Play Demo

Cyber Library

Alert fatigue

Alert Fatigue, otherwise known as alarm fatigue, occurs usually when a SOC analyst is vulnerable to a large number of frequent alarms (alerts) and consequently becomes desensitized to them. Desensitization usually results in longer response times and/or missing important alerts from malicious activity. A large number of those alerts are not, in fact, real threats […]

Anomalies and alerts

Anomalies are deviations from a normal pattern in one or more parameters that signal unexpected behavior. Anomalies are not, by definition, good or malicious. They are simply unexpected reactions. An anomaly could be an abnormally high number of users logging in as well an unusually low number. If bandwidth use spikes suddenly beyond what would […]

Anomaly Detection

In data mining, anomaly detection (also known as outlier detection) is the recognition and identification of unusual items, events or observations which raise suspicions by containing significant differences from the rest of the data. Usually, the anomalous items will translate to some sort of issues like bank fraud, a structural defect, errors in a text, […]

Automated Alert Prioritization

Automated alert prioritization ensures the most significant threats get the highest level of attention. It does this by flagging high-level threats so the threats that really matter are shown first to the SOC team to allow for a faster response time and therefore faster remediation. By sending actionable alerts to analysts based on tier, analysts […]

Automated Detection

Automated detection is referred to when artificial intelligence (AI) and a subset of AI known as machine learning, is used to automate the detection process. The importance of this process is that algorithms will work around the clock (all day every day 24/7) to find, identify and alert security personnel about suspicious or unusual network […]

Automated Investigation

Automated Investigation helps ensure analysists have a complete and accurate set of data when they handle a threat. It can also significantly reduce the alert fatigue caused by noisy legacy threat detection systems by ensuring all alerts that are sent to the SOC team are worthy of their time. It also reduces the dwell time […]

Automated Playbooks

Automated playbooks are the process of creating workflows with machine-understandable codification to enable automation of the procedures. After the code is created, orchestration services execute workflows by interfacing with the other orchestration services and humans as necessary. This goal of this is to maximize the efficiency of the SOC and better response times by allowing […]

Automated response

Automated response is pre-configured by the system to respond to and mitigate cyber threats. This means that as soon as the detection system flags incoming communications as malicious, the system responds to the threat without the intervention of security personnel, decreasing response time dramatically to better protect the organization. Since the security team must first […]

Automated Threat Detection

Automated threat detection is designed to detect attacks involved with advanced malware and persevering remote access in an attempt to steal sensitive data over an extended time period. To locate these attacks, automated threat detection solutions often include capabilities such as sandboxing, behavioral analysis, automated monitoring, and other detection mechanisms. Automated threat detection is when artificial intelligence […]

Autonomous Investigation

Autonomous investigation is a technology that provides advanced threat detection and automated incident response to achieve comprehensive threat remediation and prevent long-dwelling breaches. This technology provides the full scope of all security incidents instantly to augment the threat detection, investigation and remediation process and creates a comprehensive view of each cyber incident by combining disparate […]


Botnets can be described as an entire network of bots meaning a set of Internet-connected programs that communicate with similar programs to collaboratively perform tasks. Botnets may be benign, but common usages are generally not understood to be so: in common usage “botnet” refers to an illegal botnet that is assembled, used, and sold by […]

Breach Damage

Breach damage refers to the damage caused in the wake of an attack. Breach damage could consist of damage to the organization’s reputation, and data security as well as financial damage in the form of a ransom the attacker demands, stolen data or a fine that the organization must pay to compensate individuals impacted. Due […]

C&C (Command and Control)

A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network. Many campaigns have been found using cloud-based services, such as webmail and file-sharing services, as C&C servers to blend in with normal traffic […]


Crypto-mining/crypto-jacking is classified as a process in which agreements for various forms of cryptocurrency are verified and combined to the blockchain digital ledger. Also referred to as cryptocoin mining, altcoin mining, or Bitcoin mining (for the most popular form of cryptocurrency, Bitcoin), cryptocurrency mining has evolved jointly as a topic and activity as cryptocurrency usage […]

Cyber Forensics

In the context of cybersecurity, cyber forensics is the process of examining digital material and computer software such as various devices for the motives and goals of gathering evidence in an investigation of an exploit or criminal act. The steps involved in cyber forensics are acquisition, examination, analysis, and reporting. The techniques used include cross-drive […]


DGA can essentially be classified as an algorithm that originates a large volume of domain names. Domain-generation algorithms are usually used during a process known as domain fluxing. Domain generation algorithms (DGA) are algorithms seen in various grouped clusters of malware that are used to periodically create and disperse a large number of domain names that […]


Dridex is a species of banking malware that leverages macros in Microsoft Office to infect systems. After a computer has been properly infected, Dridex attackers can steal banking credentials and other personal information on the system to gain entryway into the financial records of any user. Dridex operates by first materializing on a user’s computer […]

EDR (Endpoint Detection & Response)

EDR (endpoint detection and response) cybersecurity technology that fulfills the need for constant monitoring and response to advanced and complicated threats. It is a subset of endpoint security technology and an essential piece of an optimal security posture. Not all EDRs work in the same way. Some EDRs perform analysis on the agent while others […]

Email gateways

An email gateway is a device or software used to monitor emails that are being sent and received from an organization. A secure email gateway is designed to prevent emails containing malicious communication. Messages that are deemed ‘unsafe” that secure email gateways typically block include spam, phishing attacks, malware or fraudulent content. If the email […]

Endpoint Detection

Endpoint detection is an emerging technology in the field of cybersecurity that tackles the need for continuous monitoring to advanced threats. Someone could even make the argument that an endpoint detection is a form of advanced threat protection. Endpoint detection tools,  such as SentinelOne, CrowdStrike and Cylance, operate by monitoring endpoint and network events and […]

Endpoint Security

Endpoint security is an approach to the protection of computer networks that are remotely bridged to client devices. It monitors the connection of laptops, tablets, mobile phones and other wireless devices to corporate networks creates attack playbooks for security threats. Endpoint security is usually run by a software that helps monitor and track activity on […]

False-positive alerts

A false positive is an error in some evaluation procedure in which a condition tested for is inaccurately found to have been detected. In spam filters, for example, a false positive is a legitimate message inappropriately marked as UBE –unsolicited bulk email, formerly known as junk mail. Another example is if a SIEM (Security Information and Event Management) rule […]

Fast Flux

Fast flux is a DNS technique that has and continues to be used by botnets to disguise phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures. The basic idea behind Fast flux […]


A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls have been the first line of defense in network security for many years, creating a barrier of traffic between secured and controlled internal […]

Incident Response

Incident response is an action plan developed (by an organization or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It is comprised of multiple steps in order to complete the process. These are the standard six steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis […]


Infostealer is a detection name used by Symantec to identify malicious software programs that gathers confidential information from the compromised computer. It is is a type of Trojan horse program that has a very specific payload goal. This Trojan gathers confidential information from the computer and sends it to a predetermined location. This information can be […]

Intrusion Detection

Intrusion Detection (ID) is a security organization system for networks and computers. An ID management platform collects and analyses information and large quantities of data on a computer or a network to identify potential security breaches which include both misuse and invasions. This system utilizes vulnerability assessment which is categorized as a technology developed to […]

Intrusion Detection System

An intrusion detection system is an appliance or software application that monitors a network or systems for malicious and potentially dangerous activity as well as policy abuses. Any malicious activity or infringement is usually reported either to an administrator or collected centrally by way of security information and an event management system. Some intrusion detection […]

Logic bomb

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files, should they ever be terminated from the company. Often, software and other threats that are […]

Machine learning based threat detection

Machine learning has arguably had the largest impact on prevention and detection technologies. The ability to continually learn what’s “normal” in behavior, traffic patterns and usage across an organization’s environment helps machine learning-enabled tools to be more effective in finding and preventing new attacks. For security operations practitioners, this makes machine learning an important ally in […]

Machine learning detection

Machine learning detection uses mathematical algorithms and statistical models to find and identify patterns, both benign and malicious, in an organization’s network security. There are two main types of machine learning detection: supervised machine learning and unsupervised machine learning. Supervised machine learning detection is based on manual human feedback whereas unsupervised machine learning detection groups […]


Malware is the nickname given to the term malicious software. Malware is defined as any software that is used to interrupt or disrupt computer operations, gather sensitive information, or gain access to certain files or programs and is used for hostile intent. In order to cause damage malware must be implanted or introduced in some […]

malware detection

Malware detection refers to the serious of protocols of detecting the presence of malware on a host system or of determining whether a specific program is malicious or benign.

malware remediation

Malware remediation is the process of removing all traces of malicious code from a network while leaving legitimate files untouched and unharmed. It is the process by which the malware is identified, assessed, flagged, prioritized and resolved. Failing to fully remove the code from the network is partial remediation and is harmful to network security […]

Malware response

Malware response refers to how an organization deals with malware that has entered their network. The response plan should include all procedures and policies that the security team will follow in case of a breach as well as the process of detection, investigation, and response to find the malware and fully remediate the breach. The […]

Network Traffic Analysis (NTA)

Network Traffic Analysis, or NTA, is the process of intercepting, recording and analyzing network traffic communication patterns in order to detect and respond to security threats. The term was originally coined by Gartner, and represents an emerging security product category. Vendors for NTA include CISO, DarkTrace, FireEye and SecBI.

Noisy detection

Noisy detection is the term used in cybersecurity and surrounding technical fields to refer to the occurrences of when Security Information and Event Management (SIEM) sends many false-positive alerts to the security operations team. A typical enterprise has the responsibility to pay attention to hundreds or thousands of false-positive alerts daily which creates “noise” in […]

Packet Capture

Packet capture is a unit of data that is routed between an origin and a destination on the web or any other packet-switched network. When any file (such as e-mail message, HTML file, Graphics Interchange Format file, Uniform Resource Locator request) is sent from one place to a new destination, the Transmission Control Protocol (TCP) […]

Packet Capture Analysis

“Packet capture is a cybersecurity and digital networking term for intercepting a data packet that is migrating or crossing over a specific computer network. Once a packet is already captured, it is stored temporarily so that it can be analyzed. The packet is observed and investigated to aid in a diagnosis to then solve network […]

Partial mitigation

Cyber mitigation refers to policies and processes that a company enforces to prevent security incidents and data breaches in addition to limiting the extent of damage when security attacks occur. Partial mitigation is when this process is not completed and implemented after a security breach, typically due to a lack of information, which leaves the […]

Partial remediation

In cybersecurity, remediation refers to the process by which organizations identify and resolve existing threats in their systems. In other words, it is the process by which risk is identified, assessed, flagged, prioritized and resolved. Partial remediation is when a threat is only partially removed from the system, leaving some of it in the network […]


Phishing is an attempt to acquire sensitive information such as usernames, passwords, and credit card details by impersonating as a trustworthy entity. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a […]


Ransomware is a strain of malware from cryptovirology that threatens to publish the victim’s information, secrets, data or to perpetually block access to it unless a ransom is paid. Ransomware is highly illegal and is used today in a wide range of crimes to extort and threaten humans in order to obtain money, information, etc.

Security analyst

The security analyst plays an essential role in keeping an organization’s proprietary and sensitive information protected and secure. He/she works inter-departmentally to identify and correct flaws in the company’s security programs, solutions, and systems while giving recommendations for specific measures that can improve the company’s overall security posture. Security analysts are ultimately responsible for ensuring […]

Security Information and Event Management (SIEM)

In the field of cybersecurity, security information and event management (SIEM) provide real-time analysis of security alerts generated by applications and network hardware., software products and services combine security information management (SIM) and security event management (SEM). Commonly used SIEM vedors are IBM, Splunk, Sumologic, and ArcSight.

Security operations center

A security operations center is a consolidated unit that deals with related security discrepancies on an organizational and technical level. A SOC within a building or facility is a central location from where the staff supervises the site, using data processing technology. An information security operations center (ISOC) is a dedicated site where enterprise information […]

SOAR (security orchestration automation and response)

SOAR is a software solution that allows an organization to collect data about security threats from multiple sources and respond without human assistance to improve a SOC’s efficiency. According to Gartner, the 3 most important aspects of a SOAR solution are as follows: Threat and vulnerability management, meaning the technology support the remediation of vulnerabilities. […]

SOC Automation

SOC automation is when a security operations center automates aspects of their cybersecurity defense such as detection, investigation, and response. One of the more common types of SOC automation is via SOAR (security orchestration automation and response). The goal of SOC automation is to augment the SOC team to speed up the time from detection […]

SOC Orchestration

SOC orchestration can be classified as an approach to connecting a variety of security tools. These tools are then integrated into a disparate security system. Popluar orchestration vendors include Demisto and Phantom. It is the connection layer that streamlines and distributes security processes and powers security automation. SOC teams usually have dozens of security tools […]

SOC playbooks

SOC Playbooks can be defined as a precise set of protocols that informs all members of an organization with a clear understanding of their roles and responsibilities regarding a wide array of cybersecurity incidents – before, during and after a security episode.

Threat detection

Threat detection is classified as a type of security that goes beyond basic security analysis. It’s built into “appliances” or integrates into existing security infrastructure such as web gateways to ingest the gateway’s logs for analysis. Threat detection uses big data analytics to find threats such as malware or other remote access threats that attempt […]

Threat Hunting

Cyber threat hunting is a dynamic and active cyber defense task. It is “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions”. This method of cybersecurity is a stark contrast to traditional methods of threat management that investigate a threat after there has been […]

Threat intelligence

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. It allows you to effectively mitigate attacks. The three subcategories of threat intelligence are strategic, operational, […]

Undetected threats

Undetected threats are malicious communications and activities that the organization’s Security Information and Event Management (SIEM) fails to identify and alert the security operation’s team about in the network. That failure is also called a false negative because the SIEM doesn’t catch the threat and deems it benign. Undetected threats can lead to long-dwell breaches […]

Web gateways

A secure web gateway offers protection against online security threats by enforcing company security policies and filtering malicious internet traffic in real-time. A web gateway aims to prevent unsecured, and potentially malicious, traffic from entering an organization’s network. Organizations use web gateways to protect their employees from accessing and being infected by malicious web traffic, […]

Workflow Automation

Workflow Automation is the process of automating the design, execution, and automation of processes based on workflow rules between human tasks, data or files which need to be routed between people or systems. It works based off of pre-defined business rules to time and makes processes more efficient. Workflow automation can be used in automating […]

© 2020 SecBI Terms of Use Privacy