Glossary

Multi-factor authentication is an authentication method requiring users to supply more than one distinct authentication factor to gain access to a resource such as an application, online account, or VPN. These factors include something you know (such as a password or PIN), something you have (such as a token or key), or something you are (such as your fingerprint).

MFA is a core component of a strong identity and access management (IAM) policy. Rather than asking for a username and password, MFA requires one or more additional verification factors. This significantly decreases the likelihood of a successful cyber attack.

MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) resource development is a framework for an attacker’s pre-attack preparation on gathering resources to support an operation. Resource development consists of techniques the attacker uses to create, purchase, or compromise resources to aid in targeting. These resources include infrastructure, accounts, or capabilities.

MITRE ATT&CK outlines seven techniques, from acquiring infrastructure such as domains and DNS servers, to compromising email and social media accounts.

MITRE PRE-ATT&CK was a framework of tactics and techniques to help uncover the many pre-compromise behaviors attackers perform. It was deprecated and removed by MITRE in late 2020 and has since been rolled into the Enterprise matrix under Reconnaissance and the Resource Development categories. Those techniques can also be found under the MITRE Enterprise > PRE matrix, and the primary Enterprise matrix also lists Initial Access techniques as well as additional technique categories that follow an attack to execution.

MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is a curated, globally accessible knowledgebase of adversary tactics and techniques based on real-world observations. The framework represents the various phases of an attack lifecycle, as well as the platforms targeted. While the majority of the ATT&CK framework is geared towards providing insight into detecting attackers in real time during an attack, its Reconnaissance and Resource Development tactics (previously known as Pre-ATT&CK) are focused on an attacker's pre-attack preparation.

MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) initial access is a framework for an attacker’s strategy to get into your network. Initial access involves targeted spear phishing and exploiting public-facing web servers, which may allow for continued access and use of external remote services.

MITRE ATT&CK outlines nine techniques ranging from supply chain compromise to hardware additions.

MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) reconnaissance is a framework outlining an attacker’s pre-attack preparation on gathering useful information for future operations. Reconnaissance involves the active or passive gathering of information, which may include details of the victim organization, infrastructure, or staff and personnel. This information is leveraged to aid in other phases of the attack.

MITRE ATT&CK outlines 10 techniques ranging from active scanning to searching open technical databases.

Machine learning is a branch of artificial intelligence describing the study of computer programs that leverage algorithms and statistical models to improve automation without explicit programming. This is used to improve the capabilities of a machine, software, or program by allowing it to essentially program itself using data.

Machine learning can be broken down into three major components: a decision process, an error function and model optimization. The decision process uses an algorithm to make predictions or classifications. The error function evaluates the efficacy of the prediction. Finally, the model optimization process iterates the data and outcome, adjusting different weights until it fits into a certain degree of accuracy.

Maltego is an open-source intelligence (OSINT) tool for gathering and connecting data on the internet and illustrating relationships and links between things on a node-based graph. The platform offers a graphical user interface (GUI) that allows security professionals to mine data and helps IT and security teams build a picture of threats, their complexity and severity.