Education Center

Knowledge Is Power

Does the cybersecurity industry chatter sound like another language to you? You are not alone.
From non-stop acronyms, to academic IT terms and InfoSec slang, to nonsensical breach names–you almost need to clone another version of yourself to keep up with everything happening in the information security industry every day.

This cybersecurity education center is here for you to use for reference. Bookmark this spot, and come back to stay up-to-date. deepwatch authors are adding more terms for you to use in your day-to-day work and security awareness training all the time.

Cybersecurity Services
Cybersecurity Technologies
Information Security Terminology

In addition to the definitions and concepts explained below, here are a few authoritative cybersecurity resources that deepwatch authors source their information. Check out current usage of terms and get acquainted with new words or concepts as they are added and developed.

DoD Cybersecurity Resource and Reference Guide

SANS Institute Glossary

Cybersecurity Services

What is a Managed Security Service Provider (MSSP)?

A Managed Security Service Provider (MSSP) is a company that offers consistent monitoring of enterprise networks coupled...

What is Managed Detection and Response (MDR)?

Unlike MSSP services that tend to focus on firewalls and vulnerability management, managed detection and response (MDR) cyber...

What is Extended Detection and Response (XDR)?

Extended Detection and Response (XDR) is an up and coming cybersecurity service offering. It combines managed threat detection...

What is Endpoint Detection and Response (EDR)?

Originally coined by Anton Chuvakin of Gartner in 2013, endpoint detection and response—also known as endpoint threat detection...

What is Vulnerability Management?

Vulnerability management can be defined as the continuous process of identifying, analyzing, prioritizing and remediating...

What is SOC as a Service (SOCaaS)?

Security Operations Center as a service, or SOCaaS, are security operations (SecOps) services that manage and monitor logs,...

What is Threat Hunting?

Threat hunting is the proactive process of searching for malicious activity within an organization’s IT infrastructure...

What is a Threat Hunter?

A threat hunter takes a proactive approach to detecting cybersecurity threats using the scientific method to test and validate...

What is a Threat Hunt Hypothesis?

A threat hunt hypothesis is a supposition or proposed explanation made on the basis of limited evidence from a security environment,...

What does the term “Kill Chain” mean in cybersecurity?

The term “kill chain” comes from a military concept that uses stages to outline the structure of an attack. “Breaking”...

Cybersecurity Technologies

What is a Security Incident and Event Management Platform (SIEM)?

Security Incident and Event Management (SIEM) platforms provide organizations with security incident detection, analytics...

What is a Security Operations Analytics and Response Platform (SOAR)?

Security orchestration, automation and response (SOAR) technologies help security analysts across multiple teams coordinate,...

What is a Firewall?

A firewall is a network security technology that monitors and controls network traffic based on security rules setup by a...

What is an Intrusion Prevention System (IPS)?

An Intrusion Protection System (IPS) is a protective control that is designed to help businesses guard themselves from cyber...

What is an Intrusion Detection System (IDS)?

An Intrusion Detection System (IDS) is designed to help businesses protect themselves from cyber criminals entering their...

What is Endpoint Security?

An endpoint in security is any technology that communicates on a network that it is connected to. This can include laptops,...

What is Identity and Access Management (IAM)?

IAM is a set of policies, processes and tools an organization uses to match people with access levels in regard to company...

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication is authentication that relies on more than one authentication factor, which makes impersonating...

What does the term “Kill Chain” mean in cybersecurity?

The term “kill chain” comes from a military concept that uses stages to outline the structure of an attack. “Breaking”...

Information Security Terminology

What is a Security Operations Center (SOC)?

A Security Operations Center (SOC) is an information security team that monitors, detects, prevents, analyzes, investigates,...

What do SOC Analysts do?

SOC analysts are the first responders to cyber-incidents. They report cyberthreats and then implement changes to protect...

What is Cyber Threat Intelligence (CTI)?

CTI or Threat Intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets,...

What are Tactics, Techniques, and Procedures (TTPs)?

Tactics, Techniques, and Procedures (TTPs) are the behaviors, methods, tools and strategies that cyber threat actors and...

What are Indicators of Compromise (IoCs)?

Indicators of compromise (IoCs) are different types of cybersecurity data that can alert organizations to attacks on their...

What is Cyber Threat Hunting?

Cyber threat hunting is the practice of proactively searching for undetected cyber threats that lie dormant or run undetected...

What is Zero Trust?

Zero Trust is a security concept that requires everyone who has access to a network to be authenticated, authorized and validated...

What are Advanced Persistent Threats (APTs)?

This is an attack in which unauthorized entities (typically a nation-state or state-sponsored group) gain access to an organization...

What does CIA in cybersecurity mean?

An acronym for Confidentiality, Integrity, and Availability, the CIA Triad is a concept used by cybersecurity professionals...

What is Cloud Computing?

The Cloud is, at its core, the virtual storage and processing place of data. Cloud computing is the delivery of that data...

What is a Distributed Denial-of-Service (DDoS) Attack?

DDoS is an attack that attempts to disrupt the normal traffic of a server, service or network by flooding it with increased...

What is the Difference between a Security Event, an Alert, and an Incident?

A security event refers to the security-impacting activity that occurred. Alerts are the notifications — often found in...

What is Incident Response (IR)?

Incident Response occurs when an incident has been identified and must be addressed. Oftentimes incident response requires...

What is an Incident Response Plan (IRP)?

An Incident Response Plan refers to the set of policies and actions taken to limit, respond and manage a security incident....

What is an Insider Threat?

An insider threat is a security risk that comes from inside an organization, either from current or former employees, consultants,...

What is Machine Learning?

Machine learning is the use of artificial intelligence (AI) to help security systems process vast amounts of data and learn...

What is Phishing?

Phishing is a method in which fraudulent email messages are sent under the guise of a trustworthy person with the goal of...

What is the MITRE ATT&CK Framework?

MITRE ATT&CK is a knowledge base of cyber threat actor TTPs based on real-world observed attack patterns. ATT&CK...

What is Operational Technology (OT)?

Where Information Technology systems manage and manipulate data, OT systems manipulate physical systems via computer control....

What is Threat Hunting?

Threat hunting is the proactive process of searching for malicious activity within an organization’s IT infrastructure...

What is a Threat Hunter?

A threat hunter takes a proactive approach to detecting cybersecurity threats using the scientific method to test and validate...

What is a Threat Hunt Hypothesis?

A threat hunt hypothesis is a supposition or proposed explanation made on the basis of limited evidence from a security environment,...

What does the term “Kill Chain” mean in cybersecurity?

The term “kill chain” comes from a military concept that uses stages to outline the structure of an attack. “Breaking”...

talk to a deepwatch expert

Ready to talk to a managed security expert?

Denver Office & SOC

855.303.3033

St. Petersburg Office & SOC

855.303.3033

[email protected]