Darktrace Cyber AI Glossary

Account takeover is when a user's profile has been hijacked by a cyber criminal.

Artificial intelligence (AI) is a vast branch of computer science concerned with a development in software that allows computer systems to perform tasks that imitate human cognitive intelligence.

A botnet attack is a cyber attack that uses a network of compromised computers to conduct malicious activity without the victims knowledge.

Brand impersonation is a form of phishing cyber-attack that aims to solicit sensitive information from victims by posing as a legitimate brand.

Business Email Compromise is when a cyber criminal tricks a victim by impersonating a valuable or high-ranking individual within a business.

CEO fraud is a form of impersonation where a threat actor will falsify their identity, acting as an executive at an organization, and attempt to communicate with other employees, such as members of the finance department to solicit sensitive information.

Cloud detection and response (CDR) refers to the practice of detecting, analyzing, and responding to possible cloud security incidents.

Cloud email is email that is hosted on a remote server. These servers are accessible by the internet and hosted by a third-party service providers.

A Cloud Infrastructure Entitlement Management (CIEM) solution helps manage entity permissions and entitlements in an organization’s cloud infrastructure.

Cloud security is the protection of information and services that companies are storing in their cloud-based environments.

CSPM (cloud security posture management) is equal parts a methodology and a technology. It attempts to identify and remediate risks that may surface with various types of cloud environments or infrastructure, such as with IaaS, SaaS, and PaaS.

The process of screening or restricting content to objectionable content on the web, in the email inbox, or other mediums.

Cryptojacking is the unauthorized use of a computer or device’s processing power to mine cryptocurrencies, often without the owner’s consent or knowledge. Cryptojacking is considered a form of cybercrime.

The Cyber Kill Chain is a concept introduced by Lockheed Martin that represents the stages or steps involved in a cyberattack.

Cyber security is the practice of defending computer systems, networks, cloud infrastructures, and more from cyber-attacks.

Data security refers to the practice of protecting digital data from unauthorized access, alteration, or destruction.

Email data loss prevention (DLP) is a cyber security concept referring to the reduction of potential risk associated with email activity that comes from the accidental or intentional leakage of valuable information via email.

Email filtering is a method of email security that involves identifying and sorting emails that are deemed non-productive, spam, or malicious.

Email security is the practice of protecting email communication from unauthorized activity.

Email spam is unwanted or unsolicited emails that end up in your email inbox.

Generative AI is an artificial intelligence technology that uses machine learning algorithms to generate content. This can be in the form of text, art, video, images, and more.

Graymail is bulk emails that were originally solicited but are no longer wanted by the recipient. They do not fit the typical definition of spam email.

Incident Response is the immediate steps that an organization will take to deal with a data breach/cyber-attack.

ICES is a type of email security that supplements cloud-based email services, providing email protection against a wide range of threats.

IoT stands for “Internet of Things.” This refers to physical devices that connect wirelessly to a network. IoT cyber security are the tools and methods that attempt to protect these devices from cyber threats.

Lateral movement in cybersecurity refers to the tactics and techniques that threat actors use to progressively move through a network or system after gaining an initial foothold or access point.

Machine learning is a branch of artificial intelligence that uses algorithms to teach computers to learn and program themselves in order to classify data or predict future outcomes.

Malware is malicious software that is designed to obtain valuable data or damage and destroy cyber systems.

Phishing is when a threat actor poses as a legitimate email sender in an attempt to get victims to give them sensitive information.

Qakbot is a banking trojan that has multifaceted capabilities which include stealing sensitive financial information, propagating through networks, and acting as a delivery mechanism for other malware.

Ransomware is a combination of the words "ransom" and "software." The word ransomware refers to the downloading of malware and the encryption of valuable documents by a cyber criminal who will hold those documents until a ransom is payed.

A comprehensive approach and technology stack that combines orchestration, automation, incident response and threat intelligence management to improve the efficiency and effectiveness of an organization’s cybersecurity operations.

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication.

The shared responsibility model refers to a framework that establishes the cloud security obligations of a cloud service provider and of the organization which uses those services.

Simple Mail Transfer Protocol (SMTP) is the technical standard protocol used to send and receive emails.

Smishing is the process by which a threat actor sends fraudulent SMS messages in order to get victims to give away sensitive information or download malicious files.

Social engineering is an attack technique used by cyber-criminals to build trust with and trick their victims into fulfilling a request.

Spear phishing is a more targeted form of "Phishing". Both of which refer to a cyber security threat involving sending fraudulent emails to solicit information while posing as a legitimate sender.

Spoofing is the process by which someone sends a fraudulent message using a false identity in order to solicit sensitive information.

Learn more about: Malware, Phishing, Spoofing, Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks, Insider Threats, Man-in-the-Middle (MiTM) Attacks, Code Injection Attacks, Supply Chain Attacks, DNS Tunneling, and Brute-force Attacks.

Threat hunting involves searching for signs of malicious activities or potential security threats within an organization’s networks, systems, and endpoints.

Vishing is a type of cyber-attack that uses voice or telephone technology to trick targets into revealing sensitive information to attackers.

Whaling is a specific form of phishing attack that is used to gain access to networks and information by targeting high ranking members of an organization.

Zero trust is a cyber security paradigm designed for data and resource security amidst the growth of the remote workforce and cloud-based data storage.