Skip to main content
Dataminr Redefines Cyber Defense with AI-Powered Client-Tailored Intelligence and Autonomous Threat and Exposure Management
Learn More
Request a Demo

Cybersecurity Glossary

A

  • Alert triage systematically evaluates, prioritizes, and responds to security alerts. It ensures security teams focus on the most critical threats. An effective triage process helps organizations assess the severity of threats, correlate them with known attack patterns, and determine the appropriate response. By leveraging automation, threat intelligence, and predefined risk scoring, security teams can streamline workflows, reduce response times, and enhance overall threat detection and mitigation. Read More

C

  • In cybersecurity, continuous control monitoring (CCM) refers to the automated, ongoing process of checking whether an organization's security and compliance controls are working properly. Instead of relying solely on periodic audits and risk assessments, this process uses continuous control monitoring tools to gather real-time data, identify issues, and enable faster fixes. CCM for cybersecurity is vital for proactive risk management and enhanced compliance. At a time when cyber attacks are rampant, with phishing and ransomware threats impacting organizations daily, continuous monitoring detects system vulnerabilities before they can cause irreversible damage. Read More

  • Cyber risk quantification (CRQ) assigns monetary value to cyber threats, helping businesses prioritize security investments. ThreatConnect's Risk Quantifier automates CRQ with AI, providing quick insights. It uses models like FAIR and Monte Carlo simulations to assess risk and handle data complexity. CRQ enables informed decisions and effective risk communication. Read More

  • Cyber threats encompass harmful events that impact organizations through unauthorized access or data breaches, such as ransomware, phishing, and AI-driven attacks. Managing these threats effectively is crucial for safeguarding assets. Platforms like ThreatConnect's TI Ops empower organizations to enhance their security and risk posture by operationalizing threat intelligence. Read More

  • Cyber threat data aggregation is the meticulous process of collecting, consolidating, and analyzing all data relating to cyber threats. Data can come from multiple sources, including third-party sites and commercial sources. The primary goal of cyber data aggregation is to provide organizations with comprehensive information about potential threats and help them devise a mitigation plan to prevent possible data breaches and future cyberattacks. Read More

  • Cyber Threat Intelligence (CTI) helps organizations defend against threats by transforming raw data into actionable insights. It utilizes sources such as commercial feeds and community sharing. Challenges like stakeholder communication and data overload can be addressed with ThreatConnect's TI Ops Platform, which improves security by aggregating, analyzing, and managing threat intelligence. Read More

  • Cybersecurity risk assessment is the process of identifying and evaluating potential threats to an organization's digital infrastructure. Organizations must determine threats and vulnerabilities, assess their likelihood of occurring, and measure their potential impact. Risk assessment involves pinpointing critical assets, analyzing threats, assessing weaknesses, and prioritizing risks based on severity. After identifying risks, businesses can implement strategies to mitigate them, such as encryption, stronger access controls, and continuous monitoring.  Read More

D

  • The Diamond Model of Intrusion Analysis simplifies cyberattacks into four elements: Adversary, Infrastructure, Capability, and Victim. It helps cybersecurity teams understand intrusions, predict threats, and strengthen defenses. ThreatConnect uses this model in its Threat Intelligence Platform for threat analysis, relationship mapping, and intelligence sharing. With the Diamond Model, organizations can better anticipate and prepare for cyber threats. Read More

F

  • Federated search is simultaneously retrieving information across multiple websites, online databases, and repositories using a single search tool. This strategy makes large amounts of data easily searchable compared to using several sets of indexes. Federated searching reduces the number of vulnerabilities, hence improving security for users. Read More

I

  • Incident response refers to the steps and strategies an organization implements to detect and respond to cyberattacks or data breaches. It involves developing a strategic plan that aims to prevent cybersecurity incidents and minimize damage, operational disruptions, and costs. Read More

  • Indicators of Compromise (IoCs) are used to identify potential security breaches or malicious activities in computer systems, networks, or digital environments. They serve as "red flags" to detect and respond to threats. IoCs can include file-based, network-based, behavioral, registry, domain, and email indicators. By monitoring and analyzing IoCs, security professionals can better protect their systems against cyber threats. Common examples of IoCs include MD5 hashes, IP addresses, domain names, file paths, registry keys, and network traffic patterns. Read More

M

  • Malware analysis is the process of studying the origin, functionality, and potential effects of malicious software. It involves analyzing malware code to understand how it works, how it differs from other types, and the source of the attack. By dissecting malware, organizations can better understand how to defend and protect their systems from future threats.  Read More

  • MITRE Adversarial Tactics, Techniques, and Common Knowledge, or MITRE ATT&CK, is a public knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. It's a globally accessible repository used as the basis for developing many specific threat models and methodologies in cybersecurity, government, and the private sector. MITRE ATT&CK was designed to foster collaboration among communities for enhanced cybersecurity measures. It is freely accessible to any organization or individual. Read More

P

  • Phishing is a deceptive social engineering technique used to steal sensitive data or deploy malware. Its primary purpose is to trick a user into revealing credentials, executing malicious code, or making an unauthorized payment. Read More

R

  • Risk prioritization in cybersecurity enables organizations to identify, assess, and rank risks based on their likelihood and potential adverse impact. By systematically evaluating threats and vulnerabilities, security teams can focus their resources on the most significant risks and deliver the highest possible value. Read More

S

  • Security intelligence is the collection, standardization, and analysis of real-time data generated by networks, applications, and other IT infrastructure. This data assesses and strengthens an organization’s security posture by providing actionable insights that guide threat mitigation and risk reduction. Read More

  • A SOC is a dedicated team of cybersecurity professionals continuously monitoring an organization’s IT infrastructure. Their primary mission is to detect, analyze, and respond to real-time security incidents. SOCs unify cybersecurity technologies, processes, and personnel to create a centralized, comprehensive threat detection and response approach. Read More

T

  • Read More

  • Threat actors intentionally carry out actions to compromise the confidentiality, integrity, or availability of digital systems, networks, or data. They differ from general system vulnerabilities or accidental insiders. The behavior of these individuals, groups, or entities is usually strategic, goal-driven, and often tied to broader objectives — financial gain, political influence, espionage, disruption, or ideological messaging.  Read More

  • Threat detection and response are primary elements for success in modern cybersecurity frameworks. With the appropriate actions and tools, your security team enjoys faster discovery and quicker response and remediation. Today's businesses increasingly adopt proactive stances and advanced solutions like threat detection software to support their cybersecurity efforts. Read More

  • Proactive threat hunting is becoming increasingly important as cyber threats continue to rise. By incorporating threat intelligence and effective threat-hunting solutions, organizations can reduce the potential negative consequences of undetected threats and enhance collaboration among security teams. Read More

  • Threat intelligence (TI) is the evidence-based process of collecting, analyzing, and applying knowledge about cyber threats. It helps security teams understand adversary behavior—like motives, targets, and methods—so they can detect, prioritize, and respond to threats more effectively. Read More

  • Discover how ThreatConnect's TI Ops Platform leads the industry with features like AI, automation, and a unified threat library designed to enhance cybersecurity teams' ability to protect data and assets. Read More

  • Threat intelligence software provides cybersecurity teams with real-time data to detect and respond to threats. It analyzes data to offer actionable insights, helping organizations move from reactive to proactive security. Key tools include Threat Intelligence Platforms (TIPs), SIEMs, EDRs, IDPS, threat feeds, and hunting platforms. ThreatConnect's platform offers a unified threat library, AI analytics, visualization tools, and automation to enhance security and decision-making. Read More

V

  • Vulnerability prioritization is the systematic process of ranking security vulnerabilities based on multiple risk factors (including severity, exploitability, business impact, asset criticality, and threat intelligence) to determine which should be remediated first. Rather than fixing every vulnerability or relying solely on CVSS scores, this risk-based approach enables security teams to focus limited resources on addressing the weaknesses that pose the greatest actual risk to the organization, ensuring remediation efforts align with business priorities and deliver the most significant risk reduction. Read More

  • Vulnerability remediation is a cybersecurity process that involves identifying threats or vulnerabilities in an organization's system or network. Depending on the existing IT infrastructure, vulnerabilities may exist in an organization's network, software, hardware, personnel, or physical site. Remediation focuses on identifying weaknesses in the systems and addressing them to prevent data theft, malware, or service disruptions. Read More