Privilege Access Managment
Cyber-Attack Chain
(also referred to as the cyber kill chain) is a way to understand the sequence of events involved in an external attack on an organization's IT environment. Understanding the cyber-attack chain model can help IT security teams put strategies and technologies in place to "kill" or contain the attack at various stages, and better protect the IT ecosystem.
Attack Surface
Attack surface refers to the total number of points (attack vectors) where a hacker or unauthorized user might be able to exploit a vulnerability and gain access to enter or extract data from the environment. In network and information security, it is critical to keep the attack surface as small as possible—particularly when large amounts of personal data are stored on the network
Cloud Security/Cloud Computing Security
Cloud security—also called cloud computing security—refers to the discipline and practice of protecting cloud computing environments, applications, data, and information. Cloud security entails securing cloud environments against unauthorized use/access, distributed denial of service (DDOS) attacks, hackers, malware, and other risks. While cloud security applies to security for cloud environments, the related term, cloud-based security, refers to the software as a service (SaaS) delivery model of security services, which are hosted in the cloud rather than deployed via onpremise hardware or software.
Mitigate
If a vulnerability is found and there is no 'fix' or patch for it, for example, zero-day vulnerabilities, there are often steps you can take to reduce the risk. This is mitigation. For example, you could provide end-user training, or enact some temporary solution, such as disabling a service that significantly reduces your exposure
Endpoint Privilege Management
Organizations often give normal users admin rights (i.e. "the keys to the kingdom") in order to do their jobs. This creates a huge security risk as these users can do whatever they want on their machines, and are therefore prime targets for malicious insiders and outside attackers.
Password & Session Management
Organizations often struggle to find, manage, and monitor privileged credentials, leaving them at risk of data breaches.
Privileged Remote Access
Third-party vendors need privileged access - or the ability to elevate privileges or login as specific users - to do their jobs effectively. Organizations often lack visibility into what vendors and other insiders are doing when they access their networks, leaving them at risk of data breaches.
Systems Hardening
a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas. The goal of systems hardening is to reduce security risk by eliminating potential attack vectors and condensing the system's attack surface. By removing superfluous programs, accounts functions, applications, ports, permissions, access, etc. attackers and malware have fewer opportunities to gain a foothold within your IT ecosystem.
Zero-day Attack
a computer or software vulnerability that is unknown to computer security professionals who may be able to mitigate any damaging effects. Zero-day attacks are events when hackers take advantage of an exploit or vulnerability before the Zero-day "event" is known to security professionals. Zero-day may refer to before the 8 vulnerability has ever been revealed—or after the initial revealing, but before the vulnerability has been mitigated.
Active Directory
a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services.
DMZ
a lightly protected or unprotected subnet network positioned between an outer firewall and an organization's highly protected internal network. Bomgar is frequently placed within the DMZ
LDAP
a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.
Port
a specific way that one program/device etc. communicates with another. Example: Think of a router as a dock. You can park your boat only where you have been given permission to. Bomgar uses ports 80 and 443 (HTTP and HTTPS) to communicate with the internet and the LAN
Pass-the-Hash Attack (PtH)
a technique whereby an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication and potentially lateral access to other networked systems. The threat actor doesn't need to decrypt the hash to obtain a plain text password. PtH attacks exploit the authentication protocol, as the passwords hash remains static for every session until the password is rotated. Attackers commonly obtain hashes by scraping a system's active memory and other techniques.
Vulnerability
a term that refers to a flaw in a system that can leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.
Ransomware
a type of malicious software that disrupts computers, servers, and other devices by installing itself and then blocking access, deleting, or otherwise compromising legitimate data and applications. It typically demands a payment, or ransom, to "unlock" the computer and grant full access to the device and any related data and applications.
Password
a word, phrase, or string of characters intended to differentiate an authorized user or process (for the purpose of permitting access) from an unauthorized user, or put another way a password is used to prove one's identity, or authorize access to a resource. It's strongly implied that a password is secret. A password is usually paired with a username or other mechanism to provide authentication.
Secure Socket Shell (SSH) Key Management
also called Secure Shell Management, is a special network protocol leveraging public-key cryptography to enable authorized users to remotely access a computer or other device via access credentials called SSH keys. Because they are used to access sensitive resources and perform critical, highly privileged activities, it's vital to properly manage SSH keys as you would other sensitive credentials
Identity & Access Management (IAM)
also called identity management, refers to the IT security discipline, framework, and solutions for managing digital identities. Identity management encompasses the provisioning and de-provisioning of identities, securing and authentication of identities, and the authorization to access resources and/or perform certain actions. While a person (user) has only one singular digital identity, they may have many different accounts representing them. Each account can have different access controls, both per resource and per context.
Separation of Privilege
also called privilege separation, is an information technology best practice applied by organizations to broadly separate users and processes based on different levels of trust, needs, and privilege requirements. Similar to the concept of network segmentation, separation of privileges essentially creates "moats" around specific parts of an IT environment. It helps contain intruders close to the point of compromise and restrict lateral movement, while also ensuring that employees, applications, and system processes do not have access to more data than they need. Segmenting privileges and the tasks associated with them also provides the benefit of a cleaner audit trail and simplifying compliance.
Penetration Test
also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.
Hardcoded/Emb edded Passwords
also often referred to as embedded credentials, are plain text passwords or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non-encrypted) passwords and other secrets (SSH Keys, DevOps secrets, etc.) into the source code. Default, hardcoded passwords may be used across many of the same devices, applications, systems, which helps 3 simplify set up at scale, but at the same time, poses considerable cybersecurity risk.
File Integrity Monitoring
an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted. FIM, which is a type of change auditing, verifies and validates these files by comparing the latest versions of them to a known, trusted "baseline." If FIM detects that files have been altered, updated, or compromised, FIM can generate alerts to ensure further investigation, and if necessary, remediation takes place. File integrity monitoring encompasses both reactive (forensic) auditing as well as proactive, rules-based active monitoring.
Exploit
an attack on a computer system that takes advantage of a particular bug or vulnerability—typically used to gain unauthorized access to a system. Exploits may come in the form of software (malware), uniquely formatted data blocks, or even a series of commands
Managed Security Services Provider (MSP)
are IT service businesses that specialize in providing security-as-aservices offerings for their customers. While MSPs (managed services providers) have been around for 20+ years, MSSP practices have only begun to crop up and gain momentum in more recent years.
Privileged Access Management (PAM)
consists of the cybersecurity strategies and technologies for exerting control over the elevated ("privileged") access and permissions for users, accounts, processes, and systems across an IT environment. By dialing in the appropriate level of privileged access controls, PAM helps organizations condense their organization's attack surface, and prevent, or at least mitigate, the damage arising from external attacks as well as from insider malfeasance or negligence.
Superuser/Super user Accounts
highly privileged accounts primarily used for administration by specialized IT employees. A Superuser is an individual with access to such an account.
Active Directory Bridging
mechanism that allows users to log on to non-Windows systems using Active Directory login credentials
Remote Desktop Protocol (RDP)
network communications protocol for Windows-based applications. Comes with most versions of Windows
Least Privilege
often referred to as the principle of least privilege (PoLP), refers to the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, authorized activities. Privilege itself refers to the authorization to bypass certain security restraints. A least privilege security model entails enforcing the minimal level of user rights, or lowest clearance level, that allows the user to perform his/her role. However, least privilege also applies to processes, applications, systems, and devices (such as IoT), in that each should have only those permissions required to perform an authorized activity
Password Rotation
refers to the changing/resetting of a password(s). Limiting the lifespan of a password reduces vulnerability to password-based attacks and exploits, by condensing the window of time during which a stolen password may be valid
DevOps Security
refers to the discipline and practice of safeguarding the entire DevOps environment through strategies, policies, processes, and technology. DevOps security should enable a productive DevOps ecosystem, while helping to identify and remediate code vulnerabilities and operational weaknesses long before they become an issue.
Cyber Security
refers to the practice of reducing cyber risk through the protection of the entire information technology (IT) infrastructure, including systems, applications, hardware, software, and data. Information 2 security (InfoSec), or data security, is a chief component of cyber security and entails ensuring the confidentiality, integrity, and availability of data.
Vulnerability Assessment
refers to the process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the IT ecosystem. Vulnerability assessments provide security teams and other stakeholders with the information they need to analyze and prioritize risks for potential remediation in the proper context
Secrets Management
refers to the tools and methods for managing digital authentication credentials (secrets), including passwords, keys, APIs, and tokens for use in applications, services, privileged accounts and other sensitive parts of the IT ecosystem
Remediate
remediation is finding and applying a fix that eliminates the risk, for example, applying a patch. It is the permanent solution as opposed to a work-around.
Jump Point
remote support software that is installed on a single Windows device in the LAN that enables the Bomgar user to access the entire LAN. This is especially useful for networks that want to restrict access to their network from outside their Firewall.
Jump Client
remote support software that is installed on a single system and can provide immediate access to that device using the Bomgar Rep console, unattended or attended.
Vulnerability Scanning
the process of discovering, analyzing, and reporting on security flaws and vulnerabilities. Vulnerability scans are conducted via automated vulnerability scanning tools to identify potential risk exposures and attack vectors across an organization's networks, hardware, software, and systems. Vulnerability scanning and assessment is an essential step in the vulnerability management lifecycle.
Windows Auditing
the process of tracking, analyzing, and understanding events that take place on Windows-based computer systems. Windows auditing can reveal important contextual information about the who, what, when, and where, of system events. Administrators and security specialists can setup Windows auditing across various desktops, servers, and other devices on a Microsoft Windows-based network. Windows auditing watches for certain events taking place on Windows machines and logs those events. Security experts can then use computer forensic analysis to review these events and identify unusual or risky access or behavior.
Privileged Password Management
the secure storing, sharing, creating, and handling of privileged passwords. Privileged password management may alternatively be referred to as privileged credential management, enterprise password management, enterprise password management, enterprise password security
Managed Service Provider (MSP)
typically provides an array of IT services for their customers. While a traditional value-added reseller (VAR) operates on a transactional 4 and short-term basis (such as around a hardware/software purchase and deployment), MSPs typically forge long-term partnerships with their customers over annual, or multi-year periods, and receive recurring income for continuous services. While any type of customer may seek out an MSP depending on their needs, MSPs commonly serve small to mid-sized business which may be understaffed, with some organizations lacking an inhouse IT staff altogether
Active Directory Security
vital to protect user credentials, company systems, sensitive data, software applications, and more from unauthorized access. Active Directory (AD) is a Microsoft Windows directory service that allows IT administrators to manage users, applications, data, and various other aspects of their organization's network. A security compromise of AD can essentially undermine the integrity of your identity management infrastructure, leading to catastrophic levels of data leakage and/or system corruption/destruction.