Glossary

A rundown of the current terms and concepts in the cybersecurity universe.

Attack Surface
The Attack Surface is the sum of all the different points (or attack vectors) where an unauthorised user (an attacker) can try to enter data to, extract data from, or control a system or network. This includes known, unknown, and unpatched vulnerabilities across an organisation's hardware, software, network components, and even human vulnerabilities (social engineering). Reducing the attack surface is a core security goal.

External Attack Surface Management
EASM is the continuous process of discovering, inventorying, and monitoring an organisation's internet-facing assets (its external attack surface) for potential vulnerabilities and security gaps, from an attacker's perspective.

CVE
CVE stands for Common Vulnerabilities and Exposures and is a list of publicly discovered computer security flaws. A CVE is assigned to a CVE ID number. The CVE programme is overseen by the MITRE corporation. CVE IDs give users a reliable way to recognise vulnerabilities.

CVSS Score
CVSS stands for Common Vulnerability Scoring System. It is a standardised system that is used to assess the severity of software vulnerabilities. The score is presented in a numerical format. A typical CVSS score is represented as a numerical value between 0.0 and 10.0. The higher the score, the more severe the vulnerability. ACDS’ Observatory solution uses v2 and v3.1 CVSS scoring.

EPSS Score
EPSS stands for Exploit Prediction Scoring System. This score measures the likelihood of a software vulnerability being exploited in the wild. EPSS scores range from 0 to 100. The higher the score, the greater the possibility that the vulnerability will be exploited.

EPSS Percentile
This is a direct function of the EPSS score, which positions that specific CVE in the percentile where the rest of the CVEs were scored lower by the system. E.g. a CVE with a percentile of 55% means that 55% of the other CVEs have a lower EPSS score.

KEV (Known Exploited Vulnerabilities)
CISA’s Known Exploited Vulnerabilities (KEV) list includes an authoritative source of vulnerabilities that have been exploited in the wild. The list is maintained by CISA (Cybersecurity and Infrastructure Security Agency). Organisations should prioritise CVEs on this list to protect their systems. See CISA.gov for more information.

Domain Name
Domain names are used to identify internet resources and provide a way to navigate and identify specific web pages or online services. Domain names are used in URLs and can be found after ‘www.’, e.g., acdsglobal.com.

Subdomain
A subdomain is appended to the main domain name and is often used for separate sections or branches within a website. An example of a subdomain is blog.acdsglobal.com. Subdomains are part of the Domain Name System (DNS) and can have their own DNS records, which can be pointed to different IP addresses or servers than the main domain.

Internet Protocol (IP) v4 Address
An IPv4 Address is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. It is a 32-bit number typically represented in dot-decimal notation (e.g., 192.168.1.1). It provides approximately 4.3 billion unique addresses, which are now largely exhausted, leading to the development of IPv6.

Internet Protocol (IP) v6 Address
An IPv6 Address is the successor to IPv4, designed to solve the problem of IPv4 address depletion. It is a 128-bit number typically represented as eight groups of four hexadecimal digits separated by colons (e.g., 2001 :0db8 : 85a3 : 0000 : 0000: 8a2e : 0370 : 7334). It offers a vastly larger address space.

Passive Scanning
At ACDS, we use various data sources and data collection methods to build a comprehensive view of an organisation’s external attack surface. Starting with passive scans and data sources like DNS resolution and Certificate Transparency logs, we carefully craft a full picture of all internet-connected assets for an organisation, supplementing these data sources with low and no-impact scanning, retrieving small snippets of data from internet-facing endpoints via interactions that are far less than a user interacting with a website via their browser. We have developed these Passive & Lo/No Impact scanning methods from many months of R&D, doing full-internet scanning, enabling us to gain the most valuable information possible from internet-connected devices with the smallest possible footprint. These methods, which we are constantly improving and evolving, allow us to stay under limits set by firewalls and perimeter defense tools, so we have the greatest chance of capturing valuable information at the lowest level risk to an organisation. Our scanning practices adhere to the norms set forward by the UK Government’s cyber defence agency—UK National Cyber Security Centre—for responsible global internet scanning for cyber security research and defence purposes.

Shadow IT
Shadow IT refers to the use of hardware, software, cloud services, and other IT resources by employees or departments without the knowledge, approval, or oversight of the central IT or security team. This poses a significant security risk as these unmanaged assets are often unpatched, misconfigured, or unprotected, thereby expanding the organisation's attack surface.

Supply Chain Risk
Supply Chain Risk in cybersecurity is the potential for an organisation's network or systems to be compromised through vulnerabilities in its suppliers, vendors, or business partners. This often occurs when a threat actor targets a less-secure third party to gain indirect access to the main organisation's sensitive data or systems.

Third Party Risk
Third-party risk is the security risk presented by any external entity (like a vendor, contractor, or business partner) that has access to an organisation's sensitive data, systems, or intellectual property. Managing this risk involves assessing and controlling the security practices of these external parties to prevent breaches.

Web Application Firewall (WAF)
A WAF is a security tool designed to protect web applications from common attacks, such as SQL injection, cross-site scripting (XSS), and cross-site forgery. It monitors and filters the HTTP traffic between a web application and the Internet, inspecting incoming and outgoing data against a set of rules to block malicious requests.

Web Applications
Web Applications are client-server computer programs that run on a web server and are accessed by users over a network (like the internet) using a web browser. Examples include online banking portals, social media platforms, e-commerce stores, and corporate resource planning systems. They are a common target for cyberattacks.