Cybersecurity glossary

Trusted Automated eXchange of Intelligence Information is a protocol developed to transport STIX objects in an automated and machine-readable manner for sharing cyber threat intelligence.

The difference between XDR and SIEM lies in their approach: a SIEM collects and correlates logs across the IT environment mainly for monitoring and compliance, while XDR integrates multiple security products into a unified system focused on threat detection and response.

A Managed Security Operations Center is an outsourced alternative to an in-house SOC, in which an external provider delivers round-the-clock security monitoring and response, increasingly adopted as threats grow more sophisticated and the talent gap widens.

A modern SOC relies on a technology stack of essential tools, including SIEM, EDR, XDR, SOAR, and NDR, that work together to detect, investigate, and respond to threats efficiently.

Traffers are underground groups that distribute infostealers on compromised computers and are paid commissions by cybercriminals in exchange for the stolen credentials.

Tactics, Techniques, and Procedures describe the behaviors, methods, and tools used by threat actors when carrying out cyberattacks, providing valuable context for understanding how attackers operate and improving defenses.

Turla, also known as Snake, Uroburos, or Venomous Bear, is a highly sophisticated cyber espionage group believed to operate in the interests of the Russian government, active since at least 2008 against governments, defense, telecoms, and embassies.

Tycoon 2FA is a Phishing-as-a-Service kit designed to conduct adversary-in-the-middle attacks, capable of bypassing multi-factor authentication, particularly time-based one-time passwords.

Vice Society is a ransomware group that emerged in 2021, known for its double extortion tactic and for targeting the education, healthcare, and government sectors.

A Virtual Private Network is a technology that creates a safe and encrypted connection over a less secure network such as the internet, allowing users to send and receive data across shared or public networks as if directly connected to a private network.

Web Distributed Authoring and Versioning is an extension of HTTP that allows clients to perform remote web content authoring, enabling users to collaboratively edit and manage files on remote web servers.

Extended Detection and Response is a security technology that collects and automatically correlates data across multiple layers such as email, endpoint, server, cloud, and network, into a unified detection and response platform.

XDR integration with existing solutions is the process of connecting an Extended Detection and Response platform with a company's current security tools, such as firewalls, SIEM, and EDR, to strengthen cybersecurity without starting from scratch.

XDR, EDR, and MDR are three detection and response approaches that are often compared: EDR focuses on endpoints, XDR extends detection across multiple layers into a unified platform, and MDR is a managed service combining technology with human expertise.

YARA is a framework introduced in 2007 to identify malware and classify it into families sharing similar characteristics, widely adopted among cybersecurity companies; a YARA rule is a set of patterns used to detect and match malicious files.

A zero-day vulnerability is a software flaw that is unknown to the vendor and therefore unpatched, leaving developers "zero days" to fix it before it can be exploited by cybercriminals.

Zero Trust is a security model that challenges the traditional notion of implicit trust within a network, operating on the principle of "never trust, always verify" by requiring continuous verification of every user and device.