Cybersecurity Glossary

The concept of machines and software exhibiting intelligent behavior. In cybersecurity, AI can be leveraged to understand, identify, and potentially neutralize cyber threats more efficiently. For example, AI-powered security tools can detect unusual network traffic or strange behavior that might indicate a cyber-attack in real time.

This is the earliest form of AI, also known as rule-based AI. It involves systems that make decisions based on pre-set rules and are unable to learn or adapt. An example in cybersecurity might be a basic firewall that either blocks or allows traffic based on specific, static rules.

This encompasses AI systems that use statistical learning to perform tasks, which means they can learn from data and improve their performance without explicit programming. These systems are typically associated with Machine Learning (ML). In cybersecurity, a Second Wave AI tool might learn to recognize the signatures of various types of malware by being trained on large datasets of malicious and benign software.

The latest wave of AI development, Third Wave AI systems are capable of contextual adaptation. They don’t just learn from data, but they understand, reason, and make decisions based on the context. In cybersecurity, a Third Wave AI system might dynamically adapt its response to a never-before-seen cyber threat based on the specific circumstances of the attack.

This is a form of AI capable of creating content, such as text, images, or even music. In the realm of cybersecurity, a malicious use of generative AI might involve automatically creating highly convincing phishing emails that are hard for humans to distinguish from legitimate correspondence. Alternatively, it can be used in a protective manner to simulate cyber threats for testing cyber defenses.

Large language models like GPT-3 are pretrained neural networks that can generate human-like text and code when prompted, presenting both opportunities and risks for cybersecurity. While these models could help automate security processes, their ability to also generate malicious content raises concerns about how they could be weaponized by threat actors.

A type of AI that involves training algorithms to learn patterns in data and improve over time. In the field of cybersecurity, ML algorithms might be trained to recognize patterns of network traffic that correspond to a Distributed Denial of Service (DDoS) attack, allowing for early detection and mitigation

A subset of ML that uses artificial neural networks with multiple layers (hence the term “deep”) to model high-level abstractions in data. In cybersecurity, DL could be used to detect very complex or subtle patterns of cyber attacks that simpler algorithms might miss.

These are computational models inspired by the human brain, and they form the backbone of most DL systems. In cybersecurity, a neural network might be used to analyze system logs and flag suspicious activity.

A field of AI that focuses on the interaction between computers and humans through language. In cybersecurity, NLP might be used to analyze the text of emails and identify phishing attempts or to monitor social media for signs of forthcoming cyber attacks.

The process of identifying unusual patterns or outliers in data. In a cybersecurity context, anomaly detection might involve identifying unusual network traffic, file access patterns, or user behavior that could indicate a cyber attack.

The use of AI to automatically test and probe systems for vulnerabilities. This allows for a scalable and consistent approach to vulnerability testing, which is important given the vast number of systems and devices that need to be secured.

This involves using AI and statistical techniques to predict future outcomes based on historical data. In the cybersecurity sphere, predictive analytics might be used to predict the likelihood of a cyber attack on a particular system, allowing for preventative measures to be taken.

The use of AI software to automate high-volume, repetitive tasks. In cybersecurity, RPA might be used to automatically respond to common types of security alerts, freeing up human analysts to focus on more complex issues.

A field of AI that focuses on making AI decision-making processes understandable to humans. In cybersecurity, XAI is crucial as it enables security analysts to understand why an AI system flagged a particular activity as suspicious or made a certain decision. This helps build trust in AI systems and can also assist in refining these systems to reduce false positives and negatives.

The process of determining who has access to what resources on a network.

A group of highly skilled hackers who are organized and patient. APTs often target specific organizations or individuals with the goal of stealing sensitive information.

Software that is designed to detect and remove malware from a computer system.

The sum of all potential entry points for a cyberattack. This includes vulnerabilities in software, hardware, and configuration settings.

An attack on a computer system or network that is carried out with malicious intent. Cyberattacks can be carried out for a variety of reasons, including theft of data, disruption of operations, or political or ideological gain.

The practice of protecting computer systems and networks from cyberattacks. Cybersecurity includes a wide range of activities, such as risk assessment, vulnerability management, and incident response.

An incident in which sensitive data is exposed to unauthorized individuals. Data breaches can occur through a variety of means, such as hacking, social engineering, or insider threats.

The process of transforming data into a form that is unreadable to unauthorized individuals. Encryption is used to protect data from unauthorized access, both in transit and at rest.

A security device that is used to control incoming and outgoing network traffic. Firewalls can be configured to block certain types of traffic, such as traffic from known malicious sources.

The process of responding to a cyberattack. Incident response includes activities such as containment, eradication, and recovery.

Malicious software that is designed to harm a computer system. Malware can include viruses, worms, trojans, and ransomware.

A social engineering attack in which an attacker sends an email or text message that appears to be from a legitimate source. The goal of phishing is to trick the recipient into clicking on a malicious link or providing sensitive information.

Training that is designed to educate employees about cybersecurity threats and how to protect themselves. Security awareness training is an important part of any comprehensive cybersecurity program.

An event that could potentially harm an organization's information assets. Security incidents can include unauthorized access, data breaches, and malware infections.

A weakness in a computer system or network that could be exploited by an attacker. Vulnerabilities can be found in software, hardware, and configuration settings.