Glossary of Ransomware Protection Terms
As ransomware threats continue to grow, businesses are seeking reliable and comprehensive protection. But the process of finding a suitable technology partner can be complicated and confusing. To help you better navigate the array of solutions available, we have provided a glossary of some common cybersecurity terms and their definitions related to ransomware protection.
Air Gapping: Air Gapping is a security measure employed on one or more computers to ensure it is physically isolated from any unsecured networks, such as the public Internet or a local area network. This means the device has no interface controllers connected to other networks, creating a physical or conceptual “air” gap. The term is analogous to the “air gap” used in plumbing to maintain water quality.
EDR/ETDR: Endpoint Detection and Response (EDR), or Endpoint Threat Detection and Response (ETDR), is a security solution that monitors, detects and investigates suspicious activities on hosts and endpoints. It employs automation that allows security teams to quickly identify and respond to threats.
The primary functions of an EDR security system are to:
- Monitor and collect activity data from endpoints that may indicate a threat.
- Analyze the internal data for potential threat patterns.
- Automatically respond by removing or containing threats and notifying security personnel.
- Utilize forensic and analysis tools to proactively research threats and search for suspicious activities.
Immutability: Immutability refers to the security and integrity of an organization’s critical data, especially backup data, and the assurance that this data cannot be altered or destroyed.
MDR: Managed Detection and Response (MDR) is an outsourced 24/7 cybersecurity service that proactively seeks out cyber threats to protect an organization’s IT infrastructure and data they can focus on their primary operations. MDR includes a range of security activities including cloud-managed security, advanced analytics and threat intelligence, along with an expertise in incident investigation and response.
Playbook/Runbook: A Cyber Security Playbook defines the roles and responsibilities for members of an organization in response to a cyber security incident. It identifies the communications team and a contact liaison between the board and the rest of the organization. Playbooks also establish formal processes and procedures to ensure that required steps are systematically followed during the response and investigation. This helps organizations meet and comply with regulatory frameworks like NIST or GDPR. Playbooks support procedures, like breach notification and technical processes such as malware reverse engineering.
Runbooks typically define the automated steps of incident response like data enrichment, threat containment, and sending notifications. Automation significantly speeds up the assessment, containment and investigation of threats.
Used together, Incident Response playbooks and runbooks provide users with flexible methods for coordinating complex security workflows.
Ransomware: Ransomware is a type of malicious software used to gain control of an organization’s computer systems or private data. The attacker then forces the company to pay a ransom—usually some form of crypto-currency—in exchange for a decryption key to restore access.
RPaaS™ : InterVision’s Ransomware Protection as a Service™ (RPaaS™) is the industry’s first solution and only holistic approach to ransomware threats, focusing on the entire lifecycle of detection, protection, and recovery.
SLA: A Service Level Agreement (SLA) is a document that defines the level of service expected from a vendor. It lists the specific metrics to measure the services rendered and compensatory actions if those service levels are not achieved. An SLA is a critical component of any technology vendor contract.
SOC/SOCaaS: A Security Operations Center (SOC) is an organization’s central command post that monitors and analyzes data from across all of its networks, devices and databases. The goal is improving the overall security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. Some organizations outsource their SOC functions and infrastructure to a third-party technology vendor “as a Service.”
vCISO: A Virtual Chief Information Security Officer (vCISO) is a cybersecurity expert that helps an organization protect their infrastructure, data, people and customers. A vCISO builds the cybersecurity program and works closely with the existing management and technical teams to establish preventative measures and also during a cyber incident response.
Comprehensive Ransomware Protection
If you are concerned about ransomware threats, InterVision has developed Ransomware Protection as a Service™ (RPaaS™) to provide end-to-end protection from ransomware attacks. InterVision has been helping businesses solve IT problems for more than 25 years. Our team can develop a comprehensive ransomware protection plan tailored specifically for your needs. Don’t wait to become a ransomware victim. Visit our website or call 844-622-5710 to speak with one of our experts today.