How can we help?

A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.

A method of penetration testing where the tester has no prior knowledge of the target system, simulating an external attack.

A security team that defends an organization's information systems against attackers.

A class of security tools that enable compliance monitoring, integration with DevOps processes, and incident response for cloud environments.

A list of publicly disclosed cybersecurity vulnerabilities and exposures that is free to search, use, and incorporate into products and services.

A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Distributed Denial of Service attack, where multiple compromised systems attack a target, such as a server, website, or other network resource, and cause a denial of service for users of the targeted resource.

The process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.

A cyber technology that continually monitors and responds to mitigate cyber threats.

A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic.

A network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies.

A penetration testing method where the tester has partial knowledge of the internal network or system.

A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.

The approach an organization takes to manage the aftermath of a security breach or cyberattack.

A security risk that originates from within the targeted organization.

Techniques that cyber attackers use to progressively move through a network as they search for the key data and assets that are the ultimate target of their attack campaigns.

Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

An authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism.

A simulated cyber attack against your computer system to check for exploitable vulnerabilities.

A method of trying to gather personal information using deceptive e-mails and websites.

A type of malicious software designed to block access to a computer system until a sum of money is paid.

A group of security professionals who act as adversaries to overcome cybersecurity controls.

A collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.

A centralized unit that deals with security issues on an organizational and technical level.

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.

A penetration testing method where the tester has full knowledge of the system being tested.

A computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability (including the vendor of the target software).

A strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization's network architecture.