Getting your head around the core components of Extended Detection and Response architecture can be challenging enough without having to first decipher what XDR bringing together solutions including EDR, NDR and SIEM under a single platform even means.

If you are new to navigating the world of cybersecurity, start with this cheat sheet of acronyms and definitions along with links to additional information. The main thing to remember, there are too many acronyms in cybersecurity to remember!

Acronyms

RaaS: Ransomware as a Service is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products. RaaS gives everyone, even people without much technical knowledge, the ability to launch ransomware attacks just by signing up for a service.

(2FA): Two-factor authentication Used to manage devices – compliant or non-compliant – that contain minimal to moderately sensitive data.

(MFA): Multi-factor authentication This is a layered authentication approach which creates an extra step to verify the identity of a person who wants to gain access to servers and databases. It provides access only after presenting two or more proofs of identity.

(PAM): Privileged access management This typically involves the use of repository, logging, and administrative account protection. It works by having administrators go through the PAM system and check out the account which will then be authenticated and logged. When the account is checked back into, the credential will be reset, so the administrator will be forced to check the account again in order to use it.

CI/CD: Is a method for distributing to clients frequently using automation stages of application development. The main items which are attributed to the CI / CD are continuous integration, continuous distribution and continuous implementation.

FIM: File Integrity Monitoring is a technology that monitors and detects changes in files that may indicate a cyberattack. Otherwise known as change monitoring, file integrity monitoring involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized.

MTTR & MTTD: While there are dozens of metrics available to determine success, here are two key cybersecurity performance indicators every organization should monitor.

Mean Time to Detect (MTTD): MTTD is the average time it takes to discover a security threat or incident.

Mean Time to Respond (MTTR): MTTR measures the average time it takes to control and remediate a threat.

PCI DSS: The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

NERC CIP: North American Electric Reliability Corporation Critical Infrastructure Protection is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.

GDPR: General Data Protection Regulation set standards that companies that collect data on citizens in the European Union (EU) must comply with to protect customer data.

HIPAA: The Health Insurance Portability and Accountability Act sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. 

SOX: The United States Congress passed the Sarbanes-Oxley Act in 2002 and established rules to protect the public from fraudulent or erroneous practices by corporations and other business entities.

FISMA: The Federal Information Security Management Act is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.

NIST: The National Institute of Standards and Technology plays an important role in the FISMA Implementation Project launched in January 2003, which produced the key security standards and guidelines required by FISMA.

OT and ICS: Operational Technology refers to computing systems that are used to manage industrial operations as opposed to administrative operations. Industrial control systems (ICS) is a major segment within the operational technology sector. It comprises systems that are used to monitor and control industrial processes.

CIS: The Center for Internet Security publishes the CIS Critical Security Controls (CSC) to help organizations better defend against known attacks by distilling key security concepts into actionable controls to achieve greater overall cybersecurity defense.

IDS: Intrusion Detection System is a monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center (SOC) analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat.

IT and OT: IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT) systems. IT systems are used for data-centric computing; OT systems monitor events, processes and devices, and make adjustments in enterprise and industrial operations.

CUI: Controlled Unclassified Information is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected. 

CMMC: Cybersecurity Maturity Model Certification is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB)

DPI:  Deep packet inspection or packet sniffing is an advanced method of examining and managing network traffic. 

SASE: Secure Access Service Edge combine network and security functionality in a single, cloud-native service to help secure access wherever users and applications reside.

XDR: Extended (or Cross Platform) Detection and Response brings together threat detection and response solutions, including EDR, NDR and SIEM, under a single platform.

EDR: Endpoint Detection and Response is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with rule-based automated response.

NDR: Network Detection and Response enables organizations to monitor network traffic for malicious actors and suspicious behavior, and react and respond to the detection of cyber threats to the network. 

SIEM: Security Information and Event Management is a set of tools and services offering a holistic view of an organization’s information security. SIEM tools provide: Real-time visibility across an organization’s information security systems. Event log management that consolidates data from numerous sources.

AMP: Advanced Malware Protection software is designed to prevent, detect, and help remove threats in an efficient manner from computer systems. Threats can take the form of software viruses and other malware such as ransomware, worms, Trojans, spyware, adware, and file-less malware.

NGIPS: Next-Generation Intrusion Prevention System is a system for enhancing network security, that comes in physical and virtual forms. It allows you to see network’s contextual data to spot vulnerabilities, integrate with existing network and keep security updated with new signatures and rules.

IPS: An Intrusion Prevention System is a form of network security that works to detect and prevent identified threats. Intrusion prevention systems continuously monitor your network, looking for possible malicious incidents and capturing information about them.

CASB: A Cloud Access Security Broker is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed.

SOC: A Security Operations Center is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes

IOC: Indicator of compromise is a forensic term that refers to the evidence on a device that points out to a security breach.

Kill Chain: The cyber kill chain is a series of steps that trace stages of a cyberattack from the early reconnaissance stages to the exfiltration of data. The kill chain helps us understand and combat ransomware, security breaches, and advanced persistent attacks (APTs).

MITRE ATT&CK:  MITRE Adversarial Tactics, Techniques, and Common Knowledge framework is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

MDR: Managed detection and response is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response. The main benefit of MDR is that it helps rapidly identify and limit the impact of threats without the need for additional staffing.

MSP and MSSP: A Managed Service Provider ensures that the IT infrastructure of a company is operational. They are the professionals to turn to provide an enterprise with basic network requirements. A Managed Security Services Provider is a type of IT service provider whose primary focus is cybersecurity. Because of their specialized nature, MSSPs can provide a much higher level of security than MSPs and help organizations implement complex security procedures and institute appropriate practices.

SSDF: The Secure Software Development Framework is a set of fundamental, sound, and secure software development practices based on established secure software development practice 

CSF: The Cybersecurity Framework was created by The National Institute of Standards and Technology (NIST) as a voluntary cybersecurity framework based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.

Scroll to top