Security Fundamentals
Antivirus
Overview
Malware is the term for anything that is designed to break your computer's operating system (OS), hijack a specific program, or steal data. Spyware, viruses, root kits, etc. are all types of Malware. Antivirus is a program that stops these things from harming your computer. Enable currently uses Bitdefender for this. There are additional products necessary to fully protect a computer or server, such as MDR or ThirdWall.
tags: #security #Enable_Products
Conditional Access
Overview
A set of policies that can allow or disallow users to access resources based on conditions like where you are located, unusual behaviors, or having a properly configured computer in addition to username, password and MFA. Azure provides this service through Entra ID, the Microsoft Cloud IdP.
Cybersecurity Insurance
Overview
This is a type of insurance, that is often an addition to general business insurance, that will assist in recovering financially from a data breach in which bad guys infiltrate your systems to steal information or money. They will often assist with data recovery efforts. They have strict guidelines on the client aiming to ensure that they are doing everything "reasonable" to stop the event from happening in the first place.
tags: #security
Device Encryption
Overview
Drive encryption, or "full device encryption," is the practice of using Bitlocker for Windows or FileVault for Mac to make the Hard drive of a computer unusable unless you have a valid way to sign in to the computer. This is important because otherwise someone could connect to your computer with a flash drive or some other tool and steal your data.
tags: #security
Email Security
Overview
Email uses SPF, DMARC, and DKIM to secure email services. The overall purpose of using all three of these protocols is the ensure that the email address listed in the "From" field really came from a server operated by a legitimate sender.
tags: #BasicTerms #security
IRONSCALES
Overview
A program designed to stop Phishing or dangerous spam emails from reaching the users. The program uses AI to detect and remediate these emails before they reach the user. It can also be used for phishing simulation tests and remediation training. Enable is a reseller of IRONSCALES and this is our preferred tool for this need.
ITDR
Overview
Identity Threat Detection and Response. A service that runs against Microsoft 365 to detect and stop risky behaviors. This is a form of Managed Detection and Response. See SOC. Currently we use the vendor Huntress to provide this service. See MDR.
tags: #security #Enable_Products
MDM
Overview
Mobile Device Management. Mosyle and InTune are the two we use most at Enable, but some clients may have Jamf. In general, these are systems that allow you to automatically push configuration policies and install programs onto workstations or servers. This is especially important for Mac/iOS/iPadOS device because Apple does not allow any other tool to make some configuration changes. This relies on ABM for the best experience.
tags: #Enable_Tools #security
MDR
Overview
Currently Enable uses the vendor Huntress for this purpose. Goes a step further than antivirus and can stop not just bad programs, but suspicious behaviors (like Ransomware) from happening on your computer. This is a form of EDR, endpoint detection and response, that comes with real security people analyzing the results (SOC).
tags: #security #Enable_Products
MFA
Overview
Multi-factor authentication provides a more secure way of logging in that requires another piece of information beyond your password to make it much harder to have your account compromised. This works in conjunction with your IdP to secure access to your services and information. Most Enable clients are on M365 and should use Microsoft Authenticator as their primary MFA method. SMS (test message) and Email should not be used as MFA methods.
Password Manager
Overview
OnePass, Dashlane, Bitwarden, LastPass, etc. are all programs that can save all of your passwords to various websites and applications so that you don't have to remember them all and can follow best practices by using complex, hard to guess passwords instead of using one simple username/password combination for all of these which is very dangerous. When the "password vault" you create with this program has a unique Strong Password and uses MFA, or even better, when it uses SSO, these programs can be very secure.
These can be free, or purchased for individuals or entire organizations.
tags: #BasicTerms #security
Patching
Overview
When we use the word "Patching" we are most often referring to the practice of applying application and/or OS updates (as in Windows Updates) for security and features. All operating systems and programs have flaws and vulnerabilities. Left alone the system becomes dangerous to use because viruses target these soft points.
A homonym for this refers to plugging in Ethernet cables.
tags: #security
Phishing
Overview
A phish is an email that uses language or links to trick you into sharing sensitive information. Spear Phishing is when an individual is targeted based on their real role, and not just "hoping to catch anything." Whaling is targeting executives. Vishing is the same principle, but done by voice.
tags: #security
Ransomware
Overview
A type of malware that locks (encrypts) your data and demands that you pay a fee to recover it.
tags: #security
Security Awareness
Overview
Security Awareness training is the practice of keeping users informed of best practices to avoid Phishing attacks, hijacked systems, viruses and other ways bad guys try to steal data. We use ELP to deliver this within Enable and with a growing number of clients. Often, this is required by Cybersecurity Insurance providers.
tags: #Enable_Terms #security
SIEM
Overview
Security Information and Event Management - a system that combs through all of the log files that various Servers or security devices (Firewalls) create to look for suspicious or unwanted activity and returns a list of items that should be further looked into. This is important because those logs are VERY difficult to read and have a ton of information that is not very useful or friendly to read. Enable works with outsourced companies to provide this. These services are most valuable when combined with a SOC.
SOC
Overview
Security Operations Center - Huntress and our SIEM partner each have a team of security experts that analyze what their programs detect as risky behaviors and decide if it is dangerous or not. Some of this is automated based on definitions, but many findings are evaluated by real people delivering recommendations for action to stop risky behavior.
SSL
Overview
TLS/SSL/HTTPS - These are the methods and protocols used to make websites and services safe to travel to over the Internet. They rely on Certificates. You may hear SSL Certs or Certificates as shorthand for this subject. Without these in place, all of the information you put in an online site or program could be intercepted in an easy to read format by hackers. You should never use a site that only uses HTTP (no security certificate) for anything that requires a password or personal data. Modern browsers do a good job of warning you of the danger.
SSO
Overview
Single Sign On - the ability to use a single username and password to connect to multiple services. For instance, you can setup many ChMS or financial applications to work with your Microsoft 365 username and password so that your employees use this one user and password combination for multiple services. This is both more user friendly and much safer because we can use MFA and other policies to make this user interaction much harder to hack.
Strong Password
Overview
A Strong Password is one that is difficult to guess for both a human and a computer. Length and complexity are the key elements. The longer the password, the better. The more "classes" of characters you use, the better. For instance: "password" is a terrible, easy to guess password. But: "My-Secret-Credential-1-!" would literally take beyond a billion years for a computer to guess. It has 24 characters and uses all four classes of character, Upper Case, Lower Case, Number, Symbol. But, the way it is written makes it easier to remember for YOU. Combined with MFA, this provides great security.
tags: #security #BasicTerms
ThirdWall
Overview
A component of CWA that can do policy enforcement, like requiring a screensaver after inactivity. One of the best features is the ability to isolate a computer from the network that has had Ransomware found on it so that the infection doesn't spread to other devices. This requires special considerations based on the function of the machine, such as check-in kiosks.
Vulnerability Scanning
Overview
A program that will inspect computers, Servers, switches, Firewalls, IoT devices, and other things on your Network for things that could lead to a security weak spot or hacking possibility. Some cyber insurance policies require this service, and having this could reduce premium rates.
tags: #security #Enable_Products
Zero Trust
Overview
Zero Trust is a security principal that starts with the assumption that ANY device could be dangerous, so block it from communicating with your computer. You have to make specific rules to allow any machine to talk to any other machine in this model. This is difficult to implement in church scenarios when it comes to AVL systems, etc. Many vendors, like Cloudflare, offer these services. This is similar, but not the same as Client Isolation.
tags: #networking #security