Explained: Security Acronyms Businesses Need to Know

As such, it is a nerve centre of acronyms, with fresh terminology constantly entering the security vocabulary. Keeping on top of the ever-evolving lexicon can be a full-time job for business and technical leaders. Is that new term a short-lived buzz phrase, or a development that will be critical to your ongoing security posture? To make life a little easier, we’ve rounded up seven of the latest cybersecurity acronyms that deserve your attention.

DMARC – Domain-based Message Authentication Reporting and Conformance

DMARC analysers are deployed by email security software to prevent email impersonation through domain spoofing. A DMARC email validation system is designed to uncover, block, and report on unauthorised domain use and is the next generation of SPF and DKIM authentication techniques.

Domain spoofing, the act of imitating an email address (and often the exact send name and signature) is favoured tactic in business email compromise (BEC) and whaling attacks. This is because spoofed domains are more difficult to identify as a security threat and are often accompanied by heavily researched social engineering tactics.

When specifying email security, businesses should only consider solutions with DMARC built in as part of end-to-end security. A DMARC analyser should function for email send and receiver and ideally be designed for self-service configuration or delivered through a managed service, to avoid delayed responses to active directory changes.

ATP – Advanced Threat Protection

Advanced Threat Protection is a technology that protects against complex cyberattacks and malware. It can be a single product but is typically a solution comprising a layered stack of cybersecurity tools. These tools can be configured at layer level, based on business risk levels and operational models either by a Managed Service Provider like Node4 or internally.

ATP is more agile that its antivirus and antimalware predecessors and is becoming a new business standard. This is due to Machine Learning and AI capabilities, which enable a business’ cyber defence to adapt to rapidly evolving, day zero, and never-before-seen cyberthreats.

The “advanced” in ATP actually refers to threat sophistication, rather than the solution. A threat is considered “advanced” when it is exceptionally difficult to stop. The threat actors behind advanced threats typically:

• Have unlimited resources to sustain an attack and maintain network access, overtly or covertly, like the recent oil pipeline malware attacks
• Have access to finances or development to continually adapt a threat. Ransomware strains are a symptom of this
• Design bespoke attacks that are tailored to specific applications, organisations or operating systems, like the type of attacks we see hitting healthcare IT

MFA- Multi Factor Authentication

Multi Factor Authentication is the process of requiring a user to verify their identity or permissions when logging in or making transactions online. A user must verify their identity using 3 or more credentials from different categories. There are know (password or secret phrase), have (i.e., a security pin or verification link) and are (usually biometrics such as phone or tablet fingerprint matching or facial recognition.)

MFA creates a layered cybersecurity defence which means that should one factor be compromised, such as a password stolen, an attacker will not be able to gain wider authorised access or bring down a system. A threat actor can continue trying, but theoretically, monitoring tools should flag an attempted breach before further harm can be done. MFA is also a great deterrent – cyber attackers often try their luck first with easy targets.

In the past, user login authentication has relied on two forms of verification. Most commonly a password, and a pin or verification link sent to either a mobile phone number or email address. As cyberthreats become smarter, and threat actors target entire networks rather than single devices, a more robust solution is advisable. In particular, any colleague with access to sensitive data should be considered a candidate for MFA.

SOC – Security Operations Centre

A Security Operation Centre is an end-to-end, centralised security function within a business. It consolidates every aspect of effective security posture, including personnel, process and technology. It continuously monitors and improves organisational security posture and works as a hub, or security nerve centre, analysing data across IT infrastructure including networks, applications and devices. If the SOC detects a security incident, it is able to respond quickly and cohesively to protect a business.

A SOC is an effective cyberthreat prevention solution because it collects data from every source within an IT environment in real time. This means that IT leaders understand their security vulnerability big picture and the minute details that are critical to rapidly combatting attacks. A SOC is responsible for the following:

1. Resource management – covering the infrastructure it protects, and the security processes and software that deliver this protection
2. Preventative maintenance – covering systems and policy management, and disaster recovery, and ongoing awareness education
3. Proactive monitoring – real time, 24/7 scanning for abnormal or suspicious network activity
4. Alert management – ranking and triaging threats and discarding false positives
5. Cyberthreat response – immediate response to attack or threat to protect a business from harm, without causing unnecessary disruption
6. Incident recovery – systems restore and data recovery, including activating the disaster recovery and business continuity plan
7. Log management – collecting, maintaining and reviewing organisation-wide network activity and communications, to establish a safe baseline
8. Incident investigation – finding out the when, how and why of a root cause
9. Continuous improvement – implementation of changes related to an incident or evolving cyberthreat landscape
10. Compliance review – regular audits of the laws and best practices that govern organisational activity

SIEM – Security Information and Event Management

SIEM is a solution that provides a holistic view of IT network activity in real time. It assists IT teams in proactively addressing security threats and is a typical component of a SOC (see above.) The key component of SIEM is its real time security event correlation, monitoring, and response capability. It provides a business with complete visibility of network security posture, while also enabling control over network threats.

SIEM solutions collect log and event data from systems, apps and devices, and sorts into categories of malicious activity. If a risk is identified, IT teams are alerted. This makes IT infrastructure security management more efficient and agile, both in response and gathering strategic insights.

SAPA – Security Awareness Proficiency Assessment

A Security Awareness Proficiency Assessment is a form of user cyber awareness testing. It aims to assess human susceptibility to cyberthreats in the context of your business operations. To be considered SAPA, testing should include scored results, skills-based assessments, and surveys.

A key difference between SAPA and other types of cyber awareness testing or training is how it is deployed. A SAPA is usually sent, scored, and reported on by automated software. Whereas other types of cyber awareness training are undertaken post-attack or as part of employee onboarding, SAPAs happen more frequently. A business can set SAPAs to a schedule that suits their level of risk and vigilance.

CISOaaS – Chief Information Security Officer as a Service

CISOaaS is a product that outsources the development of security initiatives, allowing a business dynamic access to a complete security and privacy resource to a level it wants and needs. A relatively new product to market, it is fast becoming a key way to improve security posture and compliance as threats evolve, without investing internally.

CISOaaS continually evaluates, implements and maintains security and privacy programmes including risks associated with data breaches and non-compliance. It is growing in popularity due to its flexibility and the increasing preference to transfer security policymaking risk outside of a business. Depending on operational requirements and budget, most CISOaaS solutions are available as remote or on-site resources.

DPOaaS – Data Privacy Officer as a Service

Another solution that supports or replaces an internal security function. DPOaaS can become a complete resource for Data Privacy with a third-party expert responsible for organisation-wide privacy arrangements, including frameworks, compliance obligations, and corrective actions. Businesses can achieve robust, continual compliance in a way that is flexible to their needs, and without investing in a DPO.

Organisations are looking toward a DPOaaS solution as a means of keeping on top of critical, evolving legislative areas while enabling service delivery. DPOaaS allows on-demand access to experts with the latest data privacy advice, who constantly work on pinpointing obligations and risks within IT functions.

VRO – Virtual Risk Officer

Not a physical job role, but a strategic cybersecurity function focused on risk scoring. A Virtual Risk Officer is sometimes included in a security software stack and can be replicated in-person by a Chief Security Officer.

VROs provide dynamic risk scores assigned to individuals, user groups and a company as whole, which enable accurate and impactful decisions to be made about security awareness training plans. As an overall view, a company can understand where it is most susceptible to cyberattack. Custom actions can also be created based on individual risk scores, such as those that rise above a certain level.

Concerned about your security posture? Spending more time keeping up with the latest security solutions than you are developing your business? Speak to Node4 about our Security as a Service solution to defend your business from advanced cyberthreats.

Our cloud-based solution proactively monitors networks, systems, and applications 24/7, delivered from our Security Operations Centre (SOC). Read more here.