Tips & Tools

skout-tips
  • Visibility

    Visibility

    icon15

    It is important to have full visibility on all your endpoints. That way if a problem occurs, you will know. Many companies are periodically checking firewall logs, but that is not enough to detect an advanced breach. Every system generates logs and it is hard to make sense out of them all without a solution that correlates them and provides detailed alerts. SKOUT Solves this problem.

    Based on the 2018 Verizon Data Breach Report
  • Endpoint Protection

    Endpoint Protection

    icon16

    51% of breaches involved malware. We cover your bases. Malware is classified as software that is designed with the intention of causing damage to your devices, whether they are phones, servers, laptops, or any other kind of device in the IoT.

    Malware often takes the form of code, innocuous content, scripts, or software. With SKOUT’s end-to-end protection you can rest assured that all vulnerable points within your system are accounted for and safeguarded, reducing the risk of falling victim to malware.

    Based on the 2018 Verizon Data Breach Report
  • Education

    Education

    icon17

    With 43% of breaches involving social attacks, cybersecurity is a team sport. We get your employees up to speed.

    Our maturity model makes sure that every team is able to set and reach security benchmarks by meeting cybersecurity requirements. Requirements range from individual firewalls to a team’s complex password system. Small changes often make a difference when it comes to avoiding a cybersecurity crisis and allows you to find trouble before trouble finds you.

    Based on the 2018 Verizon Data Breach Report
  • Secure Credentials

    Secure Credentials

    icon18

    81% of attacks involve stolen or weak credentials. The easiest way to protect yourself from stolen credentials is to make sure that they are not easy to replicate. This means including multiple characters and numbers in your passwords, and not reusing the same passwords for multiple accounts. Never store your passwords in one central location. The easiest way to remember a complex password is to create an anagram of an easy to remember sentence.

    Based on the 2018 Verizon Data Breach Report
skout-glossary

Bluetooth

A set of technologies which allow devices to communicate with each other over short distances (typically 33 feet or less) that does not rely on WiFi or other standard IP-based networking.

Botnet

A network of connected devices running bots that can be used to attack a network.

Breach

Noun: The result of a theft of data from an organization’s systems Verb: To gain unauthorized access to an organization’s systems

Cloud

A collection of shared resources (networks, virtual machines, storage, etc.) that are used by multiple tenants simultaneously.

CVE

(Common Vulnerabilities and Exposures) A formal and internationally recognized definition and description of a known Vulnerability – maintained within a public database by the non-profit MITRE Corporation.

Darkweb

An international set of networks which are only accessible through the use of specialized software and not directly accessible through the public Internet without that specialized software.

DDOS

(Distributed Denial of Service) A form of cyber attack that sends an overwhelming amount of illegitimate traffic to a website or online service with the intent to make it unavailable to legitimate users

DLP

(Data Loss Prevention) Software systems designed to track and limit the movement of files and other data within and outside of an organization.

Domain

A group of users and resources (servers, printers, networks, desktops, etc.) that communicate with each other and share a common security structure.

Dwell Time

The amount of time a threat actor is able to remain within a data system before they are discovered.

Encryption

The act of using obfuscation techniques to render data unusable to anyone who does not have the appropriate digital keys to remove that obfuscation.

Endpoint

A user device (laptop, desktop, mobile device, etc.) or other individual system that is connected to a network and is not a networking device itself.

Exploit

Noun: A method used by a threat actor to gain unauthorized access to a system Verb: To leverage a vulnerability to gain unauthorized access to a system

Firewall

A networking device that is designed to permit or block types or classes of network traffic from entering or leaving that network.

Hacker

Colloquial term for any person who attempts to utilize hardware and/or software in a way not intended by the manufacturer.  Not to be confused with Threat Actor – a person who hacks for malicious purposes –  as Hackers may perform these actions for non-malicious purposes such as security training or recreation without any malicious intent.

Hashing and Salting

The act of using various techniques to ensure that provided data (such as passwords) is not stored in a format that is easy for an unauthorized user to guess or recognize.  Typically performed on groups of sensitive data that must be stored in a collective database so that the data is virtually unusable if that database is stolen.

Incident

Any event or group of events which is identified as malicious or otherwise may indicate or prove data theft, unauthorized access, or other non-sanctioned activity.

IP Address

A numeric or alphanumeric digital designation for a device connected to a network, used so that other devices can communicate with it.

Juice Jacking

The act of using the data-transfer function of a charge and sync cable (for mobile devices, etc.) to steal information from a device plugged into a USB port for charging purposes.

Location Services

Any of a group of technologies - such as Global Positioning Satellite (GPS) tools -designed to identify the general or specific physical location of a person, device, or object.

Malware

Software that is designed to create an unwanted, damaging, or dangerous end-result on a computer system; or enable the theft or destruction of data on a computer system.

MSSP

(Managed Security Service Provider) An organization which provides various security and defensive operations for customers and their organizations.

Penetration Test

A controlled and authorized attempt to break into a data system, network, or platform in an effort to uncover security issues and exploitable vulnerabilities.

Phishing

Noun: An attempt, via email, to trick or coerce a user into providing sensitive information that they normally would not divulge; such as user credentials. Verb: The act of using email messaging systems to attempt to trick or coerce a user into divulging sensitive information.

Ransomware

Malware which specifically seeks to encrypt (lock) user files in order to extort a monetary fee to decrypt (unlock) them.

Red Team

Cybersecurity professionals who focus on controlled and authorized attacks on data systems in an effort to uncover security vulnerabilities.

Remediation

The act of correcting or otherwise providing defense against a newly discovered Vulnerability.

Session Hijacking

The act of “piggybacking” on a legitimate login or access session in order to perform unauthorized activities in the guise of that legitimate user.

SIEM

(Security Information and Event Management) Software platforms that are used to collect and collate security telemetry and other data in order for it to be analyzed and investigated.

SOC

(Security Operations Center) A facility for housing necessary personnel and systems used to collect, sort, analyze, and investigate cybersecurity information and threats.

Social Engineering

The act of using known information about a user (from public sources like social media or private sources which have been breached) in order to trick or coerce that user into divulging sensitive information.

Software

Computer code used to run a machine, and applications and programs on that run on that machine.

Spear-Phishing

The act of sending highly-targeted Phishing emails to attempt to trick or coerce specific users (such as a CEO or Division Manager) into divulging sensitive information.  Differs from Phishing in that these attacks are targeted to specific individuals instead of more broadly mass-mailed.

Threat Actor

Term used to identify persons who attempt to utilize hardware and software in a way not intended by the manufacturer expressly for malicious purposes; such as the destruction of systems or the theft of information.

TOR

(The Onion Router) Any of a group of specialized software tools designed to allow for anonymous communication and to gain access to the Darkweb or Deepweb.

Trojan Horse

Malicious software which is contained within another – usually benign – software package or application.  Used to trick a user into opening the malicious software when they open/interact with the benign application, document, email, etc.

Virus

Malicious software capable of replicating and spreading itself beyond an initial user interaction by co-opting or corrupting applications and networks.

Vishing

The act of attempting to trick or coerce an individual into divulging sensitive information via misleading phone calls and/or voicemail messages.

VPN

(Virtual Private Network) Software which creates a secured communications channel within another – potentially unsecure – network or communications channel.

Vulnerability

A flaw or weakness in a networking device, operating system, or software which permits a threat actor to gain unauthorized access to a system

Vulnerability Scan

A protocol for searching a set of devices and/or a network for known vulnerabilities.

Worm

Malicious software that is capable of replicating and spreading itself without any user interaction at all.

WPA and WEP

(Wireless Protected Access and Wired Equivalent Privacy) Methods for securing WiFi communications between the Endpoints and the Wireless Access Point they connect to.

Bluetooth

A set of technologies which allow devices to communicate with each other over short distances (typically 33 feet or less) that does not rely on WiFi or other standard IP-based networking.

Botnet

A network of connected devices running bots that can be used to attack a network.

Breach

Noun: The result of a theft of data from an organization’s systems Verb: To gain unauthorized access to an organization’s systems

Cloud

A collection of shared resources (networks, virtual machines, storage, etc.) that are used by multiple tenants simultaneously.

CVE

(Common Vulnerabilities and Exposures) A formal and internationally recognized definition and description of a known Vulnerability – maintained within a public database by the non-profit MITRE Corporation.

Darkweb

An international set of networks which are only accessible through the use of specialized software and not directly accessible through the public Internet without that specialized software.

DDOS

(Distributed Denial of Service) A form of cyber attack that sends an overwhelming amount of illegitimate traffic to a website or online service with the intent to make it unavailable to legitimate users

DLP

(Data Loss Prevention) Software systems designed to track and limit the movement of files and other data within and outside of an organization.

Domain

A group of users and resources (servers, printers, networks, desktops, etc.) that communicate with each other and share a common security structure.

Dwell Time

The amount of time a threat actor is able to remain within a data system before they are discovered.

Encryption

The act of using obfuscation techniques to render data unusable to anyone who does not have the appropriate digital keys to remove that obfuscation.

Endpoint

A user device (laptop, desktop, mobile device, etc.) or other individual system that is connected to a network and is not a networking device itself.

Exploit

Noun: A method used by a threat actor to gain unauthorized access to a system Verb: To leverage a vulnerability to gain unauthorized access to a system

Firewall

A networking device that is designed to permit or block types or classes of network traffic from entering or leaving that network.

Hacker

Colloquial term for any person who attempts to utilize hardware and/or software in a way not intended by the manufacturer.  Not to be confused with Threat Actor – a person who hacks for malicious purposes –  as Hackers may perform these actions for non-malicious purposes such as security training or recreation without any malicious intent.

Hashing and Salting

The act of using various techniques to ensure that provided data (such as passwords) is not stored in a format that is easy for an unauthorized user to guess or recognize.  Typically performed on groups of sensitive data that must be stored in a collective database so that the data is virtually unusable if that database is stolen.

Incident

Any event or group of events which is identified as malicious or otherwise may indicate or prove data theft, unauthorized access, or other non-sanctioned activity.

IP Address

A numeric or alphanumeric digital designation for a device connected to a network, used so that other devices can communicate with it.

Juice Jacking

The act of using the data-transfer function of a charge and sync cable (for mobile devices, etc.) to steal information from a device plugged into a USB port for charging purposes.

Location Services

Any of a group of technologies - such as Global Positioning Satellite (GPS) tools -designed to identify the general or specific physical location of a person, device, or object.

Malware

Software that is designed to create an unwanted, damaging, or dangerous end-result on a computer system; or enable the theft or destruction of data on a computer system.

MSSP

(Managed Security Service Provider) An organization which provides various security and defensive operations for customers and their organizations.

Penetration Test

A controlled and authorized attempt to break into a data system, network, or platform in an effort to uncover security issues and exploitable vulnerabilities.

Phishing

Noun: An attempt, via email, to trick or coerce a user into providing sensitive information that they normally would not divulge; such as user credentials. Verb: The act of using email messaging systems to attempt to trick or coerce a user into divulging sensitive information.

Ransomware

Malware which specifically seeks to encrypt (lock) user files in order to extort a monetary fee to decrypt (unlock) them.

Red Team

Cybersecurity professionals who focus on controlled and authorized attacks on data systems in an effort to uncover security vulnerabilities.

Remediation

The act of correcting or otherwise providing defense against a newly discovered Vulnerability.

Session Hijacking

The act of “piggybacking” on a legitimate login or access session in order to perform unauthorized activities in the guise of that legitimate user.

SIEM

(Security Information and Event Management) Software platforms that are used to collect and collate security telemetry and other data in order for it to be analyzed and investigated.

SOC

(Security Operations Center) A facility for housing necessary personnel and systems used to collect, sort, analyze, and investigate cybersecurity information and threats.

Social Engineering

The act of using known information about a user (from public sources like social media or private sources which have been breached) in order to trick or coerce that user into divulging sensitive information.

Software

Computer code used to run a machine, and applications and programs on that run on that machine.

Spear-Phishing

The act of sending highly-targeted Phishing emails to attempt to trick or coerce specific users (such as a CEO or Division Manager) into divulging sensitive information.  Differs from Phishing in that these attacks are targeted to specific individuals instead of more broadly mass-mailed.

Threat Actor

Term used to identify persons who attempt to utilize hardware and software in a way not intended by the manufacturer expressly for malicious purposes; such as the destruction of systems or the theft of information.

TOR

(The Onion Router) Any of a group of specialized software tools designed to allow for anonymous communication and to gain access to the Darkweb or Deepweb.

Trojan Horse

Malicious software which is contained within another – usually benign – software package or application.  Used to trick a user into opening the malicious software when they open/interact with the benign application, document, email, etc.

Virus

Malicious software capable of replicating and spreading itself beyond an initial user interaction by co-opting or corrupting applications and networks.

Vishing

The act of attempting to trick or coerce an individual into divulging sensitive information via misleading phone calls and/or voicemail messages.

VPN

(Virtual Private Network) Software which creates a secured communications channel within another – potentially unsecure – network or communications channel.

Vulnerability

A flaw or weakness in a networking device, operating system, or software which permits a threat actor to gain unauthorized access to a system

Vulnerability Scan

A protocol for searching a set of devices and/or a network for known vulnerabilities.

Worm

Malicious software that is capable of replicating and spreading itself without any user interaction at all.

WPA and WEP

(Wireless Protected Access and Wired Equivalent Privacy) Methods for securing WiFi communications between the Endpoints and the Wireless Access Point they connect to.
skout-faqs
  • Who gets the alerts when there is a problem?
    A predetermined alerting tree is mutually agreed upon for each customer. The IT Team/MSP will always be alerted when there is a problem. In the event of a high alert, the alerting tree will be followed. The IT team/MSP and a company executive will be called if that was the agreed upon course of action.
  • How do I contact SKOUT?
    If a problem occurs, you can always reach our Security Operations Center via phone or email. For general inquiries email info@getskout.com