Fileless malware detection focuses on identifying harmful software that operates in a computer’s memory, without leaving files behind on the hard drive. Unlike traditional viruses that can be found and removed by scanning files, fileless malware hides in running processes, scripts, or legitimate software tools. Detecting this type of threat often requires monitoring system behaviour,…
Category: Threat Detection and Response
Runtime Application Self-Protection (RASP)
Runtime Application Self-Protection (RASP) is a security technology built into an application to monitor and protect it as it runs. RASP works by detecting and blocking attacks in real time from within the application itself. It helps identify threats such as code injection or unauthorised access, often stopping them before they can cause any damage.
Network Traffic Analysis
Network traffic analysis is the process of monitoring, capturing, and examining data packets as they travel across a computer network. This helps identify patterns, detect unusual activity, and ensure that the network is running smoothly. It is used by IT professionals to troubleshoot problems, improve performance, and enhance security by spotting threats or unauthorised access.
Intrusion Detection Systems
Intrusion Detection Systems, or IDS, are security tools designed to monitor computer networks or systems for suspicious activity. They help identify unauthorised access, misuse, or attacks by analysing network traffic or system logs. IDS can alert administrators when unusual behaviour is detected, allowing them to take action to prevent harm or data loss. These systems…
Honeypot Deployment
Honeypot deployment refers to setting up a decoy computer system or network service designed to attract and monitor unauthorised access attempts. The honeypot looks like a real target but contains no valuable data, allowing security teams to observe attacker behaviour without risking genuine assets. By analysing the interactions, organisations can improve their defences and learn…
Attack Vector Analysis
Attack Vector Analysis is the process of identifying and understanding the various ways an attacker could gain unauthorised access to a system or data. It involves examining the different paths, weaknesses, or points of entry that could be exploited by cybercriminals. By studying these potential threats, organisations can strengthen defences and reduce the risk of…
Threat Modeling
Threat modelling is a process used to identify, assess and address potential security risks in a system before they can be exploited. It involves looking at a system or application, figuring out what could go wrong, and planning ways to prevent or reduce the impact of those risks. This is a proactive approach, helping teams…
DNS Tunneling
DNS tunnelling is a technique that uses the Domain Name System (DNS) protocol to transfer data that is not usually allowed by network restrictions. It works by encoding data inside DNS queries and responses, which are typically allowed through firewalls since DNS is essential for most internet activities. This method can be used for both…
Threat Hunting
Threat hunting is a proactive cybersecurity practice where experts search for signs of hidden threats or attackers in computer systems and networks. Instead of waiting for automated tools to alert them, specialists actively look for unusual patterns or suspicious activities that might indicate a security breach. This helps organisations find and fix problems before they…
Zero-Day Exploit
A zero-day exploit is a cyberattack that takes advantage of a software vulnerability before the developer knows about it or has fixed it. Because the flaw is unknown to the software maker, there is no patch or defence available when the exploit is first used. This makes zero-day exploits particularly dangerous, as attackers can access…