Cyber security is aimed at preventing cybercriminals, malicious insiders, or others, from accessing, harming, disrupting or modifying IT systems and applications.
The primary objective of cyber security is to protect data. The security community commonly refers to a triangle of three related principles that ensure data is secure, known as the CIA triad:
A Distributed Denial of Service (DDoS) attack uses a large number of connected devices controlled by an attacker, to overwhelm a website’s resources with fake traffic. Because of the massive scale of today’s DDoS attacks, a common protective measure is a cloud-based DDoS mitigation service. These services use either DNS or BGP routing to divert traffic to cloud-based scrubbing servers, dropping malicious requests and forwarding legitimate ones to the web server.
A web application firewall (WAF) is deployed on the network edge as a reverse proxy, inspects incoming and outbound HTTP/S traffic to a web application, and filters out malicious traffic. A WAF uses security policies, and threat intelligence data such as known bad traffic sources and known attack patterns, to determine which traffic should not reach the application.
Bots are automated programs that perform actions over the Internet. Some bots are legitimate and should be allowed access to a website, while others are malicious and can be used to launch automated attacks. Bot management is a rapidly evolving field that protects organizations from bad bots using bot reputation databases, challenges that test whether a bot is a real user or not, and behavioral analysis that identifies suspicious bot behavior.
Many data breaches occur not in production environments, but on testing or DevOps environments. These environments are often not secured, but are commonly loaded with live, sensitive customer data. Data masking makes it possible to use realistic data on testing servers, while using transformation techniques to hide or scramble the original data.
Many software systems have known vulnerabilities, which can be exploited by hackers to compromise the system. Vulnerability discovery is a process that relies on vulnerability databases, which contain details about known vulnerabilities. It allows an organization to detect which systems are affected by vulnerabilities, understand severity and impact, and remediate the vulnerabilities.
The number of endpoint devices at organizations is exploding. There are millions of laptops, mobile devices, and Internet of Things (IoT devices), which connect to the Internet and represent a growing security risk.
Endpoint security involves deploying an agent on each endpoint, which can provide security capabilities like Next-Generation Antivirus (NGAV), to detect zero day attacks and inside threats, and Endpoint Detection and Response (EDR), to help security teams investigate and block attacks on endpoints in real time.
|Threat||How it Works||Risk to Your Organization|
|Phishing||Attackers send emails and messages to victims, disguised as legitimate, but in fact tricking the recipient into compromising security.||Phishing can be used by attackers as a precursor to almost every other type of cyber attack. It opens the door to your network and internal systems.|
|Advanced Persistent Threats (APT)||An organized group of cybercriminals wages a long-term cyber attack campaign against a specific organization.||APT groups can compromise data, including sensitive customer data, steal funds, and destroy or disrupt critical systems.|
|Malware||Software built to assist or carry out cyber attacks or cause damage to computer systems. It is typically able to spread itself and infect additional computer systems.||Malware can cause direct damage, for example corrupting data or disrupting system operations, and may include backdoors that give attackers unlimited access to perform other malicious actions.|
|Ransomware||A type of malware that encrypts data on computer systems, rendering it inaccessible to users, and demands a ransom for its release.||Ransomware is a threat to all organizational data. It can be very difficult to recover from it without an effective backup and disaster recovery plan.|
|Zero-day exploit||A first attempt to perform a cyber attack by exploiting a security vulnerability in a computer system. Because the vulnerability is not yet known, the attack is highly likely to succeed.||Zero-day exploits can have deadly consequences. Depending on the system targeted, they can result in attackers accessing critical systems, disrupting service and compromising sensitive data.|
|Code injection||An attempt by attackers to send malicious code to a computer system and cause it to process and execute that code. Common variants are SQL Injection and Cross-Site Scripting (XSS).||Code injection can be used to gain control of systems like web servers, application servers or databases, and manipulate them to perform actions desirable to the attacker.|
|Denial of Service (DDoS)||Involves sending large amounts of fake traffic to a computer system, until the volume of traffic overwhelms it, denying access to legitimate users.||Disruption of critical services, damage to reputation. Can also serve as a diversion, used to draw the attention of security staff and hide other malicious activities.|
|Bots and automated attacks||The vast majority of cyber attacks are carried out by automated systems called bots, which can scan systems for vulnerabilities, try to guess passwords, infect systems with malware, and perform many more malicious actions.||Bots are dangerous because they operate at large scale, constantly scanning the Internet for victims and attacking relentlessly. All websites are constantly hit with bot traffic, some of it malicious.|