Glossary

Definitions for those new to cyber security

GLOSSARY
In the context of cybersecurity testing, red teams play the role of attackers, and blue teams act as defenders. A purple team falls somewhere in between, often performing both roles. Purple teams can also be inserted into red/blue testing engagements to help evaluate the testing protocol and ensure that red and blue teams communicate and collaborate effectively.
During cyber security testing engagements, blue teams evaluate organizational security environments and defend these environments from red teams. These red teams play the role of attackers by identifying security vulnerabilities and launching attacks within a controlled environment. Both teams combine to help illuminate the true state of an organization’s security.
Red teams are “ethical hackers” who help test an organization’s defenses by identifying vulnerabilities and launching attacks in a controlled environment. Red teams are opposed by defenders called blue teams, and both parties work together to provide a comprehensive picture of organizational security readiness.
Red teams are “ethical hackers” who help test an organization’s defenses by identifying vulnerabilities and launching attacks in a controlled environment. Red teams are opposed by defenders called blue teams, and both parties work together to provide a comprehensive picture of organizational security readiness.
Organizations rely on a process called “vulnerability management” to help identify, analyze, treat and report on security vulnerabilities within their systems and applications. This process, when combined with other cornerstone strategies and techniques, helps set the foundation for a strong security posture through threat prioritization and attack surface reduction.
Most of today’s enterprises layer dozens of security tools together to maintain a robust security posture. Yet “more is better” doesn’t always apply in this situation, as organizations often have poor visibility into how each product performs or the problems that sometimes arise due to their interaction. To accurately assess how security controls are performing individually and collectively, it’s essential to perform high-level security control validation.
Penetration testing is a technique used to identify security vulnerabilities within a system, network or application that could be exploited by attackers. Penetration testing may be conducted by manual testers who employ a variety of techniques and strategies or via penetration-testing tools and advanced, automated breach and attack simulations.
Created by MITRE Cyber Security in 2013, the MITRE ATT&CK Framework is a detailed knowledge base that documents the tactics and techniques used by attackers based on evolving, real world observation. By providing an up-to-date compendium of attacker behavior, the MITRE ATT&CK Framework has become an invaluable tool for organizations seeking to bolster their cyber defenses.
Cyber attack modeling is an approximation of adversarial threats against a computer system. Cyber attack models are created to identify and simulate attacks against security environments, using likely adversary techniques and attack paths. By modeling attacks, defenders better understand the behavior, tactics and objectives of adversaries and can take steps to remediate any vulnerabilities within their environments
Cloud Security Posture Management is defined by Gartner as “a continuous process of cloud security improvement and adaptation to reduce the likelihood of a successful attack.” Today’s Cloud Security Posture Management tools have use cases within DevOps Integrations, compliance management, risk assessment, incident response, incident visualization etc. These tools help organizations assess risk, limit misconfigurations and ensure that their existing cloud environments align with best practices within the field of cloud security.