Get started

Get started

Bring yourself up to speed with our introductory content.

• How to use tcpreplay to replay network packet files

  The suite of tools that comprise tcpreplay offers administrators a variety of network security options. Learn some of the benefits of this free utility. Continue Reading

• ASPM vs. ASOC: How do they differ?

  Application security posture management and application security orchestration and correlation tools both aim to secure applications but use different methodologies. Continue Reading

• How to prepare for post-quantum computing security

  One of the biggest fears about quantum computing is its ability to easily break current encryption algorithms. Learn why and how to start making quantum security preparations. Continue Reading

• What is email spam and how to fight it?

  Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients. Humans send spam, but more often, botnets are responsible for sending it. Continue Reading

• Explaining cybersecurity tabletop vs. live-fire exercises

  Tabletop games and live-fire exercises are two ways to test the effectiveness of enterprise security controls and defenses. Discover how each works and how they differ. Continue Reading

• Definitions to Get Started

  • What is email spam and how to fight it?
  • What is identity threat detection and response (ITDR)?
  • What is MXDR, and do you need it?
  • What is cybercrime and how can you prevent it?

  • What is cloud detection and response (CDR)?
  • What is an endpoint protection platform (EPP)?
  • What is endpoint security? How does it work?
  • What is cyber attribution?

  View All Definitions

• What is identity threat detection and response (ITDR)?

  Identity threat detection and response (ITDR) is a collection of tools and best practices aimed at defending against cyberattacks that specifically target user identities or identity and access management (IAM) infrastructure.Continue Reading

• What is MXDR, and do you need it?

  Managed extended detection and response (MXDR) is an outsourced service that collects and analyzes threat data from across an organization's IT environment.Continue Reading

• What is threat hunting? Key strategies explained

  If you are ready to take a more proactive approach to cybersecurity, threat hunting might be a tactic to consider. Here's what security teams should know.Continue Reading

• What is cybercrime and how can you prevent it?

  Cybercrime is any criminal activity that involves a computer, network or networked device.Continue Reading

• Types of hackers: Black hat, white hat, red hat and more

  Black, white and gray hats are familiar to security pros, but as the spectrum evolves to include green, blue, red and purple, things get muddled. Brush up on types of hackers.Continue Reading

• How to use Tor -- and whether you should -- in your enterprise

  The Tor browser has sparked discussion and dissension since its debut. Does the software, which promises anonymous and secure web access, have a role to play in the enterprise?Continue Reading

• How frictionless authentication works in online payments

  Online retailers face a challenge: Make the payment process quick and easy for legitimate customers but not for fraudsters. Frictionless authentication can help.Continue Reading

• What is cloud detection and response (CDR)?

  Cloud computing requires a security approach that is different than traditional protections. Where does cloud detection and response fit into a cybersecurity strategy?Continue Reading

• Guide to data detection and response (DDR)

  Data is one of the most important assets in any organization. To truly protect it, you need a DDR strategy. Here's what you need to know, with tips on buying DDR tools.Continue Reading

• What is an endpoint protection platform (EPP)?

  An endpoint protection platform (EPP) is a security technology that safeguards endpoint devices.Continue Reading

• The 5 different types of firewalls explained

  The firewall remains a core fixture in network security. But, with five types of firewalls, three firewall deployment models and multiple placement options, things can get confusing.Continue Reading

• 12 types of endpoint security

  With the rise of remote work, mobile devices and IoT, the traditional security perimeter extends beyond corporate networks, making endpoint security crucial for organizations.Continue Reading

• What is endpoint security? How does it work?

  Endpoint security is the protection of endpoint devices against cybersecurity threats.Continue Reading

• What is cyber attribution?

  Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation.Continue Reading

• What is SSH (Secure Shell) and How Does It Work?

  SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network.Continue Reading

• What is a computer exploit?

  A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.Continue Reading

• What is malware? Prevention, detection and how attacks work

  Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.Continue Reading

• Types of MDR security services: MEDR vs. MNDR vs. MXDR

  Considering MDR security services? There's more than one option available; learn how to find the best for your organization's security needs.Continue Reading

• Intro: How to use BlackArch Linux for pen testing

  BlackArch Linux offers a lot of pen testing and security benefits, but it requires knowledgeable and independent professionals who can put the distribution to work.Continue Reading

• What is exposure management?

  Exposure management is a cybersecurity approach to protecting exploitable IT assets.Continue Reading

• Cloud detection and response: CDR vs. EDR vs. NDR vs. XDR

  Cloud detection and response is the latest detection and response tool. Explore how it differs from endpoint, network and extended detection and response tools.Continue Reading

• How to use Pwnbox, the cloud-based VM for security testing

  Pwnbox offers users the chance to hone their skills about security concepts and tools without having to build a costly lab environment.Continue Reading

• How to conduct a cloud security assessment

  Cloud computing presents organizations of all types with a nearly endless array of security challenges. Is your security team keeping up – and how do you know?Continue Reading

• What a cybersecurity analyst does and how to become one

  Security analysts play a critical role in defending organizations' sensitive information from cyberattacks. Learn more about the position and how to pursue it.Continue Reading

• What is an intrusion detection system (IDS)?

  An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.Continue Reading

• How API attacks work, plus 5 common types

  A growing number of API attacks put enterprises at risk of serious data breaches. Learn how these attacks work, and explore some API security best practices.Continue Reading

• What is a cyber attack? How they work and how to stop them

  A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.Continue Reading

• 16 common types of cyberattacks and how to prevent them

  To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them.Continue Reading

• Top 10 cybersecurity interview questions and answers

  Interviewing for a job in cybersecurity? Memorizing security terms won't cut it. Here are the 10 interview questions you should be ready for -- and how to answer them.Continue Reading

• How to use Social-Engineer Toolkit

  Testing system components for vulnerabilities is just one part of the network security equation. What's the best way to measure users' resilience to social engineering threats?Continue Reading

• How to become a cybersecurity architect

  From help desk support personnel to network admin, learn about the multiple paths that can lead to becoming an effective and knowledgeable cybersecurity architect.Continue Reading

• 5 essential programming languages for cybersecurity pros

  Coding is an important skill across almost every technology discipline today, and cybersecurity is no exception. Learn about the top programming languages for security professionals.Continue Reading

• What qualifies as a material cybersecurity incident?

  In SEC rules, a cyberincident's materiality hinges on its potential impact on a public company's standing. Learn what this means for cybersecurity disclosure requirements.Continue Reading

• SPF, DKIM and DMARC: What are they and how do they work together?

  Internet protocols for email authentication -- SPF, DKIM and DMARC -- coordinate defense against spammers, phishing and other spoofed email problems.Continue Reading

• 12 common types of malware attacks and how to prevent them

  The umbrella term malware is one of the greatest cybersecurity threats enterprises face. Learn about 12 common types of malware and how to prevent them.Continue Reading

• digital signature

  A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or software.Continue Reading

• What is security information and event management (SIEM)?

  Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system.Continue Reading

• personally identifiable information (PII)

  Personally identifiable information (PII) is any data that could potentially identify a specific individual.Continue Reading

• Port scan attacks: What they are and how to prevent them

  Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and defend against port scan attacks.Continue Reading

• zero-day vulnerability

  A zero-day vulnerability is a security loophole in software, hardware or firmware that threat actors exploit before the vendors can identify and patch it.Continue Reading

• DNS attack

  A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system.Continue Reading

• cloud security

  Cloud security, also known as 'cloud computing security,' is a set of policies, practices and controls deployed to protect cloud-based data, applications and infrastructure from cyberattacks and cyberthreats.Continue Reading

• privacy impact assessment (PIA)

  A privacy impact assessment (PIA) is a method for identifying and assessing privacy risks throughout the development lifecycle of a program or system.Continue Reading

• Zero trust vs. defense in depth: What are the differences?

  Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks complement each other.Continue Reading

• SASE vs. SSE: Explaining the differences

  Most security professionals are familiar with secure access service edge, but now, there's a new tool for administrators to consider: security service edge.Continue Reading

• proof of concept (PoC) exploit

  A proof of concept (PoC) exploit is a nonharmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software.Continue Reading

• What is a cloud security framework? A complete guide

  With so many apps and data residing in cloud, employing a security framework to help protect cloud infrastructure is an essential move for an organization.Continue Reading

• Cloud security automation: Benefits and best practices

  Automating security in the cloud can be invaluable for threat detection and mitigation. Explore key areas where security professionals should implement automation.Continue Reading

• Reporting ransomware attacks: Steps to take

  The Cybersecurity and Infrastructure Security Agency and FBI recommend reporting ransomware attacks to the authorities as soon as possible. This expert advice outlines the process.Continue Reading

• The 7 core pillars of a zero-trust architecture

  Learn how Forrester's Zero Trust Extended framework can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework.Continue Reading

• What is extortionware? How does it differ from ransomware?

  Prevention is the only line of defense against an extortionware attack. Learn how extortionware works and why it can be more damaging than ransomware.Continue Reading

• What role does an initial access broker play in the RaaS model?

  Initial access brokers play an increasingly vital role in the ransomware ecosystem, establishing entry points from which RaaS groups can facilitate attacks against organizations.Continue Reading

• virtual firewall

  A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment.Continue Reading

• cloud penetration testing

  Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its own defenses.Continue Reading

• cloud workload protection platform (CWPP)

  A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud or in a hybrid arrangement.Continue Reading

• out-of-band authentication

  Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a separate communication channel along with the typical ID and password.Continue Reading

• Common Vulnerability Scoring System (CVSS)

  The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems.Continue Reading

• cloud-native application protection platform (CNAPP)

  Cloud-native application protection platform, or CNAPP, is a software product that bundles multiple cloud security tools into one package, thereby delivering a holistic approach for securing an organization's cloud infrastructure, its cloud-native ...Continue Reading

• Cloud vulnerability management: A complete guide

  Your security strategy might not grapple directly with cloud vulnerability management. Is it time to consider the possible benefits and challenges of this emerging product class?Continue Reading

• How to create a cloud security policy, step by step

  What are the necessary components of a cloud security policy, and why should an organization go to the trouble to create one? Download a template to get the process started.Continue Reading

• Patch Tuesday

  Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.Continue Reading

• Pegasus malware

  Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram.Continue Reading

• VM security in cloud computing explained

  Cloud computing allows an organization to reduce its risks by having to secure fewer resources. The tradeoff is that cloud creates more attack vectors. Don't let VMs trip you up.Continue Reading

• risk-based patch management (RBPM)

  Risk-based patch management (RBPM) is an approach to implementing patches to fix software code that prioritizes patches that address security issues posing the highest risk to the organization.Continue Reading

• What is a cloud security engineer, and how do I become one?

  A cloud security engineer has specific responsibilities for helping to secure cloud infrastructure, applications and IT assets.Continue Reading

• SSPM vs. CSPM: What's the difference?

  Posture management in the cloud is key, but evaluating different tools, such as SaaS security posture management and cloud security posture management platforms, can be confusing.Continue Reading

• risk-based vulnerability management (RBVM)

  Risk-based vulnerability management (RBVM) is an approach to identifying and addressing security vulnerabilities in an organization's IT environment that prioritizes remediating vulnerabilities that pose the greatest risk.Continue Reading

• cloud infrastructure entitlement management (CIEM)

  Cloud infrastructure entitlement management (CIEM) is a discipline for managing identities and privileges in cloud environments.Continue Reading

• What is Data Encryption Standard (DES)?

  Data Encryption Standard (DES) is an outdated symmetric key method of data encryption.Continue Reading

• What is role-based access control (RBAC)?

  Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise.Continue Reading

• What is PCI DSS (Payment Card Industry Data Security Standard)?

  The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal ...Continue Reading

• What is a SSL (secure sockets layer)?

  Secure sockets layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.Continue Reading

• What is a potentially unwanted program (PUP)?

  A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.Continue Reading

• remote access

  Remote access is the ability for an authorized person to access a computer or network from a geographical distance through a network connection.Continue Reading

• Federal Information Security Modernization Act (FISMA)

  ): The Federal Information Security Modernization Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information technology operations from cyberthreats.Continue Reading

• cloud security posture management (CSPM)

  Cloud security posture management (CSPM) is a market segment for IT security tools that are designed to identify misconfiguration issues and compliance risks in the cloud.Continue Reading

• Cloud Security Alliance (CSA)

  The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.Continue Reading

• EDR vs. EPP: What's the difference?

  Endpoint detection and response tools and endpoint protection platforms offer similar security features. Which is better for your organization: EDR, EPP or both?Continue Reading

• Stateful vs. stateless firewalls: Understanding the differences

  Stateful firewalls are the norm in most networks, but there are still times where a stateless firewall fits the bill. Learn how these firewalls work and what approach might be best.Continue Reading

• identity management (ID management)

  Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to technology resources.Continue Reading

• single sign-on (SSO)

  Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.Continue Reading

• cryptanalysis

  Cryptanalysis is the study of ciphertext, ciphers and cryptosystems to understand how they work and to find and improve techniques for defeating or weakening them.Continue Reading

• Data protection impact assessment template and tips

  Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information.Continue Reading

• Fuzzy about fuzz testing? This fuzzing tutorial will help

  Organizations are searching for ways to automate and improve their application security processes. Fuzz testing is one way to fill in some of the gaps.Continue Reading

• virus (computer virus)

  A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an infected system and it often propagates to other systems, much like a biological virus spreads from host to host.Continue Reading

• Certified Information Security Manager (CISM)

  Certified Information Security Manager (CISM) is an advanced certification that indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.Continue Reading

• How data poisoning attacks work

  Generative AI brings business opportunities to the enterprise but also security risks. Learn about an evolving attack vector called data poisoning and how it works.Continue Reading

• What is cryptography?

  Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it.Continue Reading

• 4 types of prompt injection attacks and how they work

  Compromised LLMs can expose sensitive corporate data and put organizations' reputations at risk. Learn about four types of prompt injection attacks and how they work.Continue Reading

• asymmetric cryptography

  Asymmetric cryptography, also known as public key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.Continue Reading

• identity provider

  An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks.Continue Reading

• vulnerability assessment

  A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.Continue Reading

• The differences between inbound and outbound firewall rules

  Firewalls can support both inbound and outbound firewall rules, but there are important differences between the two. Learn more about each and their uses.Continue Reading

• DoS vs. DDoS: How they differ and the damage they cause

  DoS and DDoS attacks may not be new, but that doesn't mean they are any less disruptive to organizations. Companies should understand what they are and how they work.Continue Reading

• How dynamic malware analysis works

  Security teams use dynamic malware analysis to uncover how malware works -- and thereby improve threat hunting and incident detection capabilities.Continue Reading