Cybersecurity Slang – Key Terms for talking the talk
If you’re not in the cybersecurity trenches daily, it can be tough to get a clear understanding of many popular terms used by the professionals testing your organization’s network.
To lend you a hand, we’ve compiled a list of some terms you can expect to see regularly (especially if you work with us). We’ll keep this list updated regularly. And, if you don’t see a term you’ve heard just send us a note. We’ll be sure to add it.
Cybersecurity terms
denotes Sprocket’s most used terms.
Assumed breach
A security model rooted in the core belief that attacks will happen and attempted breaches are inevitable. This strategic approach will result in an organization taking proactive measures to continually protect their network against an assumed inevitability.
Automated penetration testing
Err, a marketing term we despise! This is an attempt to use software to replace a traditional penetration testing. It will lack the human-driven aspect of decision making that often finds business logic vulnerabilities and doesn't effectively show impact. If someone claims they have an automated penetration testing solution, that means they haven't been in the business long enough to know this isn't a replacement for humans.
Attack surface
An organization’s sum of points on the internet that hackers can exploit to gain access to a network. Examples include websites, network services, login pages, employee email, an organization’s social media accounts, chat services (Slack), etc.
Attack vector
Any means a hacker uses to gain access to a network. Examples include email attachments, websites, chat solutions and third-party service providers.
Blue team
A security team specially trained to defend against attackers and red teams. Their focus should be solely on defending against attacks, without the distraction of other IT responsibilities.
Breach and attack simulation
Simulations that mimic real-world attacks to ID network vulnerabilities. A BAS can be automated and/or human-driven. The goal is to expose weaknesses in a security program.
Continuous Penetration Testing (CPT)
Ongoing monitoring, testing and remediation of vulnerabilities that can leave an organization’s network exposed to cyberattacks. CPT blends machine and human testing to ensure all aspects of a network security program are working as they should year round. This differs from traditional penetration testing, which often is only performed annually.
Continuous attack surface monitoring
Real-time monitoring for vulnerabilities – new and existing – that could allow hackers to break into your network. Often a blend of machine and human monitoring.
Continuous attack surface discovery
The process of uncovering all potential points on the internet where an attacker could potentially break into an organization’s network. This process begins with an audit of all known surfaces and continues to evolve over time as new software and potential attack surfaces (emerging social media networks, chat solutions, etc.) are introduced.
Continuous attack surface testing
An element of Continuous Penetration Testing, this entails real-time, ongoing simulated attacks against an organization’s attack surface. Along with testing against new vulnerabilities, it often includes social engineering tactics designed to expose poor cyber hygiene among employees.
Exposure time
The amount of time a vulnerability was present within an organization’s network prior to discovery. During this time, an attacker could gain access to an organization’s system. The longer the exposure time, the more likely an attacker will take advantage of a vulnerability and have access to the network.
IT changes
Any changes in an organization’s information technology (IT) structure and approach that could create or expose new vulnerabilities. Example: Adding new third-party software previously not used.
Purple team
Like it sounds, this team is a blend of red and blue teams. The goal is to make sure defensive tactics of a blue team and vulnerabilities discovered by the red team work in concert to deliver the best results for an organization.
Real-world threats
Any network vulnerability or cyberattack that is credible and puts an organization’s network at risk. Often, these evolve and change frequently and rapidly as attackers look for new ways to gain access.
Red team
A team of professional security testers that focuses on testing the effectiveness of an organization’s IT security program. They will use or emulate tools and techniques likely used by real-world hackers. Similar to penetration testing.
Remediation
The implementation of a security solution that defends an organization’s network from a known or discovered vulnerability.
Remediation velocity
How quickly a network vulnerability is addressed and secured to prevent a hacker from exposing the weakness. Often, vulnerabilities will be prioritized based on time to fix and potential risk.
Security posture
An organization’s overall cybersecurity strength. Based on how well its security program can prevent and respond to cyberthreats.
Sprocket Security
Sprocket Security is made of an expert team providing continuous penetration testing, among additional cybersecurity solutions for businesses who want to operate preventively, stopping exploits before they happen. Contact us today!
Further Reading
Explore Latest Content.
7-Stage Vulnerability Management Process and How to Make It Great
Penetration testing is a simulated cyber-attack against a computer system, network, or application to evaluate its security posture. read more →
Read moreContinuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations
