From drive-bys to sandboxes: 20 more security terms leaders should know

The next post in our three-part series puts complex jargon about data breaches in plain language to educate senior management about the threats they face

Share this article:

This is the second of a three-part series in which we’re sharing a list we’ve compiled of the 60 most common terms that may be brought up in cybersecurity discussions. Most IT professionals will be familiar with these, of course, but ask yourself whether they would make sense to your CFO, COO or the CEO. If not, use this list as a jumping-off point in your next discussion. See part one here.

  1. Drive-by: A technique used by cyber-criminals whereby legitimate websites are infected with malware that secretly transmit such programs to the computers of people visiting the site. The malware is downloaded in a manner that users are oblivious to the malicious activity.
  2. Dropper: A program that is designed to “install” malware to a target system. The program often bypasses anti-virus systems since the malware is not injected into the system until the code within the program is executed by an action such as clicking a link within an email.
  3. DLP: Data Loss Prevention is a solution implemented within network security systems to ensure that sensitive data is not made available to unauthorized people intentionally or in error. DLP can apply to data in use, in transit or in storage.
  4. Exploit: Literally means exploiting a vulnerability in a computer system – software or hardware. Cyber criminals use exploits to take over control of computer systems to initiate criminal activities such as stealing data, or participating in a DDoS attack.
  5. East-West vs. North-South: Communications between internal and external entities in a network is referred to as north-south traffic while communications between two entities within a network is considered east-west traffic. Traditionally, east-west traffic will not be filtered by a firewall which can be a problem if the network has already been breached.
  6. Firewall: A security system designed to control the inflow and outflow of data traffic with the intent of keeping malicious traffic out and prevent unauthorized outflow of sensitive data. A firewall establishes a logical wall between trusted internal computers and untrusted external computers on the Internet. Firewall functionality can be achieved through hardware appliances or software applications.
  7. Fake Apps: The proliferation of mobile apps have caught the attention of cyber criminals who have started creating fake versions of such popular apps. Examples include Angry Birds and Netflix apps. The idea is to dupe users into entering their username and passwords into the fake app’s login screen which will in turn be exploited by the hackers for personal gain.
  8. Honey Pot: The concept of honeypot is to set traps for cyber criminals by exposing what appears to perpetrators as vulnerabilities in a company’s network. Similar to a sting operation by the police, honeypots are set up in isolated part of a network which can be monitored and tracked for illegal activity.
  9. Hacktivism: A term coined by combining hacking and activism, refers to miscreants who have motivations beyond monetary gains. This could include political agendas (SONY), moral high-ground (Ashley Madison) and other socio-economic or religious issues.
  10. IPS/IDS: Intrusion Prevention/Detection Systems are key components of network security, and monitor, detect and protect the integrity of the network. The IDS/IPS appliance or software identifies malicious activity, blocks it, creates a log and reports it for further remedial action.
  11. Malware: Malware is a malicious software program used by cyber criminals to gain access to computer systems and the information within it. Malware infected computers are then used to disrupt, destroy or steal information for the perpetrator’s personal agenda. Malware often stays dormant within computers until actions are initiated by a command and control system.
  12. Malvertising: Malicious advertising is a form of malware propagation through online advertisements. Unsuspecting users click on malware-laden advertisements that promise attractive deals, only to have viruses and other harmful programs secretly installed on their computer systems.
  13. MSS: Managed Security Services refer to network security services outsourced to an external provider. MSS helps companies focus on their core business without having to worry about internal expertise and resources that are needed to maintain and manage sophisticated security environments.
  14. Next-Generation Firewall: NGFW is an integrated firewall that provides additional functionalities which are traditionally delivered through separate, purpose-built appliances. This can include Web Application Firewall, IDS/IPS, URL filtering, anti-virus inspection, and others.
  15. Phishing: A process by which cyber criminals fool users into divulging sensitive information by masquerading as trustworthy sources in electronic communications such as emails. The phishing emails typically appear to come from reputable sources such as a bank, Apple, PayPal, etc. Phishing continues to be a major tool for cyber criminals to dupe unsuspecting users into forking out their confidential information.
  16. Pen Test: Short for penetration test, pentest is a technique by which a software program is used to run tests to identify vulnerabilities in a computer system or network.
  17. Ransomware:  A malicious program that blocks/limits access to computer systems that it infects. The perpetrators demand that a ransom be paid before they unblock access to the computer system. In some cases, a simple reboot may unfreeze the system. In other instances, like CryptoLocker, the files on the computer are encrypted by the malware, forcing victims to pay up or lose all data on the computer. The ransom demands are normally kept reasonable at ~$100-$300 per computer to make this cyber crime viable.
  18. Rogue AV:  A program or software pitched as anti-virus or disk cleaning software when in reality it is used to infect the user’s computer with malware. At best it can be harmless software that does not do the job that it is meant to do; on the other hand it can control your computer for other nefarious activities including DDoS attacks.
  19. Spear-phishing: As opposed to phishing, spear-phishing is an attack targeted at individuals or institutions. Hackers gain access to organizational information through LinkedIn, Facebook, etc. and use this information in emails to personalize and sound genuine. Spear-phishing is one of the more successful hacking techniques currently in use in the industry.
  20. Sandbox: A term used in network security to isolate and execute untested/unverified programs within a controlled environment, separate from production applications. Sandboxes are used to identify and remove potential viruses and malware before clean traffic is allowed to reach host devices.

Image courtesy of Stuart Miles at

Share this article:
Comments are closed.