Network threat detection Definitions

  • A

    antispoofing

    Antispoofing is a technique for countering spoofing attacks on a computer network.

  • B

    bridge

    A bridge is a class of network device that’s designed to connect networks at OSI Level 2, which is the data link layer of a local-area network (LAN).

  • C

    capture

    Capture is the process or means of obtaining and storing external data, particularly images or sounds, for use at a later time.

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

  • computer forensics (cyber forensics)

    Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

  • D

    Diffie-Hellman key exchange (exponential key exchange)

    Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses a number raised to specific powers to produce decryption keys that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming... (Continued)

  • domain fluxing

    Domain fluxing is a technique used by botnet operators for their command-and-control infrastructures to avoid detection by security technologies and researchers attempting to shut their botnets down.

  • E

    endpoint detection and response (EDR)

    Endpoint detection and response (EDR) is a category of tools and technology used for protecting computer hardware devices–called endpoints—from potential threats.

  • Evil Corp

    Evil Corp is an international cybercrime network that uses malicious software to steal money from its victims' bank accounts.

  • F

    footprinting

    In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins.

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud is a criminal act of deception done by unjustly claiming accomplishments or qualities for financial or personal gain.

  • H

    HIDS/NIDS (host intrusion detection systems and network intrusion detection systems)

    Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks... (Continued)

  • honeypot (computing)

    A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.

  • I

    Indicators of Compromise (IOC)

    Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.

  • information security (infosec)

    Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.

  • information signature

    To fight terrorism, the Information Awareness Office (IAO) of the U.S. Defense Advanced Research Projects Agency (DARPA) is planning to develop a system that uses a super database of recorded online transactions and analytical programming that will identify what is referred to as the information signature of a terrorist or terrorist activity before harm can be done.

  • inline network device

    An inline network device is one that receives packets and forwards them to their intended destination.

  • intrusion detection system (IDS)

    An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.

  • intrusion prevention system (IPS)

    An intrusion prevention system (IPS) is a network security and threat prevention tool.

  • inverse mapping

    Inverse mapping is a procedure used to create associations between real or virtual objects that involves some type of reversal of another process or concept.

  • IP Spoofing

    IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.

  • M

    messaging security

    Messaging security is a subcategory of unified threat management (UTM) focused on securing and protecting an organization’s communication infrastructure.

  • micro VM (micro virtual machine)

    A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.

  • N

    cryptographic nonce

    A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.

  • network behavior analysis (NBA)

    Network behavior analysis (NBA) is a method of enhancing the security of a proprietary network by monitoring traffic and noting unusual actions or departures from normal operation... (Continued)

  • network behavior anomaly detection (NBAD)

    Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or extraordinary trends.

  • network forensics

    Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.

  • P

    probe

    In telecommunications generally, a probe is an action taken or an object used for the purpose of learning something about the state of the network.

  • promiscuous mode

    In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that captures and saves all packets for analysis (for example, for monitoring network usage)... (Continued)

  • S

    sandbox (software testing and security)

    A sandbox is an isolated testing environment that enables users to run programs or execute files without affecting the application, system or platform on which they run.

  • security information and event management (SIEM)

    Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.

  • security information management (SIM)

    Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs. A security information management system (SIMS) automates that practice. Security information management is sometimes called security event management (SEM).

  • snoop server

    A snoop server is a server that uses a packet sniffer program to capture network traffic for analysis.

  • SnortSnarf

    SnortSnarf is a program that was designed for use with Snort, a security program used mainly with Linux networks. SnortSnarf converts the data from Snort into Web pages. It was written in Perl by Jim Hoagland of Silicon Defense. Snort is an open source network intrusion detection system (NIDS) that monitors network traffic in real time, scrutinizing each packet closely to detect dangerous payloads or suspicious anomalies.

  • SOAR (Security Orchestration, Automation and Response)

    SOAR (Security Orchestration, Automation and Response) is a technology stack of compatible software programs that allow an organization to collect data about security threats and alerts from multiple sources and respond to low-level security events without human assistance.

  • U

    ultrasound

    Ultrasound is acoustic (sound) energy in the form of waves having a frequency above the human hearing range.

  • unified threat management (UTM)

    A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close