Comprehensive cybersecurity glossary and resource hub for IT professionals. Understand key terms, frameworks, tools, and concepts shaping today’s threat landscape.
ThreatLocker® policies are the rules or guidelines admins implement to control applications, network activity, external storage access, and what activities to alert on and actions that should be taken in response to them.
Phishing is a malicious attempt by a threat actor to convince users to open malicious links or files and is the number one cause of ransomware.
A cyberattack that redirects website visitors to a new, malicious website. This site may look exactly like the one the user intended on entering. Pharming sites usually look to steal usernames, passwords, and other PIDs.
ThreatLocker® provides the ability to create policies that control access to resources per individual user to ensure every user has access to what is necessary for business, and no more than that.
Private and confidential data that can pinpoint exactly who the owner of the data is. Consumers trust organizations will provide the utmost security to protect their data from threat actors looking to compromise and even spread it. PID includes full names, addresses, contact information, social security numbers, bank account information, salaries, and more.
Like Perimeter Firewalls, Personal Firewalls defend a private network from the public internet. The key difference between these two is that Perimeter Firewalls are meant for businesses, organizations, and other large-scale networks, whereas Personal Firewalls are meant for a small network like someone’s home.
Also referred to as rights and privileges, permissions are a set level of actions a user can take in their organization’s network. Permissions are usually established by a “higher-level” user with admin rights.
A security application organizations implement to protect themselves from outside, internet threats. Firewalls act as a barrier of protection that holds a “wall” between the private and public networks.
Updates to systems, software, hardware, websites, etc. That, as the name implies, patch over known vulnerabilities before they can be exploited by threat actors.
A third-party tool that stores, saves, and protects your confidential information like usernames, passwords, and credit card numbers.
The ability to manage users’ admin rights within your organization on a timed basis to mitigate risk by giving users the minimum access needed.
Risk management in cybersecurity involves identifying threats, assessing their likelihood and impact, and taking steps to mitigate them.
A hacking tool that looks like a USB thumb drive but contains a hidden computer chip that can be programmed to carry out malicious acts such as key logging or code injection.
RMM stands for remote monitoring and management. RMM software is used to access computers from a geographical distance to make management and monitoring easier.
Unauthorized and/or unknown. A rogue application is an application that is not permitted or known to be in an environment.
An endpoint security tool unique to ThreatLocker® that blocks your applications from communicating with others, proactively defending against the spreading of malicious instructions. Learn More About ThreatLocker® Ringfencing™
Remote access attacks occur when a threat actor tries to gain unauthorized access to network resources from a geographical distance to carry out malicious acts.
The ability for an authorized user to access a network resource from a geographical distance through a network connection.
Ransomware is malicious software that encrypts your computer, locking you out of confidential files and data until you agree to pay a ransom. Ransomware is deployed in many ways, but perhaps the most common are Phishing Emails and Social Engineering Attacks, exploiting vulnerabilities within your software or system, and malicious advertising.
In the computer world, ransom is an amount of money paid to threat actors in exchange for the release of the assets being ransomed, i.e., computer systems, data.
Business model in which a ransomware organization will develop and launch ransomware in exchange for payment by the party that wishes to target an organization.
Storage policies are the set of rules that dictate who, what, how, and when electronic storage locations can be accessed.
A ThreatLocker® tool that provides protection for your internal and external data and information storage.
An attack in which an attacker interferes with queries to a SQL database. This is most commonly a web security vulnerability and can allow an attacker to view data that they ordinarily would not be able to retrieve. In many cases the attacker can alter this data causing damage to applications and your information.
Software is a computer program or application, the collection of code needed to perform a task.
Social engineering is the act of trying to trick users into revealing confidential information that they can use to carry out malicious acts.
A computer script is a series of commands that tell the computer to do something. Useful for automating tasks, scripts are also used by threat actors to carry out malicious acts. Common scripts that you might hear about are batch files or JavaScript files.
A secure password is one that is not easily guessed or cracked using a password cracking tool. Choose a nonsensical, long password that combines upper- and lower-case characters with numbers and symbols.
Application Integration is the ability for applications to interact and work with one another. Secure Application Integration is controlling this ability and only permitting interactions that do not put an organization and their data at risk such as preventing MS Word from communicating with PowerShell.
A type of phishing attack that uses fear to try and coerce a user into downloading and/or purchasing unnecessary and potentially dangers software.
Spear Phishing is a targeted Phishing attempt where a threat actor researches a specific person (usually someone with higher-level admin access to data and programs) and uses what they have learned to create a tailored phishing attempt specifically for that user.
Policies set to take effect during specified periods of time (i.e., specific days of the week, times of day)
Also known as a cybercriminal, an individual or group of individuals that try to perform actions in the cybersecurity space to purposely cause harm (financial, reputational, or otherwise). Businesses of all sizes and in all verticals can be targeted.
A separate environment to check application behavior. The ThreatLocker® Testing Environment utilizes a Virtual Desktop Infrastructure (VDI) that enables admins to evaluate approval requests in a timely manner without significantly impacting workflow. With a one-button click within a request to add a new application, a temporary testing environment is created in which it runs the requested application without taking the risk of running an unknown application in a production environment. The VDI creates a cloud-based environment that allows businesses to examine applications safely and determine how best to proceed in real-time.
Any malicious attack against a targeted audience such as a specific software, individual or business. These attackers have generally invested a good deal of time and effort to research and carry out the attack. They may be persistent and attempt to exfiltrate data from the target environment.
Identity and access management method that requires 2 unique forms of identification to successfully authenticate. Common authentication factors include something you know (password or passcode), something you have (hardware token or cell phone for SMS or OTC), and something you are (fingerprint, face ID). Combine 2 unique factors to create a more secure login such as a password and OTC or face ID and a passcode.
A unified audit combines multiple logs into a single location. The ThreatLocker® Unified Audit is the central location within the ThreatLocker® portal to view all logged application, storage, and network activity for your organization.
A vulnerability is a weakness. In the computer world, vulnerabilities are weaknesses in software or hardware that threat actors will try to exploit or take advantage of with malicious intent.
A VPN is an encrypted tunnel through which to access network resources for additional security.
In the computer world, a virus is a computer program that once launched will replicate itself and ‘infect’ the host computer with malicious code, potentially spreading throughout an entire computer network.
VDIs are virtual desktops that are centrally hosted and managed. End users can log into the VDI from any location via a secure connection to further protect business data while permitting access to their work data. Physical hardware need not be supplied to employees, and businesses can easily maintain the security of the VDIs using the virtualization platform. The ThreatLocker® Testing Environment uses a VDI where admins can test untrusted applications without risking their critical business production environment.
Weaponization is the act of using something that by itself is not harmful in a malicious manner to inflict harm, I.e., using a Word document to embed a macro that attempts to contact a command and control center on the internet.
Zero Trust is a cybersecurity philosophy in which nothing (no users, no devices, etc.) is trusted by default, and everything is verified. Instead, all users, applications, network connections will be blocked by default until verified and expressly permitted. Once permitted, users, applications and network connections will only be allowed what is needed to carry out business, and nothing more.
A zero-day attack occurs when the developers are unaware of a vulnerability within a software, device, or network that becomes exploited by threat actors. The vulnerability, in this case, is known as a zero-day vulnerability. These "zero-day" vulnerabilities get their name from developers having zero days to implement responses and solutions for the exploited vulnerability.
