Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
A list of entities that are blocked or denied privileges or access.
A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team). Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture.
A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under the remote command and control of a remote administrator. A member of a larger collection of compromised computers known as a botnet.
The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet. Also known as a Bot Herder.
A collection of computers compromised by malicious code and controlled across a network.
An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.