual property (IP).

Internet of Things (IoT) Security? Read Post >

IoT security is a subsect of cybersecurity that focuses on protecting, monitoring and remediating threats related to the Internet of Things (IoT) — or the network of connected devices that gather, store and share data via the internet.

IT SecurityRead Post >

IT security is the overarching term used to describe the collective strategies, methods, solutions and tools used to protect the confidentiality, integrity and availability of the organization’s data and digital assets.

l
Lateral MovementRead Post >

Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets.

m
MalvertisingRead Post >

Malvertising is a relatively new cyberattack technique that injects malicious code within digital ads.

MalwareRead Post >

Malware (malicious software) is a term used to describe any program or code that is created with the intent to do harm to a computer, network, or server.

Malware AnalysisRead Post >

Malware analysis is the process of understanding the behavior and purpose of a suspicious file or URL to help detect and mitigate potential threats.

Malware vs VirusRead Post >

The term malware describes any program or code created with the intent to do harm to a computer, network or server. A virus is a type of malware limited only to programs or code that self-replicates or copies itself in order to spread to other devices or areas of the network.

MITRE ATT&CK FrameworkRead Post >

The MITRE ATTACK Framework is a curated knowledge base that tracks cyber adversary tactics and techniques used by threat actors across the entire attack lifecycle.

Mobile MalwareRead Post >

Mobile malware is malicious software designed to target mobile devices. Click here to read about the different types and distribution methods.

n
Network SecurityRead Post >

Network security refers to the tools, technologies and processes that protect an organization’s network and critical infrastructure from unauthorized use, cyberattacks, data loss and other security threats.

Next-Generation Antivirus (NGAV)Read Post >

Next-Generation Antivirus (NGAV) uses a combination of artificial intelligence, behavioral detection, machine learning algorithms, and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented.

NTLM ExplainedRead Post >

Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.

p
Pass-the-Hash AttackRead Post >

Pass the hash is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network.

Patch ManagementRead Post >

Patch management is the process of identifying and deploying software updates, or “patches,” to a variety of endpoints, including computers, mobile devices, and servers.

Penetration TestingRead Post >

Penetration testing, or pen testing, is the simulation of real-world attacks in order to test an organization’s detection and response capabilities. 

PhishingRead Post >

Phishing is a type of social engineering technique that uses a fraudulent message to convince a victim to share personal information or to download a malicious file.

Platform as a Service (PaaS)Read Post >

Platform as a Service (PaaS) is a cloud computing model in which a third-party cloud provider maintains an environment for customers to build, develop, run and manage their own applications.

r
RansomwareRead Post >

Ransomware is a type of malware that encrypts a victim’s data until a payment is made to the attacker. If the payment is made, the victim receives a decryption key to restore access to their files. If the ransom payment is not made, the malicious actor publishes the data on data leak sites (DLS) or blocks access to the files in perpetuity.

Ransomware as a Service (RaaS)Read Post >

Ransomware as a Service (RaaS) is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products.

Ransomware DetectionRead Post >

Ransomware detection is the first defense against dangerous malware since it finds the infection earlier so that victims can take action to prevent irreversible damage.

Red Team VS Blue TeamRead Post >

In a red team/blue team exercise, the red team is made up of offensive security experts who try to attack an organization's cybersecurity defenses. The blue team defends against and responds to the red team attack.

Red TeamingRead Post >

Red team testing uses ethical hacking by simulating real-world techniques so your team can identify vulnerabilities in your system and practice response methods. Red teaming goes beyond a penetration test, or pen test, because it puts a team of adversaries — the red team — against an organization’s security team — the blue team.

Rootkit MalwareRead Post >

Rootkit malware is a collection of software designed to give malicious actors control of a computer, network or application.

s
ScarewareRead Post >

Scareware is a type of malware attack that claims to have detected a virus or other issue on a device and directs the user to download or buy malicious software to resolve the problem.

Security Operations Center (SOC)Read Post >

A security operations center, or SOC, is the collective term for the people, processes and technologies responsible for monitoring, analyzing and maintaining an organization’s information security.

Security Orchestration, Automation and Response (SOAR)Read Post >

Security orchestration, automation and response (SOAR) is a collection of software programs developed to bolster an organization’s cybersecurity posture. A SOAR platform enables a security analyst team to monitor security data from a variety of sources, including security information and management systems and threat intelligence platforms.

Shadow ITRead Post >

Shadow IT is the unauthorized use of any digital service or device that is not formally approved of and supported by the IT department.

Shift Left SecurityRead Post >

Shift Left security embeds security into the earliest phases of the application development process. Vulnerable code is identified as it is developed rather than in the testing phase, which reduces costs and results in more secure apps.

Spear-PhishingRead Post >

Spear-phishing is a targeted attack that uses fraudulent emails, texts and phone calls in order to steal a specific person's sensitive information.

Spoofing AttacksRead Post >

In the cybersecurity world, spoofing is the act of disguising communication or activity from an unknown source and presenting it as a familiar or trusted source.

SpywareRead Post >

Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent.

SQL InjectionRead Post >

SQL injection is a code injection technique used by hackers to gain access to and modify information in your back-end database. SQL injection is a common hacking technique, so it’s important to protect your business from it.

Supply Chain AttackRead Post >

A supply chain attack is a type of cyberattack that targets a trusted third party vendor who offers services or software vital to the supply chain.

t
Threat ActorRead Post >

A threat actor, also known as a malicious actor, is any person or organization that intentionally causes harm in the digital sphere.

Threat HuntingRead Post >

Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.

Threat IntelligenceRead Post >

Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor's motives, targets, and attack behaviors.

Threat Intelligence PlatformsRead Post >

A Threat Intelligence Platform automates the collection, aggregation, and reconciliation of external threat data, providing security teams with most recent threat insights to reduce threat risks relevant for their organization.

TrickBot MalwareRead Post >

TrickBot malware is a banking Trojan released in 2016 that has since evolved into a modular, multi-phase malware capable of a wide variety of illicit operations.

TrojanRead Post >

A Trojan is a type of malware that disguises itself as legitimate code or software.

v
Vulnerability ManagementRead Post >

Vulnerability management is the ongoing, regular process of identifying, assessing, reporting on, managing and remediating security risks to keep all systems and assets in a network protected.

w
Web Application FirewallRead Post >

A Web Application Firewall (WAF) is a security device designed to protect organizations at the application level by filtering, monitoring and analyzing HTTP and HTTPS traffic between the web application and the internet.

Whaling AttackRead Post >

A whaling attack is a social engineering attack against a specific executive or senior employee with the purpose of stealing money or information, or gaining access to the person’s computer in order to execute further attacks.

x
XDRRead Post >

XDR (extended detection and response) collects and correlates data from endpoints, cloud workloads, networks and email, analyzes and prioritizes them, and delivers them to security teams in a normalized format through a single console.

z
Zero Trust SecurityRead Post >

Zero Trust is a security concept that requires all users to be authenticated and authorized before being granted access to applications and data.

Zero Trust StrategyRead Post >

In this post, we'll outline a framework for a true Zero Trust model that adheres to industry best practices while specifically avoiding the potential pitfalls.

Zero-Day AttackRead Post >

A zero-day attack occurs when a hacker releases malware to exploit the software vulnerability before the software developer has patched the flaw.

Back to Top