Glossary
The Arsen Cybersecurity Glossary is designed to help you improve your knowledge of the sector and adopt good practices in your daily life.
Arsen is a platform that allows you to test your employees through phishing simulation campaigns. When launching a campaign, you may realize that the security of your IT systems, data, and production tool is potentially threatened by clicks from some of your company's employees in a phishing email.
The objective of Arsen is to improve behavior by playing on the following three levers:
โ The theoretical lever: Do my employees know the risk and how it manifests itself?
โ The heuristic lever: Can my employees mobilize their knowledge in the face of a threat?
โ The cultural lever: Does the employee have the will to become the company's first line of defense by mobilizing their knowledge for the collective good, regardless of the conditions they are in when the threat arrives in their inbox?
Types of social engineering attacks
Protection and mitigations
Types of social engineering attacks
The essentials:
โ๏ธ Social engineering is the use of psychological levers to manipulate a target and induce them to compromise by performing potentially dangerous actions or by disclosing sensitive information. Phishing, smishing, spear phishing, or the CEO scam all utilize social engineering.
โ An attacker disguised as an inspector checking the security of your premises, dressed in a yellow vest and carrying a notebook, can enter without authorization. They rely on the fact that their attire makes them credible and gives them an official look.
The concept of social engineering is at the heart of the Arsen project, which aims to limit the risks of computer breaches related to human manipulation.
๐ฃ Phishing: Phishing is a fraudulent practice that consists of extorting personal information, such as identity documents, banking data, and passwords, by impersonating a company you are used to (e.g. Google, Facebook, Netflix, Amazon). Phishing is generally carried out through an email or a link to click. If you want to learn more about phishing, I recommend our article on the subject.
โ You receive an email from Netflix offering you a discount on your subscription. The email is accompanied by a link to a login page that aims to collect your credentials.
With the Arsen platform, you have a wide range of phishing simulation offers. Our scenario library is made up of various templates that allow you to test your employees and see the evolution of their security score over time.
๐ฒ Smishing: Smishing (SMS + phishing) is a phishing variant that consists of extorting personal data through fraudulent SMS messages instead of emails. Instant messaging services are also associated with smishing.
โ You receive an SMS from your bank asking you to log in because a problem has occurred on your bank account. In reality, the SMS is not from your bank but from a malicious individual wishing to extort your banking data.
๐ฏ Spear Phishing: Spear phishing is a variant of phishing. Instead of sending emails to multiple recipients, the attack is much more targeted. Indeed, the hacker specifically addresses their target and personalizes their pretext to increase the realism and difficulty of detecting the attack.
โ This time, you receive an email from Netflix announcing the release of new episodes of your favorite series. By mentioning your favorite series, the hacker no longer uses a generic email that anyone could copy, but a personalized email that gives credit to the identity they are impersonating.
๐๏ธ Spam: Spam refers to the mass sending of unwanted emails to recipients. The email can be of an advertising or malicious nature. Although many email services are equipped with anti-spam filters, some spam can still end up in your inbox. It is important to distinguish spam from phishing. Spam lacks relevance and is harmful, but often only has a commercial purpose, whereas phishing aims to compromise the information systems of the recipients.
โ You receive an advertisement for pairs of sneakers on sale at unbeatable prices without ever having requested it.
๐ฃ๏ธ Vishing or Voice Phishing: Voice phishing is a variant of phishing that involves using the telephone or voicemail to lure victims into providing sensitive information. The attacker pretends to be a person indicating a problem that you have never faced or that you can benefit from a product. The victim is then tricked into following the instructions given by the attacker to unlock the situation. This is an opportunity for the attacker to obtain banking information, personal access information, and credit card numbers.
โ You receive a call from an interlocutor who announces that you have won a contest. To receive the prize, they tell you that you must pay additional fees (transport, customs, etc.) or that you must provide your credit card number to be credited with
๐ Catfishing: Catfishing is a practice of using a fake identity to seduce someone on the internet in order to compromise them, often by asking for money for an urgent need. It is usually found on dating apps where users are less cautious and vulnerable to such manipulations based on seduction, as they are used to meeting and chatting with strangers for romantic purposes.
โ Julie, 22, is registered on a dating site and has been chatting with a certain Lucas for several weeks, who finds himself stuck in a country. "Lucas" therefore asks Julie if it is possible to send him money so that he can join her and explains that he will reimburse the amount once in France.
๐ฅ Deepfake: Short for "Deep Learning" and "fake," deepfake is a new threat that emerged in 2017 and is increasingly used by hackers. The idea is to use artificial intelligence to make fake content deeply credible. The modus operandi is as follows: using facial recognition software capable of applying a filter on the usurped identity's face of an authority figure and modifying that same person's voice, the hacker will manipulate the victim and persuade them to perform one or more compromising actions.
โ An enterprise boss is interviewed for a few minutes and appears on a TV program. The hacker copies the boss's facial features and records their voice to then contact the victim and ask them to make a bank transfer to a specific account, which they will do easily since it is their boss who is asking.
๐ Elevation of privilege or privilege escalation: Privilege escalation is used once the hacker has already established access to the network or an enterprise account. The attack typically begins by obtaining exposed user accounts - often less protected - to then gain access to accounts with higher levels of access.
โ After compromising a sales representative's email account under the pretext of a fake quote request, the hacker will exploit the sales representative's account to send a spear phishing email to a member of the executive committee and attempt to compromise their account to access more sensitive data.
๐ง Email Spoofing: Email spoofing or email impersonation is a technique used by hackers to falsify the email address from which they send their emails (often phishing). The use of SPF and DKIM, as well as providers that respect their implementation, greatly reduces the effectiveness of these attacks.
โ You receive an email from support@googIe.com asking you to change your password via a link due to suspicious logins. Since the sender's address is support@google.com, you trust the sender and their email.
๐ก Data Exfiltration: Data exfiltration is the transfer of data outside of an enterprise in an unauthorized manner. This practice represents a significant threat to businesses. It can be done manually by a user or automatically through malware. Prevention and training against digital threats are crucial for the security of sensitive information.
โ A hacker gains unauthorized access to the target company's CRM and extracts the entire customer file, which they exfiltrate to the black market.
๐ฝ Data Leak: A data leak occurs when data leaves the domain under the enterprise's control. The transfer is not necessarily carried out by a malicious individual; a human error can be the cause of the information leak.
โ To share a communication with a friend, you forward them a professional email, forgetting that there were confidential data exchanged higher up in the conversation. Your friend now has access to sensitive information that should have remained within the company.
๐พ Malicious insider: a malicious insider is an employee, contractor, partner, supplier, or former employee who extracts confidential data from your company. The user with ill intent has access to sensitive information and decides to disclose it in order to harm your company or to serve a direct or indirect competitor.
โ One of your competitors offers a significant sum to one of your managers to obtain an extraction of your customer file.
๐ฐ Ransomware: Ransomware is a type of malicious software that encrypts the contents of the systems it infects, preventing you from accessing your data or software. The program then demands that you pay a ransom in order to receive the decryption key to access your data.
โ You receive an email containing a password-protected attachment and the password. Out of curiosity, you open and run the attachment. Within a few hours, all your programs stop working and a popup demands that you pay a ransom in cryptocurrency to regain access to your computer.
๐ธ Sextortion: Sextortion is an attack that involves using intimate photos or videos. The attacker demands a ransom by threatening to release compromising information about the victim.
โ A hacker has gained access to a victim's intimate photos by stealing their iCloud access. He demands a ransom under threat of making the photos public.
๐ Supply chain attack: To target a particularly secure entity, a hacker may exploit a vulnerability in a supplier and then infect the primary target as part of the supplier's communications or operations.
โ A casino with particularly robust cybersecurity buys new slot machines from its usual supplier. However, the supplier โ without realizing it โ has been hacked, and the new slot machines it delivers have a corrupted firmware that allows the hacker to penetrate the casino's internal network.
๐๏ธ USB Drop: The USB drop is a technique used to deposit a USB drive in a location in the hopes that the victim will plug it into their computer. The drive may contain malware or directly execute a series of commands aimed at installing the malware at the moment it is plugged in.
โ At work, you find a USB drive on your desk with your name stuck to it. Out of curiosity, you plug it in, but nothing happens. It happened too quickly for you to see, but a malware was installed a few seconds after you plugged in the drive, allowing the hacker to exploit it later.
๐๏ธ Watering Hole: The watering hole attack involves trapping visitors to a frequently visited site. The "watering hole" is where predators hunt zebras: they know that the zebras will get thirsty and will come closer sooner or later. The hacker must first compromise the site โ the watering hole โ in order to infect its visitors.
โ In order to infiltrate investment funds, the hacker exploits a vulnerability on a financial market news site that traders actively follow. On this site, he inserts a popup that solicits visitors to install malware on their computers.
๐ณ Whaling: A type of attack that targets high-level employees in a company. Like in a casino, the target is referred to as a "whale" because they are critical and typically have strong financial resources.
โ A wealthy lawyer receives a call explaining that suspicious operations have occurred on their bank account and certain verifications must be made. It is actually a hacker trying to obtain the necessary information to access the lawyer's accounts and extract money from them.
Protection and Mitigation:
There is no 100% security, which is why we often use the term "mitigation measures".
In this section, we cover the terminology of different protection and mitigation measures to deal with cyber attacks, particularly those related to social engineering.
Arsen Essentials:
๐ 2FA/A2F: Two-factor authentication is a method to validate your identity using two or more factors. To prove your identity, you may be asked to provide your password and a code received via SMS, email, or on your computer.
By requesting multiple factors of authentication, the risk of hacking is reduced. It is more difficult for a hacker to hack multiple factors than just one.
๐งฐ MFA (Multi-Factor Authentication): Combines 2FA and methods with even more factors. It is important to distinguish what I am (biometric data, facial recognition) from what I know (credit card code, identification number). Nevertheless, it is possible to bypass this security with a simple email, as we present in our article on bypassing MFA with a phishing email.
๐ฐ Anti-virus/Anti-malware: Anti-virus software is used to identify malicious software. They have several detection mechanisms, from signature-based to process behavior analysis to sandbox execution.
๐ก๏ธ Firewall: A firewall allows filtering and/or blocking of exchanges between networks (often between the company's internal network and the Internet). It can be application-based, protocol-based, intelligent, or a combination of the three. It can identify the nature of digital exchanges to block traffic if an intrusion attempt is detected or if the company's security policy is violated. The firewall can detect suspicious connections from unidentified foreign servers, among other things.
For Enthusiasts:
๐ต Blue Team: The Blue Team, as opposed to the Red Team, is the group of people dedicated to the company's IT security. It implements cybersecurity strategies, incident response, etc.
๐ Bug Bounty: Some companies set up bug bounty programs by rewarding IT security experts or ethical hackers if they find security flaws on a given perimeter (infrastructure, applications, product, etc.). The reward varies depending on the severity of the identified bug.
โ๏ธ DKIM (Domain Keys Identified Email): DKIM helps prevent identity theft at the sender's name level. It is based on an encryption key system that authenticates the sender's name.
โฐ DLP or Data Loss Prevention: DLP is a collection of several techniques aimed at protecting a company's sensitive data and limiting their leakage by analyzing outgoing data flows (messages, emails, etc.) and the company's file access and sharing rights.
๐ฉ DMARC (Domain-Based Message Authentication, Reporting, and Conformance): A system that standardizes and indicates how emails are treated with respect to configured SPF and DKIM policies.
๐งช EDR (Endpoint Detection and Response): EDRs protect network endpoints from cyber threats through continuous and local analysis (similar to antivirus software) of activity. EDRs have a broader detection spectrum than antivirus software, which only focuses on file analysis.
๐ Business Continuity Plan (BCP): BCP is a document that lists the tools and procedures necessary to ensure business continuity. It reduces the risk and response time during a crisis.
๐ฏ Disaster Recovery Plan (DRP): DRP is a document that lists the procedures and tools necessary to resume business operations after a crisis in order to limit its impact. Unlike BCP, DRP provides for resumption after a complete interruption of business.
๐ณ๏ธ Sandbox: A sandbox is a system used to execute suspicious programs or files in isolation without affecting the environment on which employees work. Software execution allows for testing its viability without compromising the company's systems. In the case of email, a sandbox (also known as a detonation sandbox) allows opening attachments and verifying that they are not malicious in a "test" environment removed from any danger.
โ A hacker sends malware as an attachment to infect a company. However, before the email is delivered to the victim, email servers pass through and test the attachment in a sandbox that detects the malware and removes the email without ever delivering it.
๐ SIEM: SIEM, or Security Information and Event Management, is software that manages a company's security events and tracks critical data from the company's information systems.
๐ SPF: SPF, or Sender Policy Framework, combats email spoofing by ensuring that the domain name supposedly used by the sender comes from an authorized email server. Configuration is done at the DNS zone level of the domain name to be protected.
๐ด Red Team: A red team is a team that tests the cybersecurity of the company that hires it by attempting to hack it like a real hacker. By behaving like a group of attackers, it highlights weaknesses in the company's security strategy.
Arsen is a platform that allows you to test your employees through phishing simulation campaigns. When launching a campaign, you may realize that the security of your IT systems, data, and production tool is potentially threatened by clicks from some of your company's employees in a phishing email.
The objective of Arsen is to improve behavior by playing on the following three levers:
โ The theoretical lever: Do my employees know the risk and how it manifests itself?
โ The heuristic lever: Can my employees mobilize their knowledge in the face of a threat?
โ The cultural lever: Does the employee have the will to become the company's first line of defense by mobilizing their knowledge for the collective good, regardless of the conditions they are in when the threat arrives in their inbox?
Types of social engineering attacks
Protection and mitigations
Types of social engineering attacks
The essentials:
โ๏ธ Social engineering is the use of psychological levers to manipulate a target and induce them to compromise by performing potentially dangerous actions or by disclosing sensitive information. Phishing, smishing, spear phishing, or the CEO scam all utilize social engineering.
โ An attacker disguised as an inspector checking the security of your premises, dressed in a yellow vest and carrying a notebook, can enter without authorization. They rely on the fact that their attire makes them credible and gives them an official look.
The concept of social engineering is at the heart of the Arsen project, which aims to limit the risks of computer breaches related to human manipulation.
๐ฃ Phishing: Phishing is a fraudulent practice that consists of extorting personal information, such as identity documents, banking data, and passwords, by impersonating a company you are used to (e.g. Google, Facebook, Netflix, Amazon). Phishing is generally carried out through an email or a link to click. If you want to learn more about phishing, I recommend our article on the subject.
โ You receive an email from Netflix offering you a discount on your subscription. The email is accompanied by a link to a login page that aims to collect your credentials.
With the Arsen platform, you have a wide range of phishing simulation offers. Our scenario library is made up of various templates that allow you to test your employees and see the evolution of their security score over time.
๐ฒ Smishing: Smishing (SMS + phishing) is a phishing variant that consists of extorting personal data through fraudulent SMS messages instead of emails. Instant messaging services are also associated with smishing.
โ You receive an SMS from your bank asking you to log in because a problem has occurred on your bank account. In reality, the SMS is not from your bank but from a malicious individual wishing to extort your banking data.
๐ฏ Spear Phishing: Spear phishing is a variant of phishing. Instead of sending emails to multiple recipients, the attack is much more targeted. Indeed, the hacker specifically addresses their target and personalizes their pretext to increase the realism and difficulty of detecting the attack.
โ This time, you receive an email from Netflix announcing the release of new episodes of your favorite series. By mentioning your favorite series, the hacker no longer uses a generic email that anyone could copy, but a personalized email that gives credit to the identity they are impersonating.
๐๏ธ Spam: Spam refers to the mass sending of unwanted emails to recipients. The email can be of an advertising or malicious nature. Although many email services are equipped with anti-spam filters, some spam can still end up in your inbox. It is important to distinguish spam from phishing. Spam lacks relevance and is harmful, but often only has a commercial purpose, whereas phishing aims to compromise the information systems of the recipients.
โ You receive an advertisement for pairs of sneakers on sale at unbeatable prices without ever having requested it.
๐ฃ๏ธ Vishing or Voice Phishing: Voice phishing is a variant of phishing that involves using the telephone or voicemail to lure victims into providing sensitive information. The attacker pretends to be a person indicating a problem that you have never faced or that you can benefit from a product. The victim is then tricked into following the instructions given by the attacker to unlock the situation. This is an opportunity for the attacker to obtain banking information, personal access information, and credit card numbers.
โ You receive a call from an interlocutor who announces that you have won a contest. To receive the prize, they tell you that you must pay additional fees (transport, customs, etc.) or that you must provide your credit card number to be credited with
๐ Catfishing: Catfishing is a practice of using a fake identity to seduce someone on the internet in order to compromise them, often by asking for money for an urgent need. It is usually found on dating apps where users are less cautious and vulnerable to such manipulations based on seduction, as they are used to meeting and chatting with strangers for romantic purposes.
โ Julie, 22, is registered on a dating site and has been chatting with a certain Lucas for several weeks, who finds himself stuck in a country. "Lucas" therefore asks Julie if it is possible to send him money so that he can join her and explains that he will reimburse the amount once in France.
๐ฅ Deepfake: Short for "Deep Learning" and "fake," deepfake is a new threat that emerged in 2017 and is increasingly used by hackers. The idea is to use artificial intelligence to make fake content deeply credible. The modus operandi is as follows: using facial recognition software capable of applying a filter on the usurped identity's face of an authority figure and modifying that same person's voice, the hacker will manipulate the victim and persuade them to perform one or more compromising actions.
โ An enterprise boss is interviewed for a few minutes and appears on a TV program. The hacker copies the boss's facial features and records their voice to then contact the victim and ask them to make a bank transfer to a specific account, which they will do easily since it is their boss who is asking.
๐ Elevation of privilege or privilege escalation: Privilege escalation is used once the hacker has already established access to the network or an enterprise account. The attack typically begins by obtaining exposed user accounts - often less protected - to then gain access to accounts with higher levels of access.
โ After compromising a sales representative's email account under the pretext of a fake quote request, the hacker will exploit the sales representative's account to send a spear phishing email to a member of the executive committee and attempt to compromise their account to access more sensitive data.
๐ง Email Spoofing: Email spoofing or email impersonation is a technique used by hackers to falsify the email address from which they send their emails (often phishing). The use of SPF and DKIM, as well as providers that respect their implementation, greatly reduces the effectiveness of these attacks.
โ You receive an email from support@googIe.com asking you to change your password via a link due to suspicious logins. Since the sender's address is support@google.com, you trust the sender and their email.
๐ก Data Exfiltration: Data exfiltration is the transfer of data outside of an enterprise in an unauthorized manner. This practice represents a significant threat to businesses. It can be done manually by a user or automatically through malware. Prevention and training against digital threats are crucial for the security of sensitive information.
โ A hacker gains unauthorized access to the target company's CRM and extracts the entire customer file, which they exfiltrate to the black market.
๐ฝ Data Leak: A data leak occurs when data leaves the domain under the enterprise's control. The transfer is not necessarily carried out by a malicious individual; a human error can be the cause of the information leak.
โ To share a communication with a friend, you forward them a professional email, forgetting that there were confidential data exchanged higher up in the conversation. Your friend now has access to sensitive information that should have remained within the company.
๐พ Malicious insider: a malicious insider is an employee, contractor, partner, supplier, or former employee who extracts confidential data from your company. The user with ill intent has access to sensitive information and decides to disclose it in order to harm your company or to serve a direct or indirect competitor.
โ One of your competitors offers a significant sum to one of your managers to obtain an extraction of your customer file.
๐ฐ Ransomware: Ransomware is a type of malicious software that encrypts the contents of the systems it infects, preventing you from accessing your data or software. The program then demands that you pay a ransom in order to receive the decryption key to access your data.
โ You receive an email containing a password-protected attachment and the password. Out of curiosity, you open and run the attachment. Within a few hours, all your programs stop working and a popup demands that you pay a ransom in cryptocurrency to regain access to your computer.
๐ธ Sextortion: Sextortion is an attack that involves using intimate photos or videos. The attacker demands a ransom by threatening to release compromising information about the victim.
โ A hacker has gained access to a victim's intimate photos by stealing their iCloud access. He demands a ransom under threat of making the photos public.
๐ Supply chain attack: To target a particularly secure entity, a hacker may exploit a vulnerability in a supplier and then infect the primary target as part of the supplier's communications or operations.
โ A casino with particularly robust cybersecurity buys new slot machines from its usual supplier. However, the supplier โ without realizing it โ has been hacked, and the new slot machines it delivers have a corrupted firmware that allows the hacker to penetrate the casino's internal network.
๐๏ธ USB Drop: The USB drop is a technique used to deposit a USB drive in a location in the hopes that the victim will plug it into their computer. The drive may contain malware or directly execute a series of commands aimed at installing the malware at the moment it is plugged in.
โ At work, you find a USB drive on your desk with your name stuck to it. Out of curiosity, you plug it in, but nothing happens. It happened too quickly for you to see, but a malware was installed a few seconds after you plugged in the drive, allowing the hacker to exploit it later.
๐๏ธ Watering Hole: The watering hole attack involves trapping visitors to a frequently visited site. The "watering hole" is where predators hunt zebras: they know that the zebras will get thirsty and will come closer sooner or later. The hacker must first compromise the site โ the watering hole โ in order to infect its visitors.
โ In order to infiltrate investment funds, the hacker exploits a vulnerability on a financial market news site that traders actively follow. On this site, he inserts a popup that solicits visitors to install malware on their computers.
๐ณ Whaling: A type of attack that targets high-level employees in a company. Like in a casino, the target is referred to as a "whale" because they are critical and typically have strong financial resources.
โ A wealthy lawyer receives a call explaining that suspicious operations have occurred on their bank account and certain verifications must be made. It is actually a hacker trying to obtain the necessary information to access the lawyer's accounts and extract money from them.
Protection and Mitigation:
There is no 100% security, which is why we often use the term "mitigation measures".
In this section, we cover the terminology of different protection and mitigation measures to deal with cyber attacks, particularly those related to social engineering.
Arsen Essentials:
๐ 2FA/A2F: Two-factor authentication is a method to validate your identity using two or more factors. To prove your identity, you may be asked to provide your password and a code received via SMS, email, or on your computer.
By requesting multiple factors of authentication, the risk of hacking is reduced. It is more difficult for a hacker to hack multiple factors than just one.
๐งฐ MFA (Multi-Factor Authentication): Combines 2FA and methods with even more factors. It is important to distinguish what I am (biometric data, facial recognition) from what I know (credit card code, identification number). Nevertheless, it is possible to bypass this security with a simple email, as we present in our article on bypassing MFA with a phishing email.
๐ฐ Anti-virus/Anti-malware: Anti-virus software is used to identify malicious software. They have several detection mechanisms, from signature-based to process behavior analysis to sandbox execution.
๐ก๏ธ Firewall: A firewall allows filtering and/or blocking of exchanges between networks (often between the company's internal network and the Internet). It can be application-based, protocol-based, intelligent, or a combination of the three. It can identify the nature of digital exchanges to block traffic if an intrusion attempt is detected or if the company's security policy is violated. The firewall can detect suspicious connections from unidentified foreign servers, among other things.
For Enthusiasts:
๐ต Blue Team: The Blue Team, as opposed to the Red Team, is the group of people dedicated to the company's IT security. It implements cybersecurity strategies, incident response, etc.
๐ Bug Bounty: Some companies set up bug bounty programs by rewarding IT security experts or ethical hackers if they find security flaws on a given perimeter (infrastructure, applications, product, etc.). The reward varies depending on the severity of the identified bug.
โ๏ธ DKIM (Domain Keys Identified Email): DKIM helps prevent identity theft at the sender's name level. It is based on an encryption key system that authenticates the sender's name.
โฐ DLP or Data Loss Prevention: DLP is a collection of several techniques aimed at protecting a company's sensitive data and limiting their leakage by analyzing outgoing data flows (messages, emails, etc.) and the company's file access and sharing rights.
๐ฉ DMARC (Domain-Based Message Authentication, Reporting, and Conformance): A system that standardizes and indicates how emails are treated with respect to configured SPF and DKIM policies.
๐งช EDR (Endpoint Detection and Response): EDRs protect network endpoints from cyber threats through continuous and local analysis (similar to antivirus software) of activity. EDRs have a broader detection spectrum than antivirus software, which only focuses on file analysis.
๐ Business Continuity Plan (BCP): BCP is a document that lists the tools and procedures necessary to ensure business continuity. It reduces the risk and response time during a crisis.
๐ฏ Disaster Recovery Plan (DRP): DRP is a document that lists the procedures and tools necessary to resume business operations after a crisis in order to limit its impact. Unlike BCP, DRP provides for resumption after a complete interruption of business.
๐ณ๏ธ Sandbox: A sandbox is a system used to execute suspicious programs or files in isolation without affecting the environment on which employees work. Software execution allows for testing its viability without compromising the company's systems. In the case of email, a sandbox (also known as a detonation sandbox) allows opening attachments and verifying that they are not malicious in a "test" environment removed from any danger.
โ A hacker sends malware as an attachment to infect a company. However, before the email is delivered to the victim, email servers pass through and test the attachment in a sandbox that detects the malware and removes the email without ever delivering it.
๐ SIEM: SIEM, or Security Information and Event Management, is software that manages a company's security events and tracks critical data from the company's information systems.
๐ SPF: SPF, or Sender Policy Framework, combats email spoofing by ensuring that the domain name supposedly used by the sender comes from an authorized email server. Configuration is done at the DNS zone level of the domain name to be protected.
๐ด Red Team: A red team is a team that tests the cybersecurity of the company that hires it by attempting to hack it like a real hacker. By behaving like a group of attackers, it highlights weaknesses in the company's security strategy.
Updated on: 07/11/2024
Thank you!