Making Sense of Cybersecurity Alphabet Soup

The results of several surveys indicate a concerning knowledge gap when it comes to the purpose and meaning of common cybersecurity software and tools. Channel Program conducted a poll that found 84% of respondents do not confidently understand the differences between various EDR/MDR/XDR/SOC offerings in the industry.

Proofpoint ’s “State of the Phish” report indicates 58% of workers can’t define ‘phishing’ and worst yet, only 40% can correctly define ‘ransomware’ – maybe it’s because only 35% of businesses engage their employees in phishing training simulations. Or because 1/3 of surveyed employees do not identify cybersecurity as a priority. If you don’t view something as personally important, less time is sure to be invested in learning about that thing.

A PwC survey indicates only 35% of non-IT professions can define ‘SOC’.

Furthermore, most people do not have a job centrally focused on cybersecurity—we sell, market, account, lead—and may assume ‘someone else is working on that cyber thing, so I don’t need to’. This makes some degree of sense, but cybersecurity is a full team engagement.

What follows is an attempt to clarify some of the alphabet soup concepts associated with cybersecurity, so next time someone is talking to you about your security posture or their security offerings, your eyes don’t completely glaze over.

APT (Advanced Persistent Threat): a type of sustained cyberattack in which a threat actor breaches a network, steals data, engages in lateral movement, and remains undetected for an extended period of time.

AV (Anti-Virus): Software designed to prevent, detect, and remove malware from an endpoint, which could include a computer, tablet, or firewall. It shields against infected foreign devices (i.e. thumb drives) and risky websites.

DDoS (Distributed Denial of Service): a type of cyberattack in which threat actors render network resources, endpoints, or various online services inaccessible to internet users.

EDR (Endpoint Detection and Response): A software tool that employs rule-driven response to combine active and continuous network monitoring and data analytics intended to detect cyber threats.

MDR (Managed Detection and Response): An outsourced service in which the monitoring organization uses the software to engage in continuous monitoring and threat hunting, but with the ability to remediate threats as discovered.

XDR (Extended Detection and Response): A tool that integrates all organizational infrastructure, including servers, endpoints, cloud-based systems, and mobile devices for enhanced visibility, in addition to the EDR attributes.

FDR (Franklin Delano Roosevelt): The longest-serving President in U.S. history, having been elected to four terms. He was President during WWII (World War 2). His hat size was 7 and 3/8.

IR (Incident Response): An organized approach to managing an ‘in-progress’ cyberattack or security breach, and addressing its repercussions to limit data loss, downtime, and additional expense. An Incident Response team typically operates out of a SOC and ensures a quick restoration of a business to full speed in the event of an incident.

RMM (Remote Monitoring and Management): Software designed to help MSPs (Managed Service Providers) and other operations remotely and proactively monitor client endpoints and networks. It simplifies solving technical problems and common requests (like password resets) by not requiring someone to be onsite to remediate an issue.

SIEM (a portmanteau combining Security Information Management (SIM) and Security Event Management (SEM)): System designed to collect, analyze, and organize network activity from numerous technology sources to offer full visibility of activity within a technology environment. It assists in identifying threats before they gain a foothold in your environment.

SOC (Security Operations Center): A centralized location where an information security team monitors, detects, analyzes, and responds to cybersecurity incidents, typically on a 24/7/365 (24 hours per day, 7 days per week, 365 days per year) basis. It is designed to speed up response time, simplify toolset management for an organization, and enhance an entity's capabilities by providing services conducted by certified and highly-skilled security engineers and analysts.

VPN (Virtual Private Network): A tool that creates a private network across a public network allowing users to send and receive data as if they were directly connected to one another through the private network. It allows users to securely connect to an internal network and/or public internet as well as an additional layer of access control. It’s like a digital wormhole.

Bonus Non-Acronyms

Malware: a general term used to describe any software designed to harm or exploit computer systems. It is often used as an umbrella term to refer to a variety of malicious software, including viruses, Trojans, spyware, and adware.

Ransomware: a specific type of malware designed to extort money from its victims. Ransomware typically encrypts a victim’s files or locks their computer system, making them inaccessible until a ransom is paid. The ransom demand usually includes a threat to destroy or delete the data if the victim fails to pay.

Now, what to do with this information?

The SpearTip team recommends leaving the cybersecurity specifics to our certified engineers and analysts who can expertly manage all the aforementioned tools to defend your company against threat actors seeking to disrupt your operations with all manner of malware. Our team deploys the ShadowSpear Platform into your environment and monitors all endpoints on a 24/7/365 basis from our SOC.

If your company experiences a security breach, our team also provides rapid IR services to limit downtime and ensure your organization is back to normal operations as quickly as possible.  

Ultimately, there is no need to get in the proverbial weeds about the in-depth capabilities of all these software, service, and toolset solutions when there is a company like SpearTip that can handle it all on your behalf. Contact our team to learn more.