Cybersecurity Explained

Cybersecurity is becoming increasingly complex. Many organizations offer resources and information on the fundamental principles of cybersecurity, including endpoint protection, security services, and different types of cyberattacks. If you need information about these cybersecurity topics and many others, Sophos has you covered.

Filter by term


An attack surface in cybersecurity is the entire area of all the possible points of entry through which a cybercriminal can penetrate your networks, applications, or systems.

AI (Artificial Intelligence) has revolutionized the way IT security professionals think about cybersecurity. Newer AI-powered cybersecurity  tools and systems have the ability to support providing even better data protection against threats by quickly recognizing behavior patterns, automating processes, and detecting anomalies.


A business email compromise (BEC) attack is when a cybercriminal targets your employees with convincing emails designed to trick users into clicking and downloading malicious files.  Once the attacker gains access to the network, they can learn more about your business or even block access, holding confidential information for ransom.


Cyber threat intelligence (CTI) represents evidence-based knowledge (e.g., context, mechanisms, indicators, implications, and action-oriented advice) about existing or emerging cyber threats.

A cybersecurity provider helps you keep pace with emerging cyberthreats and protect against cyberattacks and data breaches. With the right approach, you can select a cybersecurity provider that meets your expectations.

Cloud security protects modern enterprises from an ever-expanding digital attack surface. Cloud security involves keeping track of the data, workloads, and architecture changes in multiple cloud computing environments (such as AWS, GCP, Azure, and Kubernetes) and ensuring its safety from internal and external threats.

The outsourced model of cybersecurity-as-a-service means that, rather than handling it internally, organizations work with a third-party partner with the expertise and resources to continuously monitor their security posture.


Data breach prevention is a form of cybersecurity that is focused solely on stopping a data breach before it can take hold. A data breach is an incident resulting in the exposure of confidential, private, protected, or sensitive information. This includes corporate information, such as trade secrets or financial information, as well as personal data belonging to your partners, customers, and employees.


Today’s endpoint security must manage the chaos of a never-ending list of endpoint devices, all connecting to your organization’s infrastructure and accessing sensitive data. This is the challenge that the best cyber security companies are working to solve. How do you constantly monitor for any changes in the security posture of connected devices and keep everything secure?


Since it became law in 2018, the General Data Protection Regulation, commonly known as GDPR, has forced companies to rethink how they collect, store, share, and secure personal data belonging to private citizens.

Securing a multi-cloud environment is challenging due to the increased attack surface and lack of visibility across cloud hosts and services. This is where cloud governance enters the picture. Cloud governance is a framework of policies established by a business that will define and enforce how they create, store, and share data in the cloud and ensure regulatory compliance.


A honeypot is a cybersecurity defense technology that detects, lures, tracks, and analyzes unauthorized access to a website, computer systems and networks, or applications.


An IPS is an active security system that detects potential threats and takes automated actions to prevent or block them in real time. An IPS is a passive security system that monitors network traffic or system activities to identify potential security incidents, policy violations, or abnormal behavior.

Incident response refers to the process your business uses to manage a cyberattack or data breach. The process allows you to resolve a security incident and generate insights from it that you can use to prevent similar problems from happening.

Indicators of compromise (IOCs) are often considered to be "digital breadcrumbs. They consist of evidence that shows a cyberattack is underway. Additionally, IOCs can provide insights into the tools used during a cyberattack, who's behind the attack, and more. 


A keylogger is an insidious form of spyware. It's also a legal and sometimes ethical tool to monitor the activity of employees and even your kids as they interact online.


The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework was designed for a simple reason: to solve problems for a safer world. This framework is available for free to anyone that wants to level up their cybersecurity. Your organization can use the MITRE ATT&CK framework to understand how cybercriminals operate. From here, you can prepare for cyberattacks and limit your risk of data breaches.

Mobile device management (MDM) is security software that lets your business implement policies to secure, monitor, and manage your end-user mobile devices. The software also protects your network devices and allows your employees to work remotely without compromising their security.

A managed security service provider (MSSP) protects an organization's applications, devices, and systems against cyberthreats. You can hire an MSSP to handle some or all aspects of your cyber protection. If you do, your service provider will manage your cybersecurity in alignment with your organization's security needs.

Managed detection and response (MDR) is a fully-managed, 24/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent. By combining human expertise with protection technologies and advanced machine learning models, MDR analysts can detect, investigate, and neutralize advanced human-led attacks, preventing data breaches and ransomware.

Demand for MDR services is soaring and Gartner predicts that by 2025, half of organizations will be using MDR services.


A network detection and response solution uses AI, Machine Learning, and other non-signature-based analytical techniques to identify and respond to suspicious network activity.

Next-generation antivirus (NGAV) software protects your business against known and unknown cyberthreats. The software looks at your files, processes, applications, and network connections and the relationships between them. This helps you identify malicious intent, behaviors, and activities — and block them.

Network security includes any solutions that your organization utilizes to protect its network applications, devices, and users. Network security as a service gives organizations the option to outsource their data protection to a team of IT security professionals.


A phishing attack involves a cybercriminal masquerading as a reputable source with an enticing request or offer, usually delivered by email. The attacker lures the victim into handing over their personal information, often high-value identity credentials, through deception. Once the cybercriminal acquires these credentials, business email compromise and account takeovers are the next steps. This is where the cybercriminal can do the most damage to your business because once they take over an employee’s legitimate account, they’re difficult to identify and stop.

Unlike broad phishing attacks, spear phishing attacks are designed to target specific individuals or organizations.  Cyber criminals have done their research and once the victim clicks, the damage is done. 


There is no stopping ransomware attacks. However, businesses can use tried-and-true ransomware mitigation technologies and techniques to address these attacks before they get out of hand.

Organizations of all sizes need to be aware of Ransomware-as-a-Service (RaaS). Due to the RaaS delivery model, and it’s a quickly growing threat to your data and systems because criminals with virtually no technical knowledge can execute a ransomware attack easily for a significant profit.


Secure Access Service Edge, more commonly known as SASE (pronounced “Sassy”), is the next iteration of cybersecurity in the cloud.

Supervisory control and data acquisition (SCADA) refers to a system commonly used by natural gas companies and other utility providers.

Security as a service (SECaaS) is a form of outsourced security. With SECaaS, you receive cybersecurity services delivered through the cloud.

A security operations center (SOC) is a team of security analysts, engineers, and others who monitor, detect, respond to, and remediate cyberthreats. The SOC team ensures security issues are instantly identified and addressed 24/7/365.

The server hardening process reduces your business' attack surface and helps you guard against ransomware, malware, and other cyberthreats. You can follow this process to protect all points of entry against cyberattacks, address cybersecurity weaknesses, and optimize your security posture.

Businesses use security information and event management (SIEM) technology to track cyberthreats, monitor and analyze security events in real time, and log security data.

In the field of modern software and application development, a Software Development Kit (SDK) represents a comprehensive tool or utility that helps programmers and developers with a variety of resources to write software programs and build custom applications. SDKs are widely used in the cybersecurity industry too. Anti-malware, Anti-spam, Email Filtering and Data Loss Prevention (DLP) are some commonly used SDKs by various security vendors.


Organization’s can’t risk being passive when it comes to cybersecurity. Today’s malicious actors are more cunning than ever, increasingly deploying evasive human-led techniques to conduct their attacks. 

A threat actor is anyone who is either a key driver of or participates in a malicious action that targets an organization's IT security.

Telemetry refers to the collection, transmission, and measurement of data. It involves the use of sensors to retrieve information from remote sources. The telemetry you collect gives you insights that you can use to effectively administer and manage your IT infrastructure.

Businesses use threat intelligence to understand cyberattacks and why they occur. From here, companies can find the best ways to stop advanced threats. They can also get the best security outcomes now and in the future.


A Virtual Private Network (VPN) is essential to support remote or hybrid workers. A VPN uses encryption and a secure network connection to protect internet users from exposure to cybercriminals. A VPN lets users bypass geo-blocks, regardless of where they live or work.


From data storage and databases to virtual servers, containers, and networking software, cloud workloads are an essential technology to create, collaborate, solve problems, and get work done from anywhere.


Extended detection and response (XDR) is a cybersecurity tool that identifies cyberthreats by integrating multiple security services into one system. It extends the scope of your security beyond your endpoints.


Zero trust security solutions require end-users to be continuously authenticated, authorized, and validated. As such, they enable your business to secure access to its applications and data 24/7/365.