Microsoft’s Active Directory (AD) technology is used to manage computers and other networked devices. The primary purpose of AD is to give administrators the ability to manage permissions and restrict access to network resources. Users, groups, apps, and devices are a few examples of the objects that make up AD’s data storage. These objects are categorised based on their names and other characteristics.
An Active Directory bridge is a device that enables companies to keep utilising Microsoft AD as their primary source of identity while extending it to protocols, systems, and applications that Active Directory does not manage natively. A cloud identity bridge or an Active Directory extension are the other names for this kind of system.
Microsoft’s Active Directory (AD) technology is used to manage computers and other network devices. It is a fundamental component of the Windows Server, an operating system used to power both local and remote servers. It is important for businesses to secure AD for it provides access to systems, applications and resources.
Advanced Persistent Threats (APTs) are sophisticated and continuous cyberattacks. In an APT, threat actors remain inside a network undetected for a longer period of time. The stages of an APT are infiltration, lateral movement, privilege escalation and exfiltration.
Application Password Management is the method of controlling & storing application credentials securely. This approach avoids the manual burden of managing application passwords and accepting credential requests. It typically occurs autonomously.
It is the number of possible ways or vulnerabilities that a hacker can exploit to access a system or extract sensitive data. Human risks, unpatched systems and network vulnerabilities are some of the factors that can increase the attack surface.
Authentication, Authorization and Accounting (AAA) is a cyber security framework that defines access to network resources. This framework helps in effective network management and security for organizations.
A botnet is a network of malware-infected computers that are controlled by a remote attacker. Each infected computer is called a bot. A hacker can use a botnet to launch sophisticated DDoS attacks, email spamming and data exfiltration.
In brute forcing attacks, hackers try to crack a user’s password by continuously guessing all possible keys..
CIA Triad is a model that forms the basis of Information Security. The letters in “CIA” stand for Confidentiality, Integrity and Availability. It is used to design data governance policies.
Defence in Depth is a cybersecurity strategy involving the usage of multiple security mechanisms to protect business-critical data. During a cyber-attack, when one of the security mechanisms fails to stop the threat, another mechanism steps up to action immediately. This approach is also known as a “Castle Approach” because it resembles the layered security defences used in medieval castles. Firewalls, malware scanners, intrusion detection systems and data encryption and integrity auditing solutions are a few security mechanisms used in this strategy.
Denial of Service (DoS) attacks interrupt the normal functioning of an online service or a website by overwhelming servers with numerous requests. The attack floods the victim with malicious traffic from a single device. Examples of DoS include teardrop and IP fragmentation attacks.
A Distributed Denial of Service (DDoS) attack prevents the normal functioning of an online service or a website by sending numerous requests. The attack floods the victim with malicious traffic from compromised devices, spread globally. DDoS attacks can be categorised into volume-based attacks, application layer attacks, and protocol attacks.
An endpoint is any physical or virtual device that connects the corporate environment. Endpoint Security involves securing endpoints and entry points of end users from being exploited by malicious attacks.
FIM refers to monitoring and checking operating systems, databases, and application files to verify whether they are corrupted or not. It verifies and validates a file by comparing it to the latest versions. The FIM alerts as soon as there is any alteration in the file and ensures further investigation.
Hardcoded passwords are nothing but plain text passwords in a source code. They can be found in various appliances, including medical and IoT devices. Developers find it easy for product access using these passwords. Also, hardcoded passwords can help to prevent regular users from tampering with the product’s code.
Identity and Access Management (IAM) is an IT security framework for managing the digital identities of enterprise users. It’s a process of securing and authenticating identities with cybersecurity strategies and tools.
Identity as a Service (IDaaS) is a cloud-based Identity and Access Management solution that allows enterprise users to access information on on-premise and off-premise cloud platforms. IDaaS solutions help businesses with digital transformation initiatives and better user experience. In addition, the solutions also help enterprises secure user access by eliminating risky password management practices and reducing vulnerabilities.
Identity Governance and Administration (IGA) helps in robust enablement and security of digital identities belonging to all users, applications and data. IGA is also known as Identity Security. It helps businesses reduce operational costs with automation, provides centralised visibility about “who has access to what”, and verifies whether the company has the proper controls to meet compliance requirements.
Identity Lifecycle Management (ILM) manages the digital identities from creation until deletion. According to International Information System Security Certification Consortium ((ISC)²), ILM involves Provisioning, Deprovisioning, Defining New Roes, Account Maintenance and Review.
ILM and PAM go hand in hand. Identity lifecycle management can boost an organization’s productivity and security. By controlling who has access to what and for how long, one can implement the principle of least privilege, i.e. no one has more rights than they need to do their job.
Indicators of Compromise (IoCs) are the traces of objects or activities on a network that indicate the probability of an intrusion. IoCs are crucial in identifying malicious activity and preventing known digital forensics threats.
IoT refers to a series of devices that are connected to the internet. The devices vary from home appliances to industrial machinery. Securing connected devices from cyber risks such as DDoS attacks is a major concern surrounding IoT.
It is the method of provisioning temporary, on-demand elevated access to users. JIT is a part of the Zero Trust security model.
Kerberos Protocol is an authentication method for authorizing service requests between multiple trusted hosts and the internet. It uses Symmetric Key Cryptography and a Key Distribution Center (KDC) to authenticate users.
Lateral movement is the process in which a hacker moves inside organizational networks from the initial point of intrusion. Typically, cyber attackers move laterally inside networks to escalate privileges illegitimately and maximize disruption. Attack types such as ransomware, botnet and espionage rely on this technique.
Multi-Factor Authentication (MFA) is an authentication mechanism where users are required to provide two or more identification factors to access applications, databases, and endpoints. The identification factors can be passwords, fingerprints, and (or) retinal scans.
In password guessing attacks, hackers try to crack a user’s password by continuously guessing all possible keys. Examples include brute forcing, key logging and dictionary attacks.
Network security involves organizations taking measures to protect the confidentiality, integrity, and availability of sensitive information from cyber attacks. Examples include Privileged Access Management, cloud security and anti-virus protection.
Accounts without an associated or active user are called Orphaned Accounts. For example, when an employee leaves an organization, their user account can become an orphaned account. Companies often have a process for deactivating user accounts once they are no longer needed.
Pass the Hash is a type of cybersecurity attack where a hacker steals hashed user passwords from a network. The attack does not need the hacker to guess the hashed password; instead, it uses the password to launch a new user session in the same network.
A password is a word, phrase, or string of characters that helps to differentiate an authorized user from an unauthorized user before providing access to a resource. Users are required to follow a few best practices while coming up with the passwords, such as using upper and lower case letters, special characters and numbers etc.
It is a technique of encrypting and storing user passwords in secure digital locations called password vaults. When users want to access their entitlements, the vault automatically retrieves passwords in unencrypted format.
Penetration testing or pen testing is a form of security exercise where a simulated cyberattack is performed on an organization’s networks. It helps to find vulnerabilities that hackers can exploit to infiltrate enterprise networks.
Phishing is a form of social engineering attack. It involves hackers masquerading as trusted entities and tricking users into clicking on a malicious link, which can lead to malware installation. There are various phishing attacks, such as spear phishing, email phishing and vishing.
Principle of Least Privilege (POLP) is a cyber security concept for limiting user access to privileged accounts. With POLP in place, users get minimal privilege rights that are required to do their jobs.
Privileged Access Management (PAM) is leveraging cybersecurity strategies and tools to manage and secure enterprise privileged identities. It is a subset of Identity and Access Management (IAM), which involves the management and security of enterprise identities. Password management, multifactor authentication and remote access security are some of the use cases of PAM.
Ransomware is a malware (malicious software) variant that locks sensitive data, thereby making it inaccessible to victims. It then threatens the victims to publish the data until a ransom is paid. Encryptors and Screen Lockers are two popular types of ransomware.
Secrets management refers to processes and solutions for storing and managing an organization’s secrets. This includes sensitive passwords, keys, APIs, tokens, and certificates. These secrets access applications or services within an organization’s IT system, and their security is crucial for better data and network security.
Secure Socket Shell or Secure Shell is a network protocol that provides a secured connection between a trusted user and a remote computer connected over the internet. SSH keys (a pair of public and private keys) are used to encrypt the client-server communication channel. The protocol uses standard robust encryption and hash algorithms to ensure data encryption and integrity.
Superuser accounts are used by IT employees. These accounts posses higher privileges and are used primarily for administration.
The proactive search of gaps and vulnerabilities in an organization’s networks is called threat hunting. It helps to identify and mitigate gaps before threat actors can exploit them.
The path through which a cyber attacker gains access to critical data and infrastructure of an organization. Threat Vectors include web-based applications, networks, emails and human and non-human users.
VPN is the acronym for Virtual Private Network. A VPN lets the network traffic pass through a secured remote server run by a VPN host. It encrypts IP addresses and protocols for better security on the internet.
A vulnerability assessment involves identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the IT ecosystem. It evaluates the gaps and vulnerabilities in organizational networks, assigns severity levels and recommends remediation measures.
Zero Trust is a network cybersecurity method that assumes data breaches are perpetrated by untrusted sources inside and outside an enterprise. Zero trust involves constant verification of the identity and trustworthiness of every user, device, and application within a network. The framework negates the assumption that users, devices, and applications are trustworthy just because they’ve been verified as secure and granted network access in the past.