A
AI-Powered CyberattacksRead More >

AI-powered cyberattacks leverage AI or machine learning (ML) algorithms and techniques to automate, accelerate, or enhance various phases of a cyberattack.

Application Security Posture Management (ASPM)Read More >

Application Security Posture Management (ASPM) has emerged as a vital practice, ensuring applications meet stringent security standards and identifying vulnerabilities.

Application Security Posture Management (ASPM) Best PracticesRead More >

Read this post to learn about five ASPM best practices that will help keep your application environments secure from adversaries.

Application Security Posture Management (ASPM) Use CasesRead More >

There are many real-world scenarios where ASPM plays a crucial role in helping organizations fortify their application security.

ASOC vs. ASPMRead More >

ASOC and ASPM share common foundations in application security, with ASOC often viewed as a precursor to the broader and more holistic ASPM approach.

Application Security Orchestration and Correlation (ASOC)Read More >

By correlating data from multiple sources and analyzing patterns, ASOC tools enable security teams to de-duplicate and prioritize application security findings. Additionally, ASOC tools enable development teams to automate key workflows and streamline security processes, increasing speed and efficiency for vulnerability testing and remediation efforts.

Application Risk ScoringRead More >

In this post we’ll provide a clearer understanding of risk scoring, discuss the role of Common Vulnerability Scoring System (CVSS) scores (and other scoring standards), and talk about what it means to integrate business and data flow context into your risk assessment.

Adversarial AI & Adversarial Machine LearningRead More >

Adversarial AI or adversarial machine learning (ML) seeks to inhibit the performance of AI/ML systems by manipulating or misleading them. These attacks on machine learning systems can occur at multiple stages across the model development life cycle.

Azure Kubernetes Service (AKS)Read More >

Azure Kubernetes Service (AKS) is a managed Kubernetes service from Microsoft Azure that aims to simplify the deployment and management of Kubernetes clusters.

AWS Infrastructure ObservabilityRead More >

In this article, we’ll cover the benefits of implementing infrastructure observability on AWS. We will explore a few key observability services from AWS, along with external services that you can integrate with your AWS account to enhance your monitoring capabilities.

Active Directory SecurityRead More >

Active Directory is a directory service offered by Microsoft Windows that helps administrators configure permissions and network access.

Application Security Best PracticesRead More >

In this post, we will cover seven best practices that can ensure the resilience of your applications against ever-evolving threats.

Application WhitelistingRead More >

Application whitelisting is the approach of restricting the usage of any tools or applications only to those that are already vetted and approved.

Audit LogsRead More >

Audit logs are a collection of records of internal activity relating to an information system. Audit logs differ from application logs and system logs.

Amazon Web Services (AWS) Cloud SecurityRead More >

In this article, we go beyond the generic AWS best practices and offer recommendations to help you scale and enhance your AWS security.

Attack Vectors: What They Are and How They Are ExploitedRead More >

An attack vector is the method or combination of methods that cybercriminals use to breach or infiltrate a victim’s network.

AWS CloudTrail vs. AWS CloudWatchRead More >

Amazon Web Services (AWS) offers various monitoring tools to assist users in monitoring their cloud systems. In this post, we’ll compare the AWS CloudTrail and AWS CloudWatch tools, exploring their key features, capabilities, differences, and similarities.

Application Security: Challenges, Tools & Best PracticesRead More >

Application security is a set of measures designed to prevent data or code at the application level from being stolen or manipulated. It involves security during application development and design phases as well as systems and approaches that protect applications after deployment.

Advanced Persistent Threat (APT)Read More >

An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time.

Access LogsRead More >

An access log is a log file that records all events related to client applications and user access to a resource on a computer. Examples can be web server access logs, FTP command logs, or database query logs.

Application MonitoringRead More >

Application monitoring is the process of collecting log data in order to help developers track availability, bugs, resource use, and changes to performance in applications that affect the end-user experience (UX).

Address Resolution Protocol (ARP) Spoofing: What It Is and How to Prevent an ARP AttackRead More >

Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of spoofing attack that hackers use to intercept data. A hacker commits an ARP spoofing attack by tricking one device into sending messages to the hacker instead of the intended recipient.

Attack Surface ManagementRead More >

Attack surface management is the continuous discovery, monitoring, evaluation, prioritization and remediation of attack vectors within an organization's IT infrastructure.

B
Behavioral AnalyticsRead More >

In the context of cybersecurity, behavioral analytics focuses on user behavior within networks and applications, watching for unusual activity that may signify a security threat. 

Backdoor AttacksRead More >

A backdoor attack is a clandestine method of sidestepping normal authentication procedures to gain unauthorized access to a system. It’s like a secret entrance that a burglar can use to get into a house — but instead of a house, it’s a computer or a network.

Bootkit: Definition, Prevention, and RemovalRead More >

Bootkit is a type of malware used by a threat actor to attach malicious software to a computer system and can be a critical threat to your business.

Brute Force AttacksRead More >

A brute force attack is uses a trial-and-error approach to systematically guess login info, credentials, and encryption keys. The attacker submits combinations of usernames and passwords until they finally guess correctly.

C
CNAPP vs CWPPRead More >

Read this article to learn what the differences between CNAPP and CWPP and how they work together to improve cloud security.

Cyber Asset Attack Surface Management (CAASM)Read More >

Cloud Security AssessmentRead More >

A cloud security assessment is an evaluation that tests and analyzes an organization’s cloud infrastructure to ensure the organization is protected from a variety of security risks and threats.

Cloud Native SecurityRead More >

Cloud native security is a collection of technologies and practices that comprehensively address the dynamic and complex needs of the modern cloud environment.

Cloud Native SecurityRead More >

Cloud native security is a collection of technologies and practices that comprehensively address the dynamic and complex needs of the modern cloud environment.

Cloud Detection and Response (CDR)Read More >

CDR is a security approach specifically designed for cloud environments that focuses on threat detection, immediate incident response, and service integrations.

CDR vs CNAPPRead More >

Cloud DetectionRead More >

Cloud detection identifies threats, vulnerabilities, and malicious activities within an organization’s cloud infrastructure.

Cloud FirewallRead More >

A cloud firewall acts as a barrier between cloud servers and incoming requests by enforcing strict authorization, filtering requests, and blocking any potentially malicious requests from unauthorized clients.

Cloud ComplianceRead More >

Cloud compliance refers to the process of adhering to regulatory standards, international laws and mandates, and industry best practices (frameworks, benchmarks) in the context of cloud computing.

Cloud MigrationRead More >

Cloud migration refers to moving everything a business does — from data to applications — into a cloud computing environment.

Cloud InfrastructureRead More >

Cloud infrastructure is a collective term used to refer to the various components that enable cloud computing and the delivery of cloud services to the customer. This includes hardware, software, network devices, data storage and an abstraction layer that allows users to access virtualized resources. 

Continuous Integration and Continuous Delivery (CI/CD) PipelineRead More >

CI/CD combines the practices of continuous integration (CI) and Continuous Delivery (CD) to allow DevOps teams to deliver code updates frequently, reliably, and quickly.

Common Vulnerability Scoring System (CVSS)Read More >

Cloud Security Best PracticesRead More >

In this blog, we’ll look at 20 recommended cloud security best practices organizations can implement throughout their cloud adoption process to keep their environments secure from cyberattacks.

Code Security: Fundamentals and Best PracticesRead More >

Code security is the practice of writing and maintaining secure code. It means taking a proactive approach to dealing with potential vulnerabilities so more are addressed earlier in development and fewer reach live environments.

Cloud Security Issues: Risks, Threats, and ChallengesRead More >

The reasons behind cloud breaches run the gamut, but can be broadly classified into four cloud security challenges: human errors, runtime threats, shadow IT and poor strategic planning.

Cloud Infrastructure Entitlement Management (CIEM)Read More >

Cloud infrastructure entitlement management (CIEM) is a security process that helps security teams analyze and manage identities, access rights, privileges, and permissions in cloud environments.

Cybersecurity Advisory ServicesRead More >

Cybersecurity advisory services encompass high-level guidance and strategic planning to ensure that an organization's cybersecurity measures are comprehensive, current, and effective.

Cloud SecurityRead More >

Cloud security is a collection of technologies, policies, services, and security controls to protect an organization’s sensitive data, applications, and environments in cloud computing systems.

Cyber Insurance ExplainedRead More >

Cyber insurance, sometimes referred to as cyber liability insurance or cyber risk insurance, is a type of insurance that limits a policy holder’s liability and manages recovery costs in the event of a cyberattack, data breach or act of cyberterrorism.

Cyber Big Game HuntingRead More >

Cyber big game hunting is a type of cyberattack that usually leverages ransomware to target large, high-value organizations or high-profile entities.

Cloud Security Frameworks: How to Choose the Right One for Your BusinessRead More >

Cloud security frameworks are sets of guidelines, best practices, and controls organizations use to approach the security of their data, applications, and infrastructure in cloud computing environments.

Container Lifecycle ManagementRead More >

Container lifecycle management is a critical process of overseeing the creation, deployment, and operation of a container until its eventual decommissioning.

CIS BenchmarksRead More >

A CIS Benchmark is a meticulously crafted, comprehensive set of security configuration guidelines for a specific technology. Developed by the Center for Internet Security (CIS), these Benchmarks are key to enhancing an organization's ability to prevent, detect, and respond to cyber threats.

Cloud Workload Protection (CWP)Read More >

Cloud Workload Protection platforms offer organizations a solution to continuously monitor for, and remove threats from their cloud workloads and containers.

Cloud Computing ExplainedRead More >

Cloud computing, commonly referred to as “the cloud", provides easy online access to a shared pool of configurable computing resources such as servers, storage, applications, and services.

Cloud Compromise AssessmentRead More >

A cloud compromise assessment is an in-depth evaluation of an organization’s cloud infrastructure to identify, analyze, and mitigate potential security risks. Performing a regular assessment uncovers vulnerabilities and threats early. Assessments are crucial for maintaining a strong security posture. The main goal of the assessment is to uncover any signs of compromise before they can escalate into full-blown security incidents.

Credential StuffingRead More >

Credential stuffing is a cyberattack where cybercriminals use stolen login credentials from one system to attempt to access an unrelated system.

CybersquattingRead More >

Cybersquatting is the abusive practice of registering and using an internet domain name that is identical or similar to trademarks, service marks, personal names or company names with the bad faith intent of hijacking traffic for financial profit, delivering malware payloads or stealing intellectual property.

Container ScanningRead More >

Container scanning is the process of analyzing components within containers to uncover potential security threats. It is integral to ensuring that your software remains secure as it progresses through the application life cycle.

Containerization Explained: Benefits, Use Cases, and How It WorksRead More >

Containerization is a software deployment technology that allows developers to package software and applications in code and run them in isolated compute environments as immutable executable images containing all the necessary files, configurations, libraries, and binaries needed to run that specific application.

Crypto-MalwareRead More >

Crypto-malware is a type of malicious software, or malware, designed to carry out long-term cryptojacking cyberattacks.

Cybersecurity Platform Consolidation Best PracticesRead More >

Cybersecurity platform consolidation is the strategic integration of diverse security tools into a single, cohesive system, or, the concept of simplification through unification applied to your cybersecurity toolbox.

Computer WormRead More >

A computer worm is a type of malware that can automatically propagate or self-replicate without human interaction, enabling its spread to other computers across a network.

Compromise Assessments ExplainedRead More >

Compromise assessments are high-level investigations where skilled teams utilize advanced tools to dig more deeply into their environment to identify ongoing or past attacker activity in addition to identifying existing weaknesses in controls and practices. The intent of the comprehensive assessment is to answer the critical question: “Has my organization been breached?”

Cloud Incident ResponseRead More >

Cloud Incident Response (Cloud IR) is the process you follow when a cybersecurity incident occurs in your cloud environment.

Cloud Security ArchitectureRead More >

Cloud security architecture is the umbrella term used to describe all hardware, software and infrastructure that protects the cloud environment and its components, such as data, workloads, containers, virtual machines and APIs.

Cloud Application SecurityRead More >

Cloud application security is the process of securing cloud-based software applications throughout the development lifecycle.

Cross Site Scripting (XSS)Read More >

Cross Site Scripting (XSS) is a code injection attack in which an adversary inserts malicious code within a legitimate website.

Cyber HygieneRead More >

Cyber hygiene refers to the practices computer users adopt to maintain the safety and security of their systems in an online environment.

Cyber Risk: Definition, Common Types and How To Protect Against ThemRead More >

Cyber risk measures the likelihood (probability) that an attacker may exploit a cyber threat, as well as considers the potential impact of that bad event, such as the loss of confidentiality, integrity and availability of an organization’s information.

Cloud Governance: Principles, Challenges and Best PracticesRead More >

Cloud governance is a set of policies and rules used by companies who build or work in the cloud. This framework is designed to ensure data security, system integration and the deployment of cloud computing are properly managed.

Common Cloud Threats: Exploitation of Misconfigured Image ContainersRead More >

Developers sometimes use base images from an external registry to build their images. Unfortunately, these images can contain malware or vulnerable libraries.

Common Cloud Threats: Malware HostingRead More >

Malware hosting occurs when cybercriminals use a free or compromised hosting account to host malware while using the hosting provider's reputation as cover.

Common Cloud Threats: Cloud Service Provider AbuseRead More >

Adversaries leverage cloud service providers to abuse provider trust relationships and gain access to additional targets through lateral movement.

Common Cloud Threats: Cloud Vulnerability ExploitationRead More >

The fast adoption of the cloud has expanded the attack surface businesses must monitor and protect to avoid cloud vulnerability exploitation.

Credential TheftRead More >

Credential theft is the act of stealing personal information such as usernames, passwords and financial information in order to gain access to an online account or system.

Common Log File FormatsRead More >

A log format defines how the contents of a log file should be interpreted. Typically, a format specifies the data structure and type of encoding.

Cookie LoggingRead More >

Cookie logging is the process of collecting cookies from a user’s site session.

CRUD vs REST ExplainedRead More >

In this article, we will introduce CRUD and REST, explain their similarities and differences, and then consider how to best monitor their performance.

CRUDRead More >

CRUD is the acronym for CREATE, READ, UPDATE and DELETE. These terms describe the four essential operations for creating and managing persistent data elements, mainly in relational and NoSQL databases.

Container Security Best PracticesRead More >

This article discusses the concept of container security and its main challenges, as well as best practices for developing secure containerized applications.

Cloud Data Security: Securing Data Stored in the CloudRead More >

Cloud data security refers to the technologies, policies, services and security controls that protect any type of data in the cloud from loss, leakage or misuse through breaches, exfiltration and unauthorized access.

Cloud Access Security Broker (CASB)Read More >

A cloud access security broker (CASB) is a security check point between cloud network users and cloud-based applications that manages and enforces all data security policies and practices, including authentication, authorization, alerts and encryption.

Cyber attacks on Small Businesses: Current Stats and How to Prevent ThemRead More >

Many small businesses may still fall into the trap of thinking that their organization isn’t large enough or high-profile enough to be the target for attackers. But the fact of the matter is that they have become an easy mark since many do not have advanced tools to defend the business, but they do have what hackers are after: data.

D
Data Flow MappingRead More >

Data ClassificationRead More >

Data OnboardingRead More >

Digital ForensicsRead More >

DevOps vs. DevSecOpsRead More >

DevOps and DevSecOps share cultural similarities but address different business goals. Knowing when to use each practice or transition from DevOps to DevSecOps can improve your business.

Data PortabilityRead More >

Data portability is the ability of users to easily transfer their personal data from one service provider to another.

Data Poisoning: The Exploitation of Generative AIRead More >

Data poisoning is a type of cyberattack in which an adversary intentionally compromises a training dataset used by an AI or machine learning (ML) model to influence or manipulate the operation of that model.

Disinformation CampaignRead More >

In this post, we'll explore the mechanics of disinformation campaigns, deliberate efforts to spread false information.

Data PrivacyRead More >

Data privacy, also called information privacy, is an area of data protection that addresses the proper storage, access, retention, and security of sensitive data, which helps organizations meet regulatory requirements and protect the confidentiality and immutability of their data.

Data Protection vs Data SecurityRead More >

Data protection and data security are often used interchangeably, but they have distinct focuses and objectives. Read this post to learn the difference.

Database MonitoringRead More >

Database monitoring is the continuous tracking of a database’s activities and performance. It is crucial in helping optimize and tune database processes for high performance and reliability. Security is also another key factor to consider when it comes to monitoring databases due to the importance of this data.

Digital Forensics and Incident Response (DFIR)Read More >

Digital Forensics and Incident Response (DFIR) is a field within cybersecurity that focuses on the identification, investigation, and remediation of cyberattacks.

Debug LoggingRead More >

Debug logging specifically focuses on providing information to assist in identifying and resolving bugs or defects. 

Data Compliance: An Introduction - CrowdStrikeRead More >

Data compliance is the practice of ensuring that sensitive and protected data is organized and managed in a way that enables organizations and government entities to meet relevant legal and government regulations.

Data Encryption ExplainedRead More >

Data encryption converts plain text into an encoded format to protect against unauthorized access to data.

Dark Web MonitoringRead More >

Dark web monitoring is the process of searching for, and tracking, your organization’s information on the dark web.

Distributed Denial-of-Service (DDoS) AttacksRead More >

DDoS, short for distributed-denial-of-service, is a cyberattack that attempts to interrupt  a server or network by flooding it with fake internet traffic, preventing user access and disrupting operations.

Denial-of-Service (DoS) AttacksRead More >

A Denial-of-Service (DoS) attack is a cyberattack that floods a machine or network with false requests in order to disrupt business operations.

Data Obfuscation ExplainedRead More >

​​Data obfuscation is the process of disguising confidential or sensitive data to protect it from unauthorized access. Data obfuscation tactics can include masking, encryption, tokenization, and data reduction.

Data Breach: How It Happens & Ways to Prevent ItRead More >

A data breach is a security incident where an organization’s data is illegally stolen, copied, viewed, or released by an unauthorized individual or group.

Deep Web vs Dark web: What's the Difference?Read More >

“Deep web” and “dark web” are NOT interchangeable terms. The deep web is any part of the Net that is not indexed by search engines. The dark web uses encryption software to provide even greater security.

Detecting Insider Threat IndicatorsRead More >

An insider threat refers to the potential for a person to leverage a position of trust to harm the organization through misuse, theft or sabotage of critical assets.

Data ExfiltrationRead More >

Data exfiltration is the theft or unauthorized transfer of data from a device or network.

E
Endpoint MonitoringRead More >

Endpoint monitoring involves the continuous monitoring and management of devices that connect to a network, such as computers, mobile devices, and servers.

Endpoint Security: How Endpoint Protection WorksRead More >

Endpoint security, or endpoint protection, is the cybersecurity approach to defending endpoints – such as desktops, laptops, and mobile devices – from malicious activity.

Entra ID: (formerly Azure Active Directory)Read More >

In this article, we'll explore Entra ID, considering its advantages over traditional identity services. We’ll also look at how it integrates with CrowdStrike Falcon® Identity Protection to enhance your cybersecurity posture.

Extended Internet of Things (XIoT)Read More >

The extended internet of things (XIoT) is an umbrella term that includes all internet of things (IoT) or physical devices connected to the internet. It encompasses IoT, operational technology (OT), internet of medical things (IoMT), industrial IoT (IIoT), and supervisory control and data acquisition (SCADA).

EDR vs NGAV What is the difference?Read More >

Discover more about two of the most critical elements to every cybersecurity architecture – endpoint detection and response (EDR) and next-generation antivirus (NGAV) – and the points organizations should consider when selecting and integrating these tools

Exposure Management vs. Vulnerability ManagementRead More >

Exposure management and vulnerability management both play pivotal roles in supporting an organization’s security posture. However, they serve different functions in cybersecurity.

Exposure Management in CybersecurityRead More >

Exposure management is an organization’s process of identifying, assessing, and addressing security risks associated with exposed digital assets. Exposed assets include any endpoints, applications, or other cloud resources that can be used to breach an organization’s systems.

External Attack Surface Management (EASM)Read More >

External Attack Surface Management (EASM) refers to the continuous discovery, monitoring, evaluation, prioritization, and remediation of attack vectors of an organization's external attack surface. An External Attack Surface, also known as Digital Attack Surface, is the sum of an organization’s internet-facing assets and the associated attack vectors which can be exploited during an attack.

Enhancing Security in Kubernetes with Admission ControllersRead More >

In this article, we’ll take a deep dive into the world of Kubernetes admission controllers by discussing their importance, internal mechanisms, image scanning capabilities, and significance in the security posture of Kubernetes clusters.

Ethical HackerRead More >

An ethical hacker, also known as a ‘white hat hacker’, is employed to legally break into computers and networks to test an organization’s overall security. Ethical hackers possess all the skills of a cyber criminal but use their knowledge to improve organizations rather than exploit and damage them.

EPP vs. EDRRead More >

EPP and EDR are two critical and distinct components within a comprehensive cybersecurity strategy.

EDR vs MDR vs XDRRead More >

Learn the differences between endpoint detection and response (EDR), managed detection and response (MDR) and extended detection and response (XDR).

Exploit KitsRead More >

An exploit kit is a toolkit that cybercriminals use to attack specific vulnerabilities in a system or code.

Error LogsRead More >

An error log is a file that contains detailed records of error conditions a computer software encounters when it’s running.

Email Spoofing: How to Identify a Spoofed EmailRead More >

Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.

Endpoint Protection SoftwareRead More >

Endpoint protection software offers a centralized management system from which security administrators can monitor, protect, and investigate vulnerabilities across all endpoints, including computers, mobile devices, servers and connected devices.

Endpoint Protection Platforms (EPP)Read More >

An endpoint protection platform (EPP) is a suite of endpoint security technologies such as antivirus, data encryption, and data loss prevention that work together on an endpoint device to detect and prevent security threats like file-based malware attacks and malicious activity.

F
Fileless Malware ExplainedRead More >

Fileless malware is a type of malicious activity that uses native, legitimate tools built in to a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.

Free Antivirus vs Paid Antivirus SoftwareRead More >

In this guide, we outline the key differences between free and paid antivirus solutions available to small businesses and help owners decide which option is right for their company.

G
Guide to Azure SecurityRead More >

Azure Security is a suite of security tools that seeks to safeguard the data, applications, and infrastructure hosted on the Azure platform.

Guide To Google Cloud MigrationRead More >

Read this article to learn what a Google Cloud migration entails, its benefits, and the strategic approach needed for a successful transition.

Generative AI (GenAI) in CybersecurityRead More >

Generative AI (GenAI) is a branch of artificial intelligence that focuses on generating new data based on existing data. This sophisticated technology enables a variety of use cases — such as data retrieval and analysis, content generation, and summarization — across a growing number of  applications.

Guide On How To Protect Against RansomwareRead More >

Businesses of all sizes are vulnerable to cyberattacks like ransomware. To protect against this increasing risk, business owners can invest in endpoint protection solutions and educate themselves about how to prevent and mitigate the impact of ransomware.

General Data Protection Regulation (GDPR)Read More >

The General Data Protection Regulation (GDPR) is the European Union's (EU) personal data protection law that aims to protect the privacy of EU citizens. Enacted in May 2018, it imposes a unified set of rules on all organizations that process personal data originating from the EU, regardless of location.

Guide to Cloud Security Posture Management (CSPM)Read More >

Cloud security posture management (CSPM) automates the identification and remediation of risks across cloud infrastructures.

Golden Ticket AttackRead More >

A Golden Ticket attack is a malicious cybersecurity attack in which a threat actor attempts to gain almost unlimited access to an organization’s domain.

H
How to Spot a Phishing EmailRead More >

The most common form of phishing attack is a phishing email. Discover the 7 telltale signs of a phishing email with examples here.

How To Build a Successful Cloud Security StrategyRead More >

A cloud security strategy is a framework of tools, policies, and procedures for keeping your data, applications, and infrastructure in the cloud safe and protected from security risks.

How To Perform a Cybersecurity Risk AssessmentRead More >

A cybersecurity risk assessment is a systematic process aimed at identifying vulnerabilities and threats within an organization's IT environment, assessing the likelihood of a security event, and determining the potential impact of such occurrences.

How To Design a Cloud Security PolicyRead More >

A cloud security policy is a framework with rules and guidelines designed to safeguard your cloud-based systems and data.

Honey AccountRead More >

A honey account is a fabricated user account that triggers alerts for unauthorized activity when accessed. The honey account is part of your system, but it serves no real function other than incident detection.

Hashing in CybersecurityRead More >

In the context of cybersecurity, hashing is a way to keep sensitive information and data — including passwords, messages, and documents — secure.

How To Prevent Ransomware: Pro TipsRead More >

The following tips are supported by what CrowdStrike has found to successfully combat and prevent ransomware.

How to Implement Zero Trust in StagesRead More >

CrowdStrike offers the following recommendations to move Zero Trust along a journey of maturity based on your needs and priorities:

How Does Ransomware SpreadRead More >

As ransomware operators continue to evolve their tactics, it’s important to understand the 10 most common attack vectors used so that you can effectively defend your organization.

How to Build a Zero Trust StrategyRead More >

In this post, we'll outline a framework for a true Zero Trust model that adheres to industry best practices while specifically avoiding the potential pitfalls.

Hybrid Cloud SecurityRead More >

Hybrid cloud security is the protection of data and infrastructure that combines elements of private cloud, public cloud, and on-premises infrastructure into a unified architecture.

Human Intelligence (HUMINT) in CybersecurityRead More >

Human Intelligence (HUMINT) is a form of “on the ground” information gathering using human sources to collect information.

Hybrid Cloud ExplainedRead More >

A hybrid cloud combines elements of a public cloud, private cloud and on-premises infrastructure into a single, common, unified architecture allowing data and applications to be shared between the mixed IT environment.

How To Implement Phishing Attack Awareness TrainingRead More >

As cybercrime of all kinds, and phishing, in particular, reaches new heights in 2023, it’s important for every person in your organization to be able to identify a phishing attack and play an active role in keeping the business and your customers safe.

How to choose between outsourced vs in-house cybersecurityRead More >

Learn the benefits and challenges of in-house and outsourced cybersecurity solutions to find the best fit for your business.

How to choose a cybersecurity vendor that’s right for your businessRead More >

The eight factors to use when assessing a cybersecurity vendor to help you choose the right fit for your business now and in the future.

How to increase your SMB cybersecurity budgetRead More >

Sharing helpful thought starters, considerations & tips to help IT leaders make the case for increasing their cybersecurity budget. Read more!

How to create an employee cybersecurity awareness training program (with examples)Read More >

CrowdStrike's how-to guide provides SMBs the steps & essentials (with examples) to develop the right training programs for your employees.

How to Mitigate Insider Threats: Strategies for Small BusinessesRead More >

In this post, we’ll take a closer look at insider threats – what they are, how to identify them, and the steps you can take to better protect your business from this serious threat.

How to Create a Cybersecurity Budget for Your Small BusinessRead More >

Creating a budget for your evolving cybersecurity needs is critical. Learn tips to develop a budget that covers the protection your small business needs.

History of RansomwareRead More >

Ransomware first cropped up around 2005 as just one subcategory of the overall class of scareware. Learn how it's evolved since then.

HacktivismRead More >

Hacktivism is a combination of the words “hack” and “activism”. Hacktivists engage in disruptive or damaging activity on behalf of a cause, be it political, social or religious in nature.

Honeypots in Cybersecurity ExplainedRead More >

A honeypot is a cybersecurity mechanism that leverages a manufactured attack target to lure cybercriminals away from legitimate targets and gather intelligence about the identity, methods and motivations of adversaries.

How to Hire a Cybersecurity Expert for Your Small BusinessRead More >

Cybersecurity specialists play a key role in securing your organization’s information systems by monitoring, detecting, investigating and responding to security threats. So how should you go about bringing top cybersecurity talent to your company?

I
Incident ResponderRead More >

An incident responder is a key player on an organization's cyber defense line. When a security breach is detected, incident responders step in immediately.

IaC Scanning: Definition, Processes, and TechnologiesRead More >

IaC scanning is the process of codifying infrastructure setup and configuration to enable organizations to automate and streamline their deployments.

Injection AttacksRead More >

Injection attacks occur when attackers exploit vulnerabilities in an application to send malicious code into a system.

IT Asset DiscoveryRead More >

IT asset discovery is the process an organization uses to identify, catalog, and document all of its IT assets.

Identity Security Posture Management (ISPM)Read More >

Identity security posture management (ISPM) is a framework used to strengthen and maintain the security posture of an organization’s identity infrastructure to prevent breaches.

Identity Access Management (IAM)Read More >

Identity and access management (IAM) is a framework that allows the IT team to control access to systems, networks and assets based on each user’s identity.

Infrastructure as Code (IaC)Read More >

Infrastructure as Code (IaC) is the process of dynamically managing and provisioning infrastructure through code instead of a manual process to simplify app development, configuration, and runtime.

Introduction to Malware Spam (Malspam)Read More >

Malspam, short for malicious spam or spam containing malware, is a spam email that delivers malware as the malicious payload.

Identity ProtectionRead More >

Identity protection, also known as identity security, is a comprehensive solution that protects all types of identities within the enterprise

Incident Response PlanRead More >

Most IR plans can be summed up in 4 common steps: Preparation, Detection & Analysis, Containment & Eradication, and Post-Incident Activity.

Identity SegmentationRead More >

Identity segmentation is a method to restrict access to applications/resources based on identities. These identities could be human accounts, service (programmatic accounts), or privileged accounts.

Identity Threat Detection and Response (ITDR)Read More >

Identity threat detection and response (ITDR) is a security procedure for identifying, reducing, and responding to potential identity-based threats, such as compromised user accounts, leaked passwords, data breaches, and fraudulent activity.

Incident Response (IR): Plan & ProcessRead More >

Incident response (IR) is the steps used to prepare for, detect, contain, and recover from a data breach.

IIS LogsRead More >

IIS creates log files for each website it serves. You can set the log file location for an IIS-hosted website from the “Logging” section of the website.

Introduction to Advanced Endpoint Protection (AEP)Read More >

Advanced endpoint protection (AEP) is a next-generation endpoint security solution that uses AI, machine learning, and other intelligent automation capabilities to provide more comprehensive cybersecurity protection from a variety of modern threats.

IOA vs IOCRead More >

Indicators of Attack vs Indicators of Compromise: Defining & Understanding the Differences

Indicators of Compromise (IOC) SecurityRead More >

An Indicator of Compromise (IOC) is a piece of digital forensics that suggests that an endpoint or network may have been breached.

Infrastructure as a Service (IaaS)Read More >

Infrastructure as a Service (IaaS) is a cloud computing model in which a third-party cloud service provider offers virtualized compute resources such as servers, data storage and network equipment on demand over the internet to clients.

Insider Threats ExplainedRead More >

An insider threat is a cybersecurity risk that comes from within the organization — usually by a current or former employee or other person who has direct access to the company network, sensitive data and intellectual property (IP).

K
Kubernetes Security Best PracticesRead More >

These practices are based on the 4 Cs, which are designed to help organizations achieve optimal security across the primary layers of typical Kubernetes environments.

Kubernetes Frameworks: NIST vs CISRead More >

Kubernetes is a container orchestration system used to run various types of workloads, from user-facing web applications to backend processes.

Kubernetes as a Service (KaaS) ExplainedRead More >

KaaS is a managed solution offered by cloud providers to streamline the deployment, management, and operation of Kubernetes clusters.

Kubernetes vs DockerRead More >

Docker is a versatile platform responsible for creating, managing, and sharing containers on a single host, while Kubernetes is a container orchestration tool responsible for the management, deployment, and monitoring of clusters of containers across multiple nodes.

Kerberoasting AttacksRead More >

Kerberoasting is a post-exploitation attack technique that attempts to crack the password of a service account within the Active Directory (AD).

Keyloggers: How They Work and How to Detect ThemRead More >

Keyloggers, or keystroke loggers, are tools that record what a person types on a device. While there are legitimate and legal uses for keyloggers, many uses for keyloggers are malicious.

Kubernetes vs. MesosRead More >

Container orchestration engines (COEs) make managing containerized workloads easier by automating operational tasks. Kubernetes and Apache Mesos are two of the most popular COEs.

L
Low-Code Application PlatformRead More >

In this post, we’ll examine the low-code application platform — and its near cousin, the low-code application platform — consider its benefits and limitations, and look specifically at the role it can play in cybersecurity.

Log StreamingRead More >

Log streaming in cybersecurity refers to the real-time transfer and analysis of log data to enable immediate threat detection and response.

Log RetentionRead More >

Log retention refers to how organizations store log files relating to security and for how long. It is a significant part of log management, and it’s integral to your cybersecurity.

Logging vs MonitoringRead More >

In this article, we’ll explore logging and monitoring processes, looking at why they’re important for managing applications. We’ll also cover best practices to integrate logging with monitoring to obtain robust visibility and accessibility over an entire application.

Lateral MovementRead More >

Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets.

Logging Best PracticesRead More >

This article considers some logging best practices that can lay the groundwork for a robust and scalable logging infrastructure.

Logging Levels ExplainedRead More >

Setting up meaningful log levels is an important step in the log management process. Logging levels allow team members who are accessing and reading logs to understand the significance of the message they see in the log or observability tools being used.

Log Files ExplainedRead More >

A log file is an event that took place at a certain time and might have metadata that contextualizes it.

Log AnalysisRead More >

Log analysis is the process of reviewing computer-generated event logs to proactively identify bugs, security threats, factors affecting system or application performance, or other risks.

M
MDR vs SOCRead More >

Cybersecurity tools and services abound, but two standout services are managed detection and response (MDR) and security operations center (SOC) services.

Most Common Types of CyberattacksRead More >

Cyberattacks can target a wide range of victims from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details.

Multi-Cloud SecurityRead More >

It is important to implement multi-cloud security to protect your infrastructure, application, and data across multiple clouds.

Multi-Cloud Vulnerability ManagementRead More >

Multi-cloud vulnerability management is the continuous process of identifying and remediating security vulnerabilities across all your cloud environments, whether they’re public, private, or hybrid.

Mobile Threat Defense (MTD)Read More >

Mobile threat defense combines real-time threat detection, automated response and remediation, and comprehensive visibility and control. Learn more!

Managed Detection and Response (MDR)Read More >

Managed detection and response (MDR) is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response.

Managed Detection and Response (MDR)Read More >

Managed detection and response (MDR) is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response.

Managed XDR (MXDR)Read More >

Managed XDR (MXDR) is an outsourced security service that provides advanced detection and response capabilities using a combination of digital technologies and human-led expertise.

Multi-factor Authentication (MFA)Read More >

Multi-factor authentication (MFA) is a multi-layered security system that grants users access to a network, system or application only after confirming their identity with more than one credential or authentication factor.

Machine Learning (ML) & Cybersecurity How is ML used in Cybersecurity?Read More >

This article provides an overview of foundational machine learning concepts and explains the growing application of machine learning in the cybersecurity industry, as well as key benefits, top use cases, common misconceptions and CrowdStrike’s approach to machine learning.

Managed Cloud SecurityRead More >

Managed cloud security protects an organization’s digital assets through advanced cybersecurity measures, performing tasks like constant monitoring and threat detection.

MDR vs MSSP: Defining both solutions and uncovering key differencesRead More >

In this post, we explore these two services, outline their key differentiators and help organizations decide which option is best for their business.

MITRE ATT&CK FrameworkRead More >

The MITRE ATTACK Framework is a curated knowledge base that tracks cyber adversary tactics and techniques used by threat actors across the entire attack lifecycle.

MSP vs. MSSP: Understanding the differenceRead More >

While both MSPs and MSSPs are third-party providers, the primary difference between the two is the scope of their offerings. Learn more here!

Microservices ArchitectureRead More >

A microservice-based architecture is a modern approach to software development that breaks down complex applications into smaller components that are independent of each other and more manageable.

Managed Security Service Providers (MSSP) ExplainedRead More >

A managed security service provider (MSSP) is an external party that provides cybersecurity services to its customers.

Malware AnalysisRead More >

Malware analysis is the process of understanding the behavior and purpose of a suspicious file or URL to help detect and mitigate potential threats.

Malware vs Virus: The Differences ExplainedRead More >

The term malware describes any program or code created with the intent to do harm to a computer, network or server. A virus is a type of malware limited only to programs or code that self-replicates or copies itself in order to spread to other devices or areas of the network.

Malware Detection TechniquesRead More >

Malware detection is a set of defensive techniques and technologies required to identify, block and prevent the harmful effects of malware. This protective practice consists of a wide body of tactics, amplified by various tools.

Mean Time to Repair ExplainedRead More >

Mean time to repair (MTTR) is a key performance indicator (KPI) that represents the average time required to restore a system to functionality after an incident.

Malicious Code: What It Is and How to Prevent ItRead More >

Malicious code is a term for code designed to cause damage, security breaches, or other threats to application security.

Most Common Types of Cyber VulnerabilitiesRead More >

In this article, we review the 7 most common types of vulnerabilities, including: misconfigurations, unsecured APIs, zero days, unauthorized access, and unpatched software.

N
Next Gen SIEM for Small BusinessRead More >

Next-Gen SIEMRead More >

In response to digital advancements like cloud computing, big data, and remote work models, SIEM has evolved, extending visibility beyond traditional perimeters.

Next-Generation Antivirus (NGAV)Read More >

Next-Generation Antivirus (NGAV) uses a combination of artificial intelligence, behavioral detection, machine learning algorithms, and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented.

Network SegmentationRead More >

Network segmentation is a strategy used to segregate and isolate segments in the enterprise network to reduce the attack surface.

NTLM ExplainedRead More >

Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.

O
Open XDR vs. Native XDRRead More >

Extended detection and response (XDR) is often broken into two main categories: open XDR and native XDR. Open XDR relies on third party integrations for full coverage of telemetry, while native XDR handles all collection and response tasks from a single vendor platform.

Open Source Intelligence (OSINT)Read More >

Open source intelligence (OSINT) is the act of gathering and analyzing publicly available data for intelligence purposes.

ObservabilityRead More >

Observability is when you infer the internal state of a system only by observing its external outputs. For modern IT infrastructure, a highly observable system exposes enough information for the operators to have a holistic picture of its health.

Observability vs. MonitoringRead More >

Monitoring tells you that something is wrong. Observability uses data collection to tell you what is wrong and why it happened.

P
PhishingRead More >

Phishing is a type of cyberattack where threat actors masquerade as legitimate companies or individuals to steal sensitive information such as usernames, passwords, credit card numbers, and other personal details.

Privileged Access Management (PAM)Read More >

Privileged access management helps organizations manage and secure access to their most critical systems, applications, and data, which are typically reserved for privileged accounts.

Public CloudRead More >

A public cloud is a third-party IT management solution that hosts on-demand cloud computing services and physical infrastructure using the public internet.

PCI DSS Compliance: Requirements (v.)Read More >

The Payment Card Industry Data Security Standard (PCI DSS) is a framework developed by the Payment Card Industry Security Standards Council (PCI SSC) to help secure and protect all payment card account data.

Penetration Testing (Pen Testing)Read More >

Penetration testing, or pen testing, is the simulation of real-world attacks in order to test an organization’s detection and response capabilities. 

Pass-the-Hash AttackRead More >

Pass the hash is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network.

Public Cloud vs Private CloudRead More >

The key difference between public and private cloud computing relates to access. In a public cloud, organizations use shared cloud infrastructure, while in a private cloud, organizations use their own infrastructure.

Policy As Code (PaC)Read More >

Policy as Code is the representation of policies and regulations as code to improve and automate policy enforcement and management.

Purple Teaming ExplainedRead More >

A purple team is a group of cyber security professionals who simulate malicious attacks and penetration testing in order to identify security vulnerabilities and recommend remediation strategies for an organization’s IT infrastructure.

PostgreSQL vs. MySQLRead More >

In this article, we will learn about the main features of PostgreSQL and MySQL, compare the two database management systems, and learn when to use PostgreSQL vs MySQL.

Password Storage: Saving, Managing and Protecting your PasswordsRead More >

Cybersecurity experts strongly recommend using a password manager to safely store account information on all connected devices, including desktops, laptops, tablets and smartphones.

Password SprayingRead More >

A Password spraying attack involve an attacker using a single common password against multiple accounts on the same application.

Privilege EscalationRead More >

A privilege escalation attack is a cyberattack designed to gain unauthorized privileged access into a system.

Patch ManagementRead More >

Patch management is the process of identifying and deploying software updates, or “patches,” to a variety of endpoints, including computers, mobile devices, and servers.

R
Regulatory ComplianceRead More >

n this article, we’ll discuss regulatory compliance, exploring the challenges that organizations commonly encounter.

Ransomware Examples: Recent Ransomware AttacksRead More >

In this post, we explore 16 recent ransomware examples to outline the adversaries behind them and how they work.

Rootkit MalwareRead More >

Rootkit malware is a collection of software designed to give malicious actors control of a computer, network or application.

Risk Based Vulnerability ManagementRead More >

Risk-based vulnerability management is a cybersecurity process that aims to identify and remediate vulnerabilities that pose the greatest risk to an organization.

Red Teaming: How Red Team Testing Prepares You for CyberattacksRead More >

Red team testing uses ethical hacking by simulating real-world techniques so your team can identify vulnerabilities in your system and practice response methods. Red teaming goes beyond a penetration test, or pen test, because it puts a team of adversaries — the red team — against an organization’s security team — the blue team.

Remote Desk Protocol (RDP)Read More >

RDP is software that allows users to control a remote desktop as if it were local.

Runtime Application Self-Protection (RASP)Read More >

Runtime Application Self-Protection (RASP) is a term coined by Gartner to describe a technology that incorporates security functionality within software applications to prevent malicious attacks while the application is running.

Red Team vs Blue Team in CybersecurityRead More >

In a red team/blue team exercise, the red team is made up of offensive security experts who try to attack an organization's cybersecurity defenses. The blue team defends against and responds to the red team attack.

Ransomware as a Service (RaaS) Explained How It Works & ExamplesRead More >

Ransomware as a Service (RaaS) is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products.

Ransomware DetectionRead More >

Ransomware detection is the first defense against dangerous malware since it finds the infection earlier so that victims can take action to prevent irreversible damage.

Ransomware Recovery: Steps to Recover your DataRead More >

A ransomware recovery plan is a playbook to address a ransomware attack, which includes an incident response team, communication plan, and step-by-step instructions to recover your data and address the threat.

Remote Code Execution (RCE): Principles and FunctionRead More >

Remote code execution (RCE) refers to a class of cyberattacks in which attackers remotely execute commands to place malware or other malicious code on your computer or network.

S
Semi-Structured DataRead More >

Shift Left vs. Shield Right in KubernetesRead More >

Learn how security teams can combine shift left and shield right concepts throughout the software development lifecycle to achieve stronger Kubernetes security posture.

Shadow ITRead More >

Shadow IT is the unauthorized use of any digital service or device that is not formally approved of and supported by the IT department.

Security Data LakeRead More >

This innovation represents a pivotal development in cybersecurity, offering a centralized repository capable of efficiently storing, managing, and analyzing diverse security data, thereby addressing the critical challenges posed by the data deluge.

SOC AutomationRead More >

Automation significantly boosts the efficiency of SOCs by streamlining processes and handling repetitive, manual tasks. Automation not only accelerates threat detection and mitigation but allows SOC teams to focus on more strategic tasks.

Security Orchestration, Automation and Response (SOAR)Read More >

Security orchestration, automation and response (SOAR) is a collection of software programs developed to bolster an organization’s cybersecurity posture. A SOAR platform enables a security analyst team to monitor security data from a variety of sources, including security information and management systems and threat intelligence platforms.

Security as Code (SaC)Read More >

Security as code (SaC) is the integration of automated security measures directly into the software development process, making it an integral part of the software development life cycle (SDLC). SaC introduces proactive rather than reactive security measures, an essential approach given the increasing sophistication of modern cyber threats.

Software Composition Analysis (SCA)Read More >

Software composition analysis (SCA) is a technique used for examining the software components that make up an application and then identifying and managing any vulnerabilities discovered.

Serverless Architecture ExplainedRead More >

Serverless architecture is a software development approach in which developers can run applications without managing the underlying infrastructure. In the serverless computing model, the cloud provider handles all infrastructure setup, maintenance, and scaling.

SBOM (Software Bill of Materials)Read More >

In this post, we will cover the key parts of an SBOM, the benefits and challenges for an organization adopting SBOMs, and how an organization might integrate the usage of SBOMs within its current suite of security tools.

Security Operations Center Best PracticesRead More >

Building a first-class security operations center is no simple feat – maintaining it is even harder. We discuss four security operations center best practices that every organization should strive for. 

Snort and Snort Rules ExplainedRead More >

Snort is an open-source network intrusion detection and prevention system (IDS/IPS) that monitors network traffic and identifies potentially malicious activities on Internet Protocol (IP) networks.

SIEM vs Log ManagementRead More >

Understand the difference in capabilities, definitions, and costs between a SIEM and a log management solutions (LMS).

SmishingRead More >

Smishing is the act of sending fraudulent text messages designed to trick individuals into sharing sensitive data such as passwords, usernames and credit card numbers.

Silver Ticket AttackRead More >

Similar to a golden ticket attack, a silver ticket attack compromises credentials by taking advantage of the Kerberos protocol.

Structured, Unstructured and Semi Structured Logging ExplainedRead More >

Structured, semi structured and unstructured logging falls on a large spectrum each with its own set of benefits and challenges. Unstructured and semi structured logs are easy to read by humans but can be tough for machines to extract while structured logs are easy to parse in your log management system but difficult to use without a log management tool.

Server MonitoringRead More >

Server monitoring provides visibility into network connectivity, available capacity and performance, system health, and much more.

Security Misconfiguration: What It Is and How to Prevent ItRead More >

Security misconfiguration is any error or vulnerability present in the configuration of code that allows attackers access to sensitive data. There are many types of security misconfiguration, but most present the same danger: vulnerability to data breach and attackers gaining unauthorized access to data.

Security TestingRead More >

Security testing is a type of software testing that identifies potential security risks and vulnerabilities in applications, systems and networks.

Shared Responsibility ModelRead More >

The Shared Responsibility Model dictates that a cloud provider must monitor and respond to security threats related to the cloud itself and its underlying infrastructure and end users are responsible for protecting data and other assets they store in any cloud environment.

Small Business Cybersecurity ChecklistRead More >

Our cybersecurity checklist will help SMBs uncover any risk areas & identify opportunities for improving the security of your operations.

Software Security: Definitions and GuidanceRead More >

Software security refers to a set of practices that developers incorporate into the software development life cycle and testing processes to ensure their digital solutions remain secure and are able to function in the event of a malicious attack.

Security as a Service (SECaaS)Read More >

Security as a service (SECaaS) is a comprehensive solution that helps an organization address any security issue without needing its own dedicated security staff.

SQL Injection (SQLi): How to Protect against SQL Injection AttacksRead More >

SQL injection (SQLi) is a cyberattack that injects malicious SQL code into an application, allowing the attacker to view or modify a database. Injection attacks, which include SQL injections, were the third most serious web application security risk in 2021.

SOA vs Microservices: What's the Difference?Read More >

As development teams require more flexibility, scalability and speed, traditional monolithic software development models have become largely obsolete. To meet the needs of the modern landscape, two options have emerged for effectively and efficiently building and running large-scale, complex applications: service oriented architecture (SOA) and microservices.

Shift Left Security ExplainedRead More >

Shift Left security embeds security into the earliest phases of the application development process. Vulnerable code is identified as it is developed rather than in the testing phase, which reduces costs and results in more secure apps.

T
Tabletop ExerciseRead More >

Tabletop exercises are a form of cyber defense training in which teams walk through simulated cyberattack scenarios in a structured, discussion-based setting.

The Basics of CI/CD SecurityRead More >

In this post, we’ll walk through the basics of CI/CD security — why it’s important, where the vulnerabilities are, and considerations for implementation.

The Impact of Machine Learning and AI in Identity SecurityRead More >

In the domain of identity security, AI presents a promising pathway forward. By harnessing AI-driven identity security solutions, organizations can strengthen their defenses against identity-based attacks.

The Role of AI in CybersecurityRead More >

Learn how cybersecurity tools integrate AI, the primary applications of AI, and the benefits of tools that integrate AI.

The Rise of Dark AIRead More >

Dark AI refers to the application of AI technologies — and notably, recent innovations in generative AI (GenAI) — for the purposes of accelerating or enabling cyberattacks.

The Fundamentals of Kubernetes SecurityRead More >

Kubernetes security is the application of techniques and processes to protect cloud-native applications running on Kubernetes (also known as K8s) from vulnerabilities or malicious actors.

The Fundamentals of AWS MigrationRead More >

An AWS migration is the strategic process of moving digital assets — such as applications, databases, and IT processes — from on-premises or other cloud services to Amazon Web Services (AWS).

Types of Social Engineering Attacks and how to prevent themRead More >

Explore ten of the most common types of social engineering attacks and how to prevent them.

Three Pillars of ObservabilityRead More >

The three pillars of observability are logs, metrics, and traces. These three data outputs provide different insights into the health and functions of systems in cloud and microservices environments.

The HIPAA Security RuleRead More >

The HIPAA Security Rule specifies security standards  for protecting individuals' electronic personal health information (ePHI) that is received, used, maintained, or transmitted by covered entities and their business associates.

Threat IntelligenceRead More >

Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor's motives, targets, and attack behaviors.

The Zeus Trojan Malware — Definition and PreventionRead More >

The two primary goals of the Zeus trojan horse virus are stealing people’s financial information and adding machines to a botnet.

Threat Intelligence PlatformsRead More >

A Threat Intelligence Platform automates the collection, aggregation, and reconciliation of external threat data, providing security teams with most recent threat insights to reduce threat risks relevant for their organization.

The Most Common Types of MalwareRead More >

While there are many different variations of malware, there are several types that you are more likely to encounter.

Threat ActorRead More >

A threat actor, also known as a malicious actor, is any person or organization that intentionally causes harm in the digital sphere.

Tips and Tools to Scale Your Cybersecurity ProgramRead More >

Get the 9 essential tips and tools that’ll help your organization scale its cybersecurity program.

Types of RansomwareRead More >

The most common types of ransomware are cryptoware, locker ransomware, scareware, leakware, and ransomware-as-a-service.

Types of Identity-Based AttacksRead More >

To better understand the identity threat landscape, let's explore seven common identity-based attacks and how they work: 

Threat Detection and Response (TDR)Read More >

Threat detection and response (TDR) refers to cybersecurity tools that identify threats by analyzing user behaviors.

Top AWS Misconfigurations and How to Avoid ThemRead More >

In this article, we’ll explore the most common sets of misconfigurations across the most common services, and give advice on how to stay safe and prevent potential breaches when making any modification to your infrastructure

Threat ModelRead More >

A threat model evaluates threats and risks to information systems, identifies the likelihood that each threat will succeed and assesses the organization's ability to respond to each identified threat.

Top Cloud VulnerabilitiesRead More >

As companies increase their use of cloud hosting for storage and computing, so increases the risk of attack on their cloud services. Companies must acknowledge this risk and defend their organization against potential cloud vulnerabilities.

U
User and Entity Behavior Analytics (UEBA)Read More >

User and entity behavior analytics (UEBA) systems monitor an organization’s network, using AI and machine learning (ML) to analyze suspicious activity related to user and endpoint behavior that could indicate a security threat.

Understanding Data GravityRead More >

Data gravity is a term that captures how large volumes of data attract applications, services, and even more data.

Understanding the Difference Between Spoofing vs PhishingRead More >

Spoofing attacks resemble identity theft while phishing attacks attempt to steal sensitive information.

V
Vulnerability AssessmentRead More >

Vulnerability assessment is the ongoing, regular process of defining, identifying, classifying and reporting cyber vulnerabilities across endpoints, workloads, and systems.

Vishing: Definition and PreventionRead More >

Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice messages pretending to be from a reputable organization to convince individuals to reveal private information such as bank details and passwords.

Vulnerability ManagementRead More >

Vulnerability management is the ongoing, regular process of identifying, assessing, reporting on, managing and remediating security risks to keep all systems and assets in a network protected.

Virtualization vs. Containerization: What’s the Difference?Read More >

Learn the differences between containers and virtual machines (VMs), compare and contrast them, and review some use cases showing where one or the other is preferable

VPC (Virtual Private Clouds)Read More >

A VPC is a single compartment within the entirety of the public cloud of a certain provider, essentially a deposit box inside the bank’s vault.

Vulnerability Management LifecycleRead More >

There are five main stages in the vulnerability management lifecycle include: Assess, Prioritize, Act, Reassess, Improve.

W
What is Passwordless Authentication?Read More >

What is AI Security?Read More >

Ensuring the security of your AI applications is essential for protecting your applications and processes against sophisticated cyber threats and safeguarding the privacy and integrity of your data.

What is DevSecOps? Key Benefits and Best PracticesRead More >

DevSecOps is a philosophical framework that combines aspects of software development, security, and operations into a cohesive whole. With DevSecOps, developers are more aware of and responsible for maintaining security best practices within their code. It also means operations and security teams implement tools and policies that provide regular security checks throughout the continuous integration/continuous delivery (CI/CD) pipeline.

What is DevOps? Key Practices and BenefitsRead More >

DevOps is a mindset and set of practices meant to effectively integrate development and operations into a cohesive whole in the modern product development life cycle. DevOps breaks down the divide between creating a product and maintaining it to allow for higher-paced service and application delivery.

What Is a Cloud Workload Protection Platform (CWPP)?Read More >

A cloud workload protection platform (CWPP) is a unified cloud security solution that offers continuous threat monitoring and detection for cloud workloads across different types of modern cloud environments.

What Is Managed SIEM?: Managed Detection and Response for SIEMRead More >

Managed SIEM gives you the functionalities of traditional SIEM but with the benefits of a managed service model. Along with the strengthened security posture that traditional SIEM affords your organization, you can offload the burden of managing complex SIEM technologies in-house.

What is Infrastructure as Code Security?Read More >

Infrastructure as code security is the practice of addressing security configuration issues in the IaC layer rather than scanning deployed cloud resources.

What Is IT Automation?Read More >

IT automation is the use of software to complete time-consuming, repetitive IT tasks without manual intervention.

What Is a Cloud-Native Application Protection Platform (CNAPP)?Read More >

A cloud-native application protection platform (CNAPP) is an all-in-one cloud-native software platform that simplifies monitoring, detecting, and acting on potential cloud security threats and vulnerabilities.

What is a Deepfake Attack?Read More >

Deepfakes are AI-generated forgeries — false images, audio, or video — that appear convincingly genuine.

What is a Large Language Model (LLM)?Read More >

Large Language Models (LLMs) are central to the advancement of Generative AI (GenAI) and are proficient in understanding and generating human language.

What Is Container Security?Read More >

Container Security is the continuous process of using security tools to protect containers from cyber threats and vulnerabilities throughout the CI/CD pipeline, deployment infrastructure, and the supply chain.

What Is Data Security Posture Management (DSPM)?Read More >

DSPM helps organizations manage their data across the cloud, monitor for risks, enforce security policies, and ensure regulatory compliance.

What are Indicators of Attack (IOAs)?Read More >

IOAs are telltale signs or activities that signal a potential cybersecurity threat or attack is in progress.

What is File Integrity Monitoring?Read More >

File integrity monitoring (FIM) is a security process that monitors and analyzes the integrity of critical assets, including file systems, directories, databases, network devices, the operating system (OS), OS components and software applications for signs of tampering or corruption, which may be an indication of a cyberattack.

What is CrowdStrike Counter Adversary Operations (CAO)?Read More >

Counter Adversary Operations unites intelligence and threat hunting teams to disrupt modern adversaries and raise their cost of doing business.

What is Data Leakage?Read More >

Data leakage refers to the unauthorized transfer of data from inside an organization to an external destination.

What is AI-Native XDR?Read More >

The synergy between XDR and AI introduces a powerhouse solution — AI-native XDR — that offers a myriad of benefits to organizations.

What is a Managed Service Provider (MSP)?Read More >

Managed service providers (MSPs) offer a wide range of IT and cybersecurity services to help organizations manage and optimize their technology infrastructure.

What are Managed Security Services (MSS)?Read More >

Managed security services (MSS) is an umbrella term used to describe any cybersecurity service or solution offered by a third-party provider or managed security service provider (MSSP).

What is Data Theft Prevention?Read More >

Understand data theft — what it is, how it works, and the extent of its impact and look into the principles and best practices for data theft prevention.

What is Automated Intelligence?Read More >

Learn more about how traditional defense measures have evolved to integrate automated systems that use AI/machine learning (ML) and data analytics and the role and benefits of automated intelligence as a part of a modern cybersecurity arsenal.

What is Threat Detection, Investigation, and Response (TDIR)?Read More >

Threat detection, investigation, and response (TDIR) is a cybersecurity process for finding, analyzing, and mitigating threats.

What is Multi-Cloud Management?Read More >

Maintaining consistent security across platforms is crucial in a multi-cloud environment. Learn more about challenges and best practices!

What is IT Asset Management (ITAM)?Read More >

IT asset management (ITAM) includes digital, cloud and hardware asset management and is a crucial discipline in cybersecurity.

What is AI-Native Cybersecurity?Read More >

AI-native cybersecurity uses cloud-native data platforms and cutting-edge AI to analyze datasets, identify patterns, and strengthen security posture.

What is Cybersecurity Transformation?Read More >

Cybersecurity transformation is the implementation of a comprehensive cybersecurity strategy that encompasses various components, including risk management, threat intelligence, security governance, incident response readiness, regulatory compliance, and more.

What are Wiper Attacks?Read More >

Wiper attacks are malware-based attacks designed to permanently delete or corrupt data on targeted systems.

What is a Security Operations Center (SOC) Framework?Read More >

A SOC framework acts like a blueprint, defining the systematic approach a SOC ought to employ as it detects, analyzes, and responds to cybersecurity threats.

What are Security Operations Center (SOC) Reports?Read More >

SOC reports distill complex security data into actionable intelligence, keeping you ahead of threats.

What is Data Loss Prevention (DLP)?Read More >

Data loss prevention (DLP) is a set of tools and procedures that forms part of a company’s overall security strategy and focuses on detecting and preventing the loss, leakage, or misuse of data through breaches, exfiltration transmissions, and unauthorized use.

What is Remote Monitoring and Management (RMM)?Read More >

Remote monitoring and management (RMM) is used by IT departments in many organizations to help oversee and administer IT systems from a remote location.

What is Network Security?Read More >

Network security refers to the tools, technologies and processes that protect an organization’s network and critical infrastructure from unauthorized use, cyberattacks, data loss and other security threats.

What is Spear-Phishing? Definition with ExamplesRead More >

Spear-phishing is a targeted attack that uses fraudulent emails, texts and phone calls in order to steal a specific person's sensitive information.

What is Mobile Malware?Read More >

Mobile malware is malicious software designed to target mobile devices. Click here to read about the different types and distribution methods.

What is a Whaling Attack? (Whaling Phishing)Read More >

A whaling attack is a social engineering attack against a specific executive or senior employee with the purpose of stealing money or information, or gaining access to the person’s computer in order to execute further attacks.

What is Endpoint Detection and Response (EDR)?Read More >

Endpoint Detection and Response (EDR), also referred to as endpoint detection and threat response (EDTR), is an endpoint security solution that continuously monitors endpoint devices to detect and mitigate cyber threats.

What is Active Directory Federation Services (AD FS)Read More >

Active Directory Federation Services (AD FS) is a single sign on (SSO) feature developed by Microsoft that provides authenticated access to any domain, device, web application or system within the organization’s active directory (AD).

What is Data Protection?Read More >

Data protection is a process that involves the policies, procedures and technologies used to secure data from unauthorized access, alteration or destruction.

What Is Cloud Sprawl?Read More >

Cloud sprawl is the uncontrolled proliferation of an organization's cloud services, instances, and resources. It is the unintended but often encountered byproduct of the rapid growth of an organization’s cloud services and resources.

What is TrickBot Malware?Read More >

TrickBot malware is a banking Trojan released in 2016 that has since evolved into a modular, multi-phase malware capable of a wide variety of illicit operations.

What Is a Supply Chain Attack?Read More >

A supply chain attack is a type of cyberattack that targets a trusted third party vendor who offers services or software vital to the supply chain.

What is Data Security?Read More >

Data security is the practice of protecting digital data from unauthorized access, use or disclosure in a manner consistent with an organization’s risk strategy.

What is Cybersecurity Sandboxing?Read More >

Cybersecurity sandboxing is the use of an isolated, safe space to study potentially harmful code. This practice is an essential tool for security-conscious enterprises and is instrumental in preventing the spread of malicious software across a network.

What Is Security Information and Event Management (SIEM)?Read More >

Security information and event management (SIEM) is a set of tools and services that combine security events management (SEM) and security information management (SIM) capabilities that helps organizations recognize potential security threats and vulnerabilities before business disruptions occur.

What is AI-Powered Behavioral Analysis in CybersecurityRead More >

AI-powered behavioral analysis leverages artificial intelligence to learn and predict adversarial behavior patterns.

What is Security Posture?Read More >

An organization’s security posture is a holistic snapshot of their security strengths and vulnerabilities across hardware, software, data, and user behavior.

What is the Software Development Lifecycle (SDLC) - CrowdStrikeRead More >

The software development life cycle (SDLC) outlines the stages involved in building software applications, from inception to retirement.

What Are Command and Control (C&C) Attacks?Read More >

C&C (also known as C2) is a method that cybercriminals use to communicate with compromised devices within a target company’s network.

What Is Cyber Resilience?Read More >

Cyber resilience is the concept that describes an organization’s ability to minimize the impact of an adverse cyber event and restore their operational systems to maintain business continuity.

What Is Credential Harvesting?Read More >

Credential harvesting is a cyberattack technique where cybercriminals gather user credentials — such as user IDs, email addresses, passwords, and other login information — en masse.

What is Cybersecurity Platform Consolidation?Read More >

Cybersecurity platform consolidation is the strategic integration of diverse security tools into a single, cohesive system.

What is The Principle of Least Privilege (POLP)?Read More >

The principle of least privilege (POLP) is a computer security concept and practice that gives users limited access rights based on the tasks necessary to their job.

What are Honeytokens?Read More >

Honeytokens are digital resources that are purposely designed to be attractive to an attacker, but signify unauthorized use.

What Is Social Engineering?Read More >

Social engineering is an umbrella term that describes a variety of cyberattacks that use psychological tactics to manipulate people into taking a desired action, like giving up confidential information.

What is Container-as-a-Service (CaaS)?Read More >

This guide will explore containerization's key role in modern application development and deployment. It will also discuss how containers as a service (CaaS) fits into the broader cloud service landscape, helping you stay ahead of the curve in this ever-evolving field.

What is Adware and How To Remove ItRead More >

Adware — or advertising-supported software — is automated, unwanted software designed to monitor online user behavior and bombard them with targeted advertisements, banners and pop-ups.

What is a Threat Intelligence Feed?Read More >

A threat intelligence feed is a real-time, continuous data stream that gathers information related to cyber risks or threats.

What Is SEO Poisoning?Read More >

SEO poisoning is a technique used by threat actors to increase the prominence of their malicious websites, making them look more authentic to consumers.

What is XDR?Read More >

XDR (extended detection and response) collects and correlates data from endpoints, cloud workloads, networks and email, analyzes and prioritizes them, and delivers them to security teams in a normalized format through a single console.

What is Cyber Threat Hunting?Read More >

Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses.

What Is Multi-Cloud?Read More >

Multi-cloud is when an organization leverages multiple public cloud services. These commonly consist of compute and storage solutions, but there are numerous options from various platforms to build your infrastructure.

What is Malware?Read More >

Malware (malicious software) is an umbrella term used to describe a program or code created to harm a computer, network, or server. Cybercriminals develop malware to infiltrate a computer system discreetly to breach or destroy sensitive data and computer systems.

What is SecOps?Read More >

SecOps is an approach that combines the processes, tools, and highly skilled staff from both security and IT departments into a single, unified team.

What Is Role-Based Access Control (RBAC)?Read More >

Role-based access control is a mechanism where you allow users to access certain resources based on permissions defined for the roles they are assigned to.

What Is Cloud Monitoring?Read More >

Cloud monitoring is the practice of measuring, evaluating, monitoring, and managing workloads inside cloud tenancies against specific metrics and thresholds. It can use either manual or automated tools to verify the cloud is fully available and operating properly.

What are Downgrade Attacks?Read More >

In a downgrade attack, an attacker forces the target system to switch to a low-quality, less secure mode of operation.

What Is Business Email Compromise (BEC)?Read More >

Business email compromise (BEC) is a cyberattack technique whereby adversaries assume the digital identity of a trusted persona in an attempt to trick employees or customers into taking a desired action, such as making a payment or purchase, sharing data or divulging sensitive information.

What Is Security Automation? Types, Benefits & Best PracticesRead More >

Security automation is the practice of using technology to perform recurring IT security tasks, such as endpoint scanning and incident response, with limited human intervention.

What is Cyber Espionage?Read More >

Cyber espionage, or cyber spying, is a type of cyberattack in which an unauthorized user attempts to access sensitive or classified data or intellectual property (IP) for economic gain, competitive advantage or political reasons.

What AreLiving off the Land (LOTL) Attacks?Read More >

Living off the land (LOTL) is a fileless malware cyberattack technique where the cybercriminal uses native, legitimate tools within the victim’s system to sustain and advance an attack.

What is DevOps Monitoring?Read More >

DevOps monitoring is the practice of tracking and measuring the performance and health of systems and applications in order to identify and correct issues early.

What is Ransomware?Read More >

Ransomware is a type of malware that encrypts a victim’s data until a payment is made to the attacker. If the payment is made, the victim receives a decryption key to restore access to their files. If the ransom payment is not made, the malicious actor publishes the data on data leak sites (DLS) or blocks access to the files in perpetuity.

What Is Cybersecurity? Definition, Types, Tips, and MoreRead More >

Cybersecurity is the act of defending digital assets, including networks, systems, computers and data, from cyberattacks.

What Is Cybersecurity? Definition, Types, Tips, and MoreRead More >

Cybersecurity is the act of defending digital assets, including networks, systems, computers and data, from cyberattacks.

What is a Hypervisor (VMM)?Read More >

A hypervisor, or virtual machine monitor (VMM), is virtualization software that creates and manages multiple virtual machines (VMs) from a single physical host machine.

What Is Infrastructure Monitoring?Read More >

Infrastructure Monitoring allows teams to collect operational and performance data from their systems to diagnose, fix, and improve them.

What Is Network Monitoring?Read More >

Network monitoring is an IT process that continuously monitors and evaluates a computer network and its assets.

What is an Event Log?Read More >

An event is any significant action or occurence that's recognized by a software system and is then recorded in a special file called the event log.

What is Logging as a Service (LaaS)?Read More >

Logging as a service (LaaS) is a solution that centralizes the collection, analysis, monitoring and management of logs. In this article, you’ll learn what LaaS is and why it's important. You’ll also discover the differences between LaaS and traditional log monitoring solutions, and how to choose a LaaS provider.

What Is Log Rotation?Read More >

Learn about the basics of log rotation—why it’s important, and what you can do with your older log files.

What is Log Aggregation?Read More >

Log aggregation is the mechanism for capturing, normalizing, and consolidating logs from different sources to a centralized platform for correlating and analyzing the data.

What is Log Management? The Importance of logging and best practicesRead More >

Log management is the practice of continuously gathering, storing, processing, synthesizing and analyzing data from disparate programs and applications.

What is Log Parsing?Read More >

Log parsing is the process of converting log data into a common format to make them machine-readable.

What is Continuous Monitoring?Read More >

Continuous monitoring is an approach where an organization constantly monitors its IT systems and networks to detect security threats, performance issues, or non-compliance problems in an automated manner.

Web Server LogsRead More >

A web server log is a text document that contains a record of all activity related to a specific web server over a defined period of time.

What is Data Logging?Read More >

Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and help predict future events.

What is Detection Engineering?Read More >

Detection engineering is the process of identifying threats before they can do significant damage.

What Is CVE? Common Vulnerabilities & ExposuresRead More >

Common Vulnerabilities and Exposures (CVEs) is a framework and international effort to maintain updated registry of all known computer security vulnerabilities and exposures.

What Does Ransomware Allow Hackers to Do?Read More >

In a ransomware attack, hackers use malware to encrypt, delete or manipulate data, intellectual property or personal information. This allows attackers to hold the information, device or system digitally hostage until the victim meets the cybercriminal’s ransom demands, which usually involve secure, untraceable payment.

What is Domain Spoofing?Read More >

Domain spoofing is a form of phishing where an attacker impersonates a known business or person with fake website or email domain to fool people into the trusting them.

What is Malvertising?Read More >

Malvertising is a relatively new cyberattack technique that injects malicious code within digital ads.

What is the Cyber Kill Chain? Process & ModelRead More >

The cyber kill chain is an adaptation of the military’s kill chain, which is a step-by-step approach that identifies and stops enemy activity.

What is Cloud Encryption?Read More >

Cloud encryption is the process of transforming data from its original plain text format to an unreadable format before it is transferred to and stored in the cloud.

What is BYOD (Bring-Your-Own-Device)?Read More >

Bring Your Own Device (BYOD) refers to a business policy that allows employees to use personally owned devices for work purposes. Common personal devices include smartphones, laptops, tablets, and flash drives.

What Is Real User Monitoring (RUM)?Read More >

Real User Monitoring (RUM) monitors application performance by capturing every user interaction on a website or mobile application. In this article, we’ll learn about RUM and why businesses need it. We’ll consider its benefits and how you can choose a RUM solution for your business.

What is Cryptojacking?Read More >

Cryptojacking is the unauthorized use of a person's or organization's computing resources to mine cryptocurrency.

What Is Platform as a Service (PaaS)?Read More >

Platform as a Service (PaaS) is a cloud computing model in which a third-party cloud provider maintains an environment for customers on a pay-as-you-go basis to build, develop, run and manage their own applications.

What is Scareware?Read More >

Scareware is a type of malware attack that claims to have detected a virus or other issue on a device and directs the user to download or buy malicious software to resolve the problem.

What is an Application Log?Read More >

Software applications generate logs when something occurs within (or affects) the application. IT teams typically use application log data to investigate outages, troubleshoot bugs, or analyze security incidents.

What is Internet of Things (IoT) Security?Read More >

IoT security focuses on protecting, monitoring and remediating threats related to the Internet of Things (IoT) — the network of connected devices equipped to gather, store and share data via the internet. 

What is Cloud Analytics?Read More >

Cloud analytics is an umbrella term encompassing data analytics operations that are carried out on a cloud platform to produce actionable business insights.

What is The Dark Web?Read More >

The dark web is the part of the internet where users can access unindexed web content anonymously through special web browsers like TOR.

What is Centralized Logging?Read More >

Centralized logging is the process of collecting logs from networks, infrastructure, and applications into a single location for storage and analysis.

What is Spyware?Read More >

Spyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent.

What is Software as a Service (SaaS)?Read More >

Software as a Service (SaaS) is a cloud-based software delivery model that allows users to access applications through an internet-connected device rather than requiring an upfront purchase and installation of physical software.

What is a Spoofing Attack?Read More >

Spoofing is when a cybercriminal disguises communication or activity from a malicious source and presents it as a familiar or trusted source.

What is a SOC-as-a-Service?Read More >

SOC-as-a-Service (SOCaaS) is a security model wherein a third-party vendor operates and maintains a fully-managed SOC on a subscription basis via the cloud.

What is a Cyberattack?Read More >

A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.

What is Pretexting?Read More >

Pretexting is a form of social engineering in which an attacker gets access to information, a system or a service through deceptive means. The attacker will present a false scenario — or pretext — to gain the victim’s trust and may pretend to be an experienced investor, HR representative, IT specialist or other seemingly legitimate source.

What is a Polymorphic Virus? Detection and Best PracticesRead More >

A polymorphic virus, sometimes referred to as a metamorphic virus, is a type of malware that is programmed to repeatedly mutate its appearance or signature files through new decryption routines.

What is Open XDR?Read More >

Open XDR is a type of extended detection and response (XDR) security solution or platform that supports third-party integrations to collect specific forms of telemetry to enable threat detection, hunting and investigation across the different data sources and execute response actions.

Web Application Firewall (WAF)Read More >

A Web Application Firewall (WAF) is a security device designed to protect organizations at the application level by filtering, monitoring and analyzing HTTP and HTTPS traffic between the web application and the internet.

What is a Trojan Horse?Read More >

A Trojan Horse (Trojan) is a type of malware that disguises itself as legitimate code. Attackers can export files, modify data, and delete files on your device.

What is a Zero-Day Exploit?Read More >

A Zero-Day Exploit is the technique or attack a malicious actor deploys to leverage an unknown security vulnerability to gain access into a system.

What's the Difference Between Spear Phishing vs. Phishing?Read More >

Spear phishing is a targeted attack on a specific person or organization, whereas general phishing campaigns are sent to a large volume of people. 

What is Backporting?Read More >

Backporting is when a software patch or update is taken from a recent software version and applied to an older version of the same software.

What is an Attack Surface?Read More >

An attack surface is the sum of all possible security risk exposures in an organization’s software environment.

What is a Security Operations Center (SOC) ?Read More >

A security operations center, or SOC, is a central location where security experts monitor, detect, analyze, respond to, and report security incidents.

What is Defense in Depth?Read More >

Defense in depth provides intensive security measures using a layered approach to protect your company from cyberattacks.

What is a Man in the Middle (MITM) Attack?Read More >

A man-in-the-middle attack is a type of cyberattack in which an attacker eavesdrops on a conversation between two targets.

What is an Endpoint?Read More >

An endpoint is any device that can be connected to a network. Common examples of endpoints include computers, laptops, mobile phones, tablets and servers.

What is a Botnet?Read More >

A botnet is a network of computers infected with malware that are controlled by a bot herder.

What Is Endpoint Management?Read More >

Endpoint management is an IT and cybersecurity process that consists of two main tasks: evaluating, assigning and overseeing the access rights of all endpoints; and applying security policies and tools that will reduce the risk of an attack or prevent such events.

What is IT Security?Read More >

IT security is the overarching term used to describe the collective strategies, methods, solutions and tools used to protect the confidentiality, integrity and availability of the organization’s data and digital assets.

X
XDR vs SIEM vs SOARRead More >

XDR, SIEM, and SOAR address similar use cases but take fundamentally different approaches. Learn how they relate and how they differ.

Z
ZeroSecurityRead More >

Identity protection, also known as identity security, is a comprehensive solution that protects all types of identities within the enterprise

Zero Trust Network Access (ZTNA)Read More >

Zero Trust network access (ZTNA) is an IT technology solution that requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Zero Trust ArchitectureRead More >

A Zero Trust Architecture refers to the way network devices and services are structured to enable a Zero Trust security model.

Zero Trust Security Explained: Principles of the Zero Trust ModelRead More >

Zero Trust is a security concept that requires all users to be authenticated and authorized before being granted access to applications and data.

Zero Trust vs. SASERead More >

We will take a closer look at Zero Trust and SASE and answer some common questions that organizations have when incorporating these into their overarching cybersecurity framework.