If you’re not in the cybersecurity trenches daily, it can be tough to get a clear understanding of many popular terms used by the professionals testing your organization’s network.

To lend you a hand, we’ve compiled a list of some terms you can expect to see regularly (especially if you work with us). We’ll keep this list updated regularly. And, if you don’t see a term you’ve heard just send us a note. We’ll be sure to add it.

Cybersecurity terms

denotes Sprocket’s most used terms.

Assumed breach

A security model rooted in the core belief that attacks will happen and attempted breaches are inevitable. This strategic approach will result in an organization taking proactive measures to continually protect their network against an assumed inevitability.

Automated penetration testing

Err, a marketing term we despise! This is an attempt to use software to replace a traditional penetration testing. It will lack the human-driven aspect of decision making that often finds business logic vulnerabilities and doesn't effectively show impact. If someone claims they have an automated penetration testing solution, that means they haven't been in the business long enough to know this isn't a replacement for humans.

Attack surface

An organization’s sum of points on the internet that hackers can exploit to gain access to a network. Examples include websites, network services, login pages, employee email, an organization’s social media accounts, chat services (Slack), etc.

Attack vector

Any means a hacker uses to gain access to a network. Examples include email attachments, websites, chat solutions and third-party service providers.

Blue team

A security team specially trained to defend against attackers and red teams. Their focus should be solely on defending against attacks, without the distraction of other IT responsibilities.

Breach and attack simulation

Simulations that mimic real-world attacks to ID network vulnerabilities. A BAS can be automated and/or human-driven. The goal is to expose weaknesses in a security program.

Continuous Penetration Testing (CPT)

Ongoing monitoring, testing and remediation of vulnerabilities that can leave an organization’s network exposed to cyberattacks. CPT blends machine and human testing to ensure all aspects of a network security program are working as they should year round. This differs from traditional penetration testing, which often is only performed annually.

Continuous attack surface monitoring

Real-time monitoring for vulnerabilities – new and existing – that could allow hackers to break into your network. Often a blend of machine and human monitoring.

Continuous attack surface discovery

The process of uncovering all potential points on the internet where an attacker could potentially break into an organization’s network. This process begins with an audit of all known surfaces and continues to evolve over time as new software and potential attack surfaces (emerging social media networks, chat solutions, etc.) are introduced.

Continuous attack surface testing

An element of Continuous Penetration Testing, this entails real-time, ongoing simulated attacks against an organization’s attack surface. Along with testing against new vulnerabilities, it often includes social engineering tactics designed to expose poor cyber hygiene among employees.

Exposure time

The amount of time a vulnerability was present within an organization’s network prior to discovery. During this time, an attacker could gain access to an organization’s system. The longer the exposure time, the more likely an attacker will take advantage of a vulnerability and have access to the network.

IT changes

Any changes in an organization’s information technology (IT) structure and approach that could create or expose new vulnerabilities. Example: Adding new third-party software previously not used.

Purple team

Like it sounds, this team is a blend of red and blue teams. The goal is to make sure defensive tactics of a blue team and vulnerabilities discovered by the red team work in concert to deliver the best results for an organization.

Real-world threats

Any network vulnerability or cyberattack that is credible and puts an organization’s network at risk. Often, these evolve and change frequently and rapidly as attackers look for new ways to gain access.

Red team

A team of professional security testers that focuses on testing the effectiveness of an organization’s IT security program. They will use or emulate tools and techniques likely used by real-world hackers. Similar to penetration testing.

Remediation

The implementation of a security solution that defends an organization’s network from a known or discovered vulnerability.

Remediation velocity

How quickly a network vulnerability is addressed and secured to prevent a hacker from exposing the weakness. Often, vulnerabilities will be prioritized based on time to fix and potential risk.

Security posture

An organization’s overall cybersecurity strength. Based on how well its security program can prevent and respond to cyberthreats.