Cybersecurity Glossary

An advanced persistent threat is an attack in which an unauthorized user gains access to a system or network without detection.

RBI es una aplicación que ejecuta contenido dinámico en un navegador remoto en la nube para proteger el dispositivo del usuario.

Anti-virus software is a type of program designed to detect, prevent, and remove malicious software from computer systems.

Authentication is the process of verifying the identity of a user, device, or entity before granting access to a system, application, or network.

A backdoor is a hidden method of bypassing security to gain access to a restricted part of a computer system.

A botnet is a network of compromised computers or devices (referred to as "bots") that are controlled remotely by a cybercriminal.

BYOD policies and tools allow users to safely access company systems and data from their personal devices.

A brute force attack is an activity that involves repetitive, successive attempts to break into any website using various password combinations.

CASB is a service that ensures access to cloud apps and monitors unsanctioned activities.

La confianza cero es un enfoque que elimina la confianza implícita y valida continuamente cada transacción.

CSP is a framework that protects against code injection attacks and other malicious content on trusted web pages.

A data breach is when a hacker successfully breaks into a system, gains control of its network, and exposes its data.

DLP is an application that monitors and restricts the sharing of sensitive information to prevent data breaches.

Deepfake refers to any video in which faces have been either swapped or digitally altered, with the help of AI.

A DDoS attack is when a perpetrator seeks to make a machine or network resource unavailable to its intended users by disrupting the services of a host connected to a network.

Encryption is the method by which information is converted into secret code that hides the information's true meaning.

EDR is an application or service that continuously monitors device health and responds to cyber threats on distributed devices.

An ethical hacker is invited to test out computer systems and servers, look for vulnerabilities, and inform the host of where security needs to be buffed up.

Un explotar es un medio de ataque a un sistema informático, ya sea una serie de comandos, software malintencionado o un fragmento de datos infectados.

FedRAMP is a federal mandate that provides a standardized approach to security assessment and authorization for cloud products and services.

Un firewall monitorea el tráfico de la red y decide si lo permite o lo bloquea en función de un conjunto definido de reglas de seguridad.

FWaaS provides firewall capabilities as a cloud service to monitor and block malicious traffic.

La gestión de la superficie de ataque es el proceso continuo de descubrir, supervisar, analizar y mitigar los posibles vectores de ataque en el entorno digital de una organización.

Threats that use sophisticated techniques to evade multiple detection layers.

HTML Smuggling uses legitimate browser features to sneak malicious content past traditional security measures.

A honeypot is a decoy system or network that serves to attract potential attackers.

Information sharing and analysis centers (ISACs) are collaborative organizations that facilitate the exchange of cyberthreat intelligence among industry members.

Un lago de datos de seguridad es un repositorio centralizado que almacena, procesa y protege grandes cantidades de datos relacionados con la seguridad en su forma original.

LURE is a type of cyberattack that exploits previously safe websites that have been compromised.

El malware es cualquier software diseñado intencionalmente para causar interrupciones en una computadora, servidor, cliente o red informática, filtrar información privada, obtener acceso no autorizado a información o sistemas, privar el acceso a la información o interferir sin saberlo con la seguridad y privacidad de la computadora del usuario.

A MitB attack is a proxy trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions

A MitM attack is an attack on the “middleman” - the Wi-Fi system that connects users to the Internet.

MFA is a technique that uses multiple methods to verify the identity of someone trying to access the network.

Pen testing is an approach to security evaluation where manual exploitations and automated techniques are used by attack and security professionals.

Los ataques de suplantación de identidad engañan a las víctimas para que revelen información confidencial haciéndose pasar por entidades confiables.

La protección contra riesgos digitales (DRP) comprende tanto el enfoque estratégico como las tecnologías implementadas para identificar, evaluar y mitigar los riesgos asociados con los activos y actividades digitales.

Qakbot is a type of banking malware that steals banking credentials and financial data.

Ransomware is a type of malware that locks access to files and is followed by a ransom demand to release them.

SD-WAN is a service that optimizes traffic routes between locations across any network architecture.

SIEM es una tecnología de ciberseguridad que agrega y analiza datos de registro de varias fuentes dentro de la infraestructura de TI de una organización, lo que ayuda a identificar, monitorear y responder a posibles incidentes de seguridad.

SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.

Los equipos de SOC investigan las posibles infracciones utilizando herramientas de inteligencia forense y de amenazas.

Secure Access Service Edge (SASE) is a cloud-based network architecture model that combines wide-area networking (WAN) capabilities with comprehensive network security functions.

A Secure Web Gateway (SWG) protects users from web-based threats by blocking malicious content before it reaches the device.

Social engineering is a type of cyberattack that relies on user manipulation and human psychology.

Spoofing attacks are where the attacker disguises as a trustworthy entity to steal money, data, or network access.

El spyware es un tipo de software que recopila datos de los usuarios sin su consentimiento y los envía a terceros.

Una plataforma de inteligencia de amenazas ayuda a las organizaciones a agregar, correlacionar y analizar datos de amenazas de múltiples fuentes en tiempo real para respaldar las acciones defensivas.

A Trojan Horse is malware disguised as harmless software used to gain access to a system.

UEBA uses machine learning to detect anomalies in the behavior of users and devices connected to a corporate network.

Unethical hackers — also known as “Black Hat” hackers — are individuals who exploit computer systems, networks, and devices with malicious intent.

A VPN allows remote users to connect securely to the corporate network as if they were in the office.

WAF is a service that filters, monitors, and blocks HTTP traffic to and from a web service to prevent attacks like DDoS.

WAAPaaS is a service that protects against malicious activities originating from web applications by monitoring web traffic.

A worm is a type of malware that can reproduce itself for the purpose of spreading itself to other computers in the network.

ZTNA grants access only to necessary applications for a specific role, operating under the Zero Trust approach.