Glossary

Advanced Persistent Threat (APT) 29 (also known as Cozy Bear, CozyDuke, the Dukes, or PowerDukes) is a Russia-based hacker group perhaps best known for its compromise of the Democratic National Committee in 2015 and for the SolarWinds intrusion of 2020. The group has links to the Russian government is highly technically skilled and capable of…

Attack Graphs align adversary tactics, techniques, and behaviors in a chain to emulate the adversary with specificity and realism and test a range of security controls within an environment. They make it easier for organizations to visually measure their defense performance against a series of attacks. Attack Graphs emerged from the AttackIQ Anatomic Engine, a…

AttackIQ also works closely with the MITRE Corporation to promote the practice of threat-informed defense as part of the industry-first AttackIQ Academy. AttackIQ Academy offers free instructor-led courses in critical concepts such as purple team operations, MITRE ATT&CK, and attack simulation that are eligible for (ISC)² CPE Credits. To date, more than 2,100 students have…

AIDA is a scalable and open testing architecture for verifying the integrity and effectiveness of security controls. AIDA uses test points deployed at scale in the production network to safely emulate attacker behavior across the kill chain. It combines multiple behavioral techniques to offer the broadest and deepest control validation solution available, with the best…

Automated security control validation is the process of measuring and validating your security control performance in an automated fashion. The AttackIQ Security Optimization Platform tests and validates that your security controls are working as intended and does so in a continuous and automated manner across your security program, using scenarios and assessments aligned to threat…

A blue team is a traditional cybersecurity team that defends systems against attack, whether by malicious actors or by a red team in a testing exercise. While a red team acts offensively to identify possible exploits in systems, blue teams act defensively to minimize vulnerabilities and to detect and prevent threats.

Blueprints are AttackIQ’s step-by-step guides for aligning people, process, and technology around the practice of threat-informed defense and automated security control validation. AttackIQ blueprints help organizations mature their overall security posture and maximize the value of the AttackIQ Security Optimization Platform. They help teams define specific goals, provide guidance on key stages, and enable users…

Breach and attack simulation is the process of using software to emulate adversary tactics, techniques, and behaviors within an information technology (IT) environment. AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is…

A bug bounty is a reward offered to individuals who identify and report program bugs, especially potential vulnerabilities, to a website or software developer. This allows the website or developer to work to fix the bugs that they may have otherwise missed.

Also called the “C.I.A. Triad,” the C.I.A. Model is a cybersecurity model based around ensuring the confidentiality, integrity, and availability of networks and data. In this model, confidentiality refers to keeping data private and secure from unauthorized users. Integrity refers to the trustworthiness and reliability of the networks and data. Availability refers to networks and…

A chief information officer (CIO) is the most senior executive in charge of information technology at a company. They oversee not only cybersecurity, but all information technology operations.

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) designs, develops, deploys, and sustains a suite of programs called the National Cybersecurity Protection System (NCPS) to help secure federal civilian executive branch information and networks.

A chief information security officer (CISO) is the most senior executive in charge of information security at a company. CISOs are more specialized than CIOs.

Cloud security optimization is the process of testing your cloud security capabilities continuously to validate that your assets and data centers are protected against the threats that matter most. The AttackIQ Security Optimization Platform validates native cloud security controls in AWS and Azure, leveraging innovative cloud security research from the Center for Threat-Informed Defense. It also validates cybersecurity solutions that operate in the cloud, to include endpoint detection and response capabilities, next generation firewalls, and micro-segmentation platforms.

The Colonial Pipeline ransomware attack was a 2021 ransomware attack targeting Colonial Pipeline, the largest fuel pipeline in the U.S. This attack caused gas shortages and price increases across the East Coast, transforming ransomware into a top-tier national security threat overnight.

Compliance is an organization’s adherence to regulatory standards. A lack of compliance can have harsh legal and financial penalties in addition to the reputational harm that could result from being breached due to that lack of compliance with security standards.

Compliance optimization is the process of applying a threat-informed defense strategy to measure your compliance effectiveness, improve your cybersecurity readiness, and decrease your regulatory burden. The AttackIQ Security Optimization Platform aligns your threat and risk management frameworks, validating your security effectiveness using real-world threat behaviors from the MITRE ATT&CK framework and measuring your compliance performance…

Critical infrastructure is the infrastructure that is considered critical for the functioning of society. This includes both physical (i.e., roadways) and cyber (I.e., the internet) systems, the destruction of which would devastate the physical or economic wellbeing of the population.

Cyberspace is the virtual world in which computer networks connect and communicate with each other. It is a world of pure information and a construct to help us visualize and understand the interactions between computer data and artifacts that don’t exist and interact in a recognizable physical space. The term was coined by William Gibson…

Cyberspace operations are operations performed to achieve objectives in or through cyberspace. The term is typically used to refer to military operations specifically.

Detection is the identification of malicious activity threatening the network and/or device. Successful detection allows threats to be contained and controlled. Some threats can go months or even years before they are detected.

Detection engineering is the proactive designing and implementation of processes to identify and defend against threats.

The DoD Cybersecurity Maturity Model Certification (CMMC) is a set of certifications for DoD contractors. Every DoD contractor that handles unclassified DoD-related information is required to achieve specific security certifications under CMMC.

The FBI Cyber Division investigates and prosecutes crimes that fall within the FBI’s jurisdiction and are internet-based, such as cyberterrorism, espionage, identity theft, and the like.

The General Data Protection Regulation (GDPR) is the European Union’s (EU) data privacy and security law. It is one of the most advanced laws of its kind, and applies not only to organizations within the EU, but to any organization around the world that collects, shares, and stores data about people in the EU. The…

GRC is an integrated approach to governance, risk management, and regulatory compliance, treating each of those as three aspects aiming at a single goal rather than unrelated concepts.

Malware is “malicious software,” designed by cybercriminals to disrupt, damage, gain unauthorized access to, leak data from, or otherwise use the computer systems of others for nefarious purposes.

MITRE introduced ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) in 2013 as a way to describe and categorize adversarial behaviors based on real-world observations, and it underpins AttackIQ’s practice of threat-informed defense. ATT&CK is a structured list of known attacker behaviors that have been compiled into tactics and techniques and expressed in a handful of…

MITRE has broken out ATT&CK broken into a few different matrices: Enterprise, Mobile, Cloud, ICS and PRE-ATT&CK. Each of these matrices contains various tactics and techniques associated with that matrix’s subject matter. The Enterprise matrix is made of techniques and tactics that apply to Windows, Linux, and/or MacOS systems. Mobile contains tactics and techniques that…

AttackIQ has long been committed to a shared mission of giving back to the community. The company is a founding research sponsor of the MITRE Center for Threat-Informed Defense (CTID), which brings together leading security teams from around the world to identify and solve critical cyberdefense problems, then freely share results with the community. Underpinning…

The NYDFS Cybersecurity Regulation is a regulation that applies to all entities that fall under the jurisdiction of the NYDFS, as well as those entities’ third-party service providers.

NIST is the U.S. National Institute of Standards and Technology. Formerly the National Bureau of Standards, NIST is responsible for maintaining and promoting technology measurement and standards in the U.S. The organization was founded in 1901 and is a non-regulatory federal agency within the U.S. Department of Commerce. The aim of NIST is to promote U.S. innovation and industrial competitiveness.

NIST Special Publication 800-53 is a family of security and privacy control compiled by the National Institute of Science and Technology. It provides baseline standards and guidelines for protecting and managing information security systems.

The OPM Hack was a major cyberbreach of Office of Personnel Management (OPM), exposing the data of 22.1 million people, including current and former federal employees and contractors and their friends and families. The intrusion began in late 2013 and wasn’t discovered until 2015. The Chinese government is believed to be responsible.

The Open Systems Interconnection (OSI) model is a conceptual model of how devices communicate over a network. The model is comprised of seven layers. The model provides developers with a standardized framework so that different systems can communicate with each other. The OSI model was the first standard framework for network communications.

Penetration testing is a method of testing cyberdefenses through simulated attacks with the purpose of identifying and mitigating vulnerabilities.

Preactive Security is the practice of being proactive about preventable failure. Preactive security puts a threat-informed defense strategy into practice; you test your cyberdefenses the same way the adversary does, before the adversary does, to determine your defense effectiveness. You are proactive about preventable security failures. You are proactive about tuning and testing cybersecurity tools…

The Preactive Security Exchange is an objective and trusted platform on which security vendors can demonstrate the value and efficacy of their products, as well as identify opportunities to improve solutions. BlackBerry, Cisco, Illumio, LogRhythm, Microsoft, RSA, and SentinelOne are among the dozens of vendor partners of the PSE, working together to improve the effectiveness…

Prevention is the stopping of malicious activities before they cause damage. The best way to do this is by minimizing vulnerabilities so that they can’t be exploited.

Purple teaming is a cybersecurity approach in which security teams constantly exercise their defenses against known adversaries’ tactics and techniques to ensure that the defenses work as they should. Because they’re focused on understanding prospective adversaries, they’re ready if and when an intrusion occurs. They’re called “purple” because they combine the best of blue and…

Penetration testing is a colorful affair. First, there’s blue. Blue teams are the guardians of the network, tasked with defending key systems and meeting regulatory compliance. Then there’s red. Red teams take on the role of hackers, seeking to find flaws in corporate defenses, so they can be remedied before the real bad guys show up. Then there’s purple teaming. That’s what happens when you mix red and blue together.

The Pyramid of Pain demonstrates that some indicators of a compromise are more troubling to adversaries than others. This is because when those indicators are denied to an attacker, the loss of some will be more painful to them than the loss of others.

Ransomware is a type of malware that uses encryption to block access to an individual’s or an organization’s computer systems. When a system is infected with ransomware, users cannot access their files, databases, or applications. Ransomware can infect a single device, or an entire network of servers.

A red team is a cybersecurity team that tests technologies, policies, systems, and assumptions by adopting an adversary’s approach. Red team exercises include simulating multi-stage cyberattacks against specific targets on networks to simulate how an adversary might achieve a strategic effect, like stealing financial data, manipulating voter registration data, or destroying data to disrupt critical…

Risk management is the process of identifying, assessing, prioritizing, and minimizing risk.

Scenarios are multi-phase behaviors that represent attacker behavior, a phased representation of an action. Attack graphs are several scenarios put together. Our library includes thousands of scenarios, or you can create your own to capture a specific TTP.

Over the past two decades, businesses have spent increasing amounts of money on their cybersecurity controls. This spending spree looks set to continue, with global cybersecurity spend expected to exceed $1.75 trillion over the five-year period from 2021 to 2025.

Security control quantification is the process of determining what controls you have, where they’re placed, building an inventory of your security controls, and then measuring your security program’s effectiveness against the cybersecurity requirements and regulations that your organization is required to follow.

Security control rationalization is the process of assessing your security controls’ effectiveness; identifying and resolving gaps and overlaps in your security control stack; conducting a risk assessment of your security vendors; and then prioritizing, consolidating, and eliminating unnecessary security controls.

Security optimization is the management practice of maximizing the efficiency and effectiveness of your total security program (people, process, and technology) by ensuring that existing control investments are measured, monitored, and modified continuously from a threat-informed perspective. Security optimization is not about cost cutting; it is about programmatically aligning security and risk services with the…

The seven layers of the OSI model are used by computer systems to communicate over networks. Each layer defines the function of the flow of data. The layers are (1) Physical, (2) Data Link, (3) Network, (4) Transport, (5) Session, (6) Presentation, and (7) Application.

SolarWinds is a corporation that develops software. In 2020, SolarWinds’ software was used for a massive supply chain attack. The attack is believed to have been carried out by the Russia-based hacker group APT29, who gained access to some of the world’s most highly regarded companies while remaining undetected for months. Microsoft, the U.S. Justice…

Tactic, Technique, Procedure (TTPs) are behaviors that adversaries exhibit in conducting cyberspace operations against a target.

Transmission Control Protocol/Internet Protocol (TCP/IP) is a set of protocols that allows devices to communicate with each other over a network. TCP organizes the data for transmission, establishes the connection the data will be transmitted over, and breaks the data into transmittable packets. IP defines the addresses for the data packets and how the data…

With the AttackIQ Security Optimization Platform, we give our customers the most consistent, trusted, and safest way to test and validate security controls at scale. While competitors test in sandboxes, AttackIQ tests in production across the entire kill chain, the same as real-world adversaries do. Our platform grounds organizations in a shared understanding of threats…

MITRE defines threat-informed defense as the strategy of “applying a deep understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyberattacks.” The AttackIQ Security Optimization Platform enables a threat-informed defense through continuous, automated adversary emulations that test your cyberdefenses against well-defined threats, using the MITRE ATT&CK framework, and then measures the effectiveness of those defenses and executes improvements continuously.

Formerly part of the NSA, U.S. Cyber Command is responsible for planning the majority of U.S. military missions in cyberspace. Its mission statement is “USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to direct the operations and defense of specified Department of Defense information networks; and prepare to, and when directed, conduct full spectrum military…

The role established in 2021, the U.S. National Cyber Director advises the president on cybersecurity policy and strategy.

A vulnerability is a weakness in a system that could be exploited by malicious actors.

Vulnerability scanning is the process of identifying potential vulnerabilities in networks, programs, and devices. Vulnerability scanners are automated tools that perform this function.