Education Center

Knowledge Is Power

Does the cybersecurity industry chatter sound like another language to you? You are not alone.
From non-stop acronyms, to academic IT terms and InfoSec slang, to nonsensical breach names–you almost need to clone another version of yourself to keep up with everything happening in the information security industry every day.

This cybersecurity education center is here for you to use for reference. Bookmark this spot, and come back to stay up-to-date. deepwatch authors are adding more terms for you to use in your day-to-day work and security awareness training all the time.

In addition to the definitions and concepts explained below, here are a few authoritative cybersecurity resources that deepwatch authors source their information. Check out current usage of terms and get acquainted with new words or concepts as they are added and developed.

NICCS Glossary

DoD Glossary

CDSE Glossary

DoD Cybersecurity Resource and Reference Guide

SANS Institute Glossary

What is a Managed Security Service Provider (MSSP)?

A Managed Security Service Provider (MSSP) is a company that offers consistent monitoring of enterprise networks coupled...
Read More

What is Managed Detection and Response (MDR)?

Unlike MSSP services that tend to focus on firewalls and vulnerability management, managed detection and response (MDR) cyber...
Read More

What is Extended Detection and Response (XDR)?

Extended Detection and Response (XDR) is an up and coming cybersecurity service offering. It combines managed threat detection...
Read More

What is Endpoint Detection and Response (EDR)?

Originally coined by Anton Chuvakin of Gartner in 2013, endpoint detection and response—also known as endpoint threat detection...
Read More

What is Vulnerability Management?

Vulnerability management can be defined as the continuous process of identifying, analyzing, prioritizing and remediating...
Read More

What is SOC as a Service (SOCaaS)?

Security Operations Center as a service, or SOCaaS, are security operations (SecOps) services that manage and monitor logs,...
Read More

What is Threat Hunting?

Threat hunting is the proactive process of searching for malicious activity within an organization’s IT infrastructure...
Read More

What is a Threat Hunter?

A threat hunter takes a proactive approach to detecting cybersecurity threats using the scientific method to test and validate...
Read More

What is a Threat Hunt Hypothesis?

A threat hunt hypothesis is a supposition or proposed explanation made on the basis of limited evidence from a security environment,...
Read More

What does the term “Kill Chain” mean in cybersecurity?

The term “kill chain” comes from a military concept that uses stages to outline the structure of an attack. “Breaking”...
Read More

What is a Security Incident and Event Management Platform (SIEM)?

Security Incident and Event Management (SIEM) platforms provide organizations with security incident detection, analytics...
Read More

What is a Security Operations Analytics and Response Platform (SOAR)?

Security orchestration, automation and response (SOAR) technologies help security analysts across multiple teams coordinate,...
Read More

What is a Firewall?

A firewall is a network security technology that monitors and controls network traffic based on security rules setup by a...
Read More

What is an Intrusion Prevention System (IPS)?

An Intrusion Protection System (IPS) is a protective control that is designed to help businesses guard themselves from cyber...
Read More

What is an Intrusion Detection System (IDS)?

An Intrusion Detection System (IDS) is designed to help businesses protect themselves from cyber criminals entering their...
Read More

What is Endpoint Security?

An endpoint in security is any technology that communicates on a network that it is connected to. This can include laptops,...
Read More

What is Identity and Access Management (IAM)?

IAM is a set of policies, processes and tools an organization uses to match people with access levels in regard to company...
Read More

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication is authentication that relies on more than one authentication factor, which makes impersonating...
Read More

What does the term “Kill Chain” mean in cybersecurity?

The term “kill chain” comes from a military concept that uses stages to outline the structure of an attack. “Breaking”...
Read More

What is a Security Operations Center (SOC)?

A Security Operations Center (SOC) is an information security team that monitors, detects, prevents, analyzes, investigates,...
Read More

What do SOC Analysts do?

SOC analysts are the first responders to cyber-incidents. They report cyberthreats and then implement changes to protect...
Read More

What is Cyber Threat Intelligence (CTI)?

CTI or Threat Intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets,...
Read More

What are Tactics, Techniques, and Procedures (TTPs)?

Tactics, Techniques, and Procedures (TTPs) are the behaviors, methods, tools and strategies that cyber threat actors and...
Read More

What are Indicators of Compromise (IoCs)?

Indicators of compromise (IoCs) are different types of cybersecurity data that can alert organizations to attacks on their...
Read More

What is Cyber Threat Hunting?

Cyber threat hunting is the practice of proactively searching for undetected cyber threats that lie dormant or run undetected...
Read More

What is Zero Trust?

Zero Trust is a security concept that requires everyone who has access to a network to be authenticated, authorized and validated...
Read More

What are Advanced Persistent Threats (APTs)?

This is an attack in which unauthorized entities (typically a nation-state or state-sponsored group) gain access to an organization...
Read More

What does CIA in cybersecurity mean?

An acronym for Confidentiality, Integrity, and Availability, the CIA Triad is a concept used by cybersecurity professionals...
Read More

What is Cloud Computing?

The Cloud is, at its core, the virtual storage and processing place of data. Cloud computing is the delivery of that data...
Read More

What is a Distributed Denial-of-Service (DDoS) Attack?

DDoS is an attack that attempts to disrupt the normal traffic of a server, service or network by flooding it with increased...
Read More

What is the Difference between a Security Incident, an Event, and an Alert?

A security event refers to the security-impacting activity that occurred. Alerts are the notifications — often found in...
Read More

What is Incident Response (IR)?

Incident Response occurs when an incident has been identified and must be addressed. Oftentimes incident response requires...
Read More

What is an Incident Response Plan (IRP)?

An Incident Response Plan refers to the set of policies and actions taken to limit, respond and manage a security incident....
Read More

What is an Insider Threat?

An insider threat is a security risk that comes from inside an organization, either from current or former employees, consultants,...
Read More

What is Machine Learning?

Machine learning is the use of artificial intelligence (AI) to help security systems process vast amounts of data and learn...
Read More

What is Phishing?

This is a method in which fraudulent email messages are sent under the guise of a trustworthy person with the goal of obtaining...
Read More

What is the MITRE ATT&CK Framework?

MITRE ATT&CK is a knowledge base of cyber threat actor TTPs based on real-world observed attack patterns. ATT&CK...
Read More

What is Operational Technology (OT)?

Where Information Technology systems manage and manipulate data, OT systems manipulate physical systems via computer control....
Read More

What is Threat Hunting?

Threat hunting is the proactive process of searching for malicious activity within an organization’s IT infrastructure...
Read More

What is a Threat Hunter?

A threat hunter takes a proactive approach to detecting cybersecurity threats using the scientific method to test and validate...
Read More

What is a Threat Hunt Hypothesis?

A threat hunt hypothesis is a supposition or proposed explanation made on the basis of limited evidence from a security environment,...
Read More

What does the term “Kill Chain” mean in cybersecurity?

The term “kill chain” comes from a military concept that uses stages to outline the structure of an attack. “Breaking”...
Read More