Skip to main content

Glossary

Breach and Attack Simulation (BAS)

BAS is an advanced method of testing security environments by simulating likely attack paths and techniques commonly used by attackers. This process identifies vulnerabilities, much like a penetration test, except it's continuous and automated.

Learn More
Business Context

The business context is identifying an asset or service that is associated with the organization or team that controls it. Understanding the business context provides insight into the extent of the organization’s true attack surface, locating and monitoring otherwise “hidden” assets.

Beyond monitoring, business context also helps to identify the likely owner so is part of automatic attribution. This raises awareness of potential risks to help enlist help in sealing security gaps.

Learn More
Banner Grabbing

Banner grabbing is a process of collecting intelligence about IT assets and the services available on those assets. Banners provide information such as the version of software running on a system. That intelligence can be used by IT and Security administrators, or by attackers, to get a sense of what vulnerabilities may be present on the asset. Banners provide limited value because the only security issues they might indicate are software version-related (e.g., CVEs) and even then banners won’t reflect that a system has been patched. Therefore, banner grabbing is prone to false-positives.

Learn More
Botnet

A botnet is a collection of internet-connected systems each running remotely controlled software that performs a variety of tasks. Botnets are highly useful for performing distributed, coordinated activities. While botnets are infamous for their use by malicious actors to perform distributed denial of service (DDoS) attacks, they can be used for positive activities. For example, the CyCognito platform uses a botnet to perform reconnaissance by continuously detecting and security testing IT assets from locations across the world, at multiple intervals, undetectably and non-intrusively.

Learn More