Shadow copies are backup copies of files automatically created by Windows.
Social engineering is the act of trying to trick users into revealing confidential information that they can use to carry out malicious acts.
A computer script is a series of commands that tell the computer to do something. Useful for automating tasks, scripts are also used by threat actors to carry out malicious acts. Common scripts that you might hear about are batch files or JavaScript files.
A secure password is one that is not easily guessed or cracked using a password cracking tool. Choose a nonsensical, long password that combines upper- and lower-case characters with numbers and symbols.
Application Integration is the ability for applications to interact and work with one another. Secure Application Integration is controlling this ability and only permitting interactions that do not put an organization and their data at risk such as preventing MS Word from communicating with PowerShell.
A type of phishing attack that uses fear to try and coerce a user into downloading and/or purchasing unnecessary and potentially dangers software.
Spear Phishing is a targeted Phishing attempt where a threat actor researches a specific person (usually someone with higher-level admin access to data and programs) and uses what they have learned to create a tailored phishing attempt specifically for that user.
Policies set to take effect during specified periods of time (i.e., specific days of the week, times of day)
Also known as a cybercriminal, an individual or group of individuals that try to perform actions in the cybersecurity space to purposely cause harm (financial, reputational, or otherwise). Businesses of all sizes and in all verticals can be targeted.
A separate environment to check application behavior. The ThreatLocker® Testing Environment utilizes a Virtual Desktop Infrastructure (VDI) that enables admins to evaluate approval requests in a timely manner without significantly impacting workflow. With a one-button click within a request to add a new application, a temporary testing environment is created in which it runs the requested application without taking the risk of running an unknown application in a production environment. The VDI creates a cloud-based environment that allows businesses to examine applications safely and determine how best to proceed in real-time.
Any malicious attack against a targeted audience such as a specific software, individual or business. These attackers have generally invested a good deal of time and effort to research and carry out the attack. They may be persistent and attempt to exfiltrate data from the target environment.
Identity and access management method that requires 2 unique forms of identification to successfully authenticate. Common authentication factors include something you know (password or passcode), something you have (hardware token or cell phone for SMS or OTC), and something you are (fingerprint, face ID). Combine 2 unique factors to create a more secure login such as a password and OTC or face ID and a passcode.
A unified audit combines multiple logs into a single location. The ThreatLocker® Unified Audit is the central location within the ThreatLocker® portal to view all logged application, storage, and network activity for your organization.
A vulnerability is a weakness. In the computer world, vulnerabilities are weaknesses in software or hardware that threat actors will try to exploit or take advantage of with malicious intent.
A VPN is an encrypted tunnel through which to access network resources for additional security.
In the computer world, a virus is a computer program that once launched will replicate itself and ‘infect’ the host computer with malicious code, potentially spreading throughout an entire computer network.
VDIs are virtual desktops that are centrally hosted and managed. End users can log into the VDI from any location via a secure connection to further protect business data while permitting access to their work data. Physical hardware need not be supplied to employees, and businesses can easily maintain the security of the VDIs using the virtualization platform. The ThreatLocker® Testing Environment uses a VDI where admins can test untrusted applications without risking their critical business production environment.
Weaponization is the act of using something that by itself is not harmful in a malicious manner to inflict harm, I.e., using a Word document to embed a macro that attempts to contact a command and control center on the internet.
