Word of the Day: Tech Definitions from WhatIs.com

August 9, 2018  10:34 PM

AWS CloudTrail

Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

AWS CloudTrail is an application program interface (API) call-recording and log-monitoring Web service offered by Amazon Web Services (AWS). Continued…

Quote of the Day

“AWS CloudTrail logs all API calls, which means it generates a lot of data, but digging for useful data among all the logs takes some work.” – Brian Tarbox

Learning Center
Key considerations when buying AWS cost management tools
Keep expenses under control in a multi-cloud AWS infrastructure with third-party AWS cost management tools and the usage reports, cost reports, platform support, optimization and security features that they offer.

Five AWS IAM best practices to bolster cloud security
AWS IAM best practices are a key part of any secure cloud deployment. Admins, for example, need to ensure they carefully create and manage user access policies and roles, and enlist other native and third-party security tools, as needed, to fortify their resources.

Considering cloud threat intelligence and detection services
Cloud threat intelligence services can help enterprises detect and prevent threats to their systems. Here’s a look at some of the available options for a cloud threat detection service.

Parsing AWS CloudTrail logs for useful information
AWS CloudTrail has a log all or nothing approach, which means it generates a lot of data. Finding the CloudTrail logs that are most meaningful to your enterprise can be difficult.

Tracking user activity with AWS CloudTrail
AWS CloudTrail is a Web service that keeps track of AWS API calls. Learn to turn on AWS CloudTrail and to find and read log files.

Trending Terms
Amazon Web Services
Amazon S3
AWS Directory Service

Quiz Yourself
The AWS portfolio ______ more than 100 services, including those for compute, databases, infrastructure management, application development and security.
a. comprises
b. composes

August 8, 2018  10:30 PM


Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

A RESTful API is an application program interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. Continued…

Quote of the Day

“With REST APIs, you can integrate storage management with your own scripts, which makes IT more flexible and programmable.” – Gábor Nyers

Learning Center
How to use REST APIs in Python
It’s important for storage administrators who are after open management to know a little bit about using REST APIs in Python.

What the future of RESTful API design holds for developers
What does the future hold for RESTful API design? Is it winning over the old SOA crowd? Tom Nolle discusses what developers and architects can expect.

How the Docker REST API can be turned against enterprises
A Docker REST API can be abused by attackers to escalate privileges and remote execute code. Find out about the dangers of Docker APIs.

When data APIs go neglected, business intelligence suffers
In 2018, management of data APIs must improve to help BI and analytics teams access data and handle data silos more effectively.

GraphQL vs. REST: Nailing down the pros and cons of each
This article explores the considerations developers should take when deciding between GraphQL vs. REST, including data structure and management needs.

Trending Terms

Quiz Yourself
We use Amazon S3 to ________ local storage.
A. complement
B. supplement

August 7, 2018  10:16 PM

API economy

Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

API economy is the exposure of an organization’s digital services and assets through application programming interfaces (APIs) in a controlled way. Continued…

Quote of the Day

“Even enterprises that recognize the value of APIs often treat them as an afterthought on a project list rather than a core feature.” – Chris McNabb

Learning Center
Connecting applications in the API economy
MuleSoft’s Ross Mason discusses how the API economy is becoming the new normal and why APIs are essential for connecting apps.

What CIOs, developers should know about the ‘API economy’
‘API economy’ is a catchphrase fueled by evidence that APIs are a rapidly expanding economic force.

Strong API strategy matters in growing API economy
As API technology advances and the API economy grows in importance, IT must implement a strong API strategy to ensure adequate multiple version control.

API management for microservices: Why it matters and how to do it
This tip takes an in-depth look at the challenges that API management for microservices can bring and how they can be best overcome.

Why use new lifecycle tools in API management platforms?
Having trouble with API quality assurance, versioning and retirement? Take a look at API management platforms that assist with lifecycle control.

Trending Terms
open API
API management
API gateway
cloud storage API
API management platform

Quiz Yourself
In a lifecycle-focused API management platform, specific types of software manage each stage of the _____ lifecycle.
B. API’s

August 6, 2018  9:56 PM

API gateway

Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

An API gateway is programming that sits in front of an application programming interface (API) and acts as a single point of entry for a defined group of microservices. Continued…

Quote of the Day

“Overall, a strong API strategy allows software development to move faster, because you don’t build from the ground up each time.” – Ross Mason

Learning Center
Manage APIs with connectivity-led strategy to cure data access woes
Traditional IT created data silos that cause data access and delivery problems today. MuleSoft founder Ross Mason explains how to manage APIs with a connectivity-led strategy to achieve real-time data access and how APIs speed the adoption of new technologies, such as AI and FaaS.

Healthcare APIs get a new trial run for Medicare claims
In another move toward interoperability, Blue Button 2.0 is the latest in a series of healthcare APIs to try to standardize data delivery to patients and others. Here’s why 500 developers are giving the Medicare claims API a look.

How to combine API and microservices management
This article takes a critical look at how microservices management and API management can be combined to achieve the best of both.

Why use new lifecycle tools in API management platforms?
Having trouble with API quality assurance, versioning and retirement? Take a look at API management platforms that assist with lifecycle control.

A roundup of the top API management tools available today
Choosing the right API management tools for your needs may seem like a daunting task. Use this product roundup to point you in the right direction.

Trending Terms
API management
Amazon API Gateway
cloud storage API
AWS Lambda

Quiz Yourself
If you’re not _______ well-versed in microservices and containers, you’re running at the back of the pack.
A. already
B. all ready

August 3, 2018  9:52 PM


Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

A malvertisement (malicious advertisement) is an advertisement on the Internet that is capable of infecting the viewer’s computer with malware. Continued…

Quote of the Day

“To reduce the risk of malvertising attacks affecting the enterprise, security teams should follow general endpoint antimalware advice such as keeping up to date with patches, not running as an admin and so on.” – Nick Lewis

Learning Center
Malvertising campaign tied to legitimate online ad companies
Several online advertising companies were implicated in a Check Point Research report on an extensive malvertising campaign that involved more than 10,000 compromised WordPress sites.

How does the Stegano exploit kit use malvertising to spread?
The Stegano exploit kit is being spread through a malvertising campaign found on major websites. Find out how organizations can prevent malvertising.

Healthcare breaches drop, but ransomware attacks rise
Healthcare breaches of patient data dropped in 2017, but ransomware incidents increased, and the insider threat remained strong.

New cloud threats as attackers embrace the power of cloud
Here’s a look at the top cloud threats in 2018 and some guidelines for protecting platforms and infrastructure in public clouds.

Android vulnerability: How can users mitigate Janus malware?
Android recently disclosed a new Android vulnerability — dubbed Janus — that injects malicious code into reputable apps and infects systems. Discover how this vulnerability works with expert Nick Lewis.

Trending Terms
identity theft

Quiz Yourself
The CEO thought everyone could ______ easily once the antivirus software was updated but unfortunately the company wasn’t protected against social engineering tactics.
a. breath
b. breathe

August 2, 2018  9:30 PM


Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

Zero-day is a flaw in software, hardware or firmware that is unknown to the party responsible for patching or otherwise fixing the flaw. Continued…

Quote of the Day

“Zero-day vulnerabilities are presumably unknown by the software creator, so there is no way to patch the software to defend against the vulnerability.” – Russ White

Learning Center
New Walmart CISO discusses protecting the world’s largest retailer
In part two of a wide-ranging interview, Walmart CISO Jerry Geisler, who stepped into the role in January, talks about evaluating the Fortune 1 retailer’s security posture, ‘three big buckets’ the company is focused on right now and advances in its cloud strategy.

Zero-day Telegram vulnerability exploited for cryptomining
A zero-day Telegram vulnerability discovered by Kaspersky Lab was used by Russian cybercriminals to spread cryptomining malware.

Microsoft patches Internet Explorer zero-day ‘Double Kill’
For May 2018’s Patch Tuesday, Microsoft fixed an Internet Explorer zero-day vulnerability that was actively exploited in the wild by an advanced persistent threat group.

Understanding the exploit market: How data breaches happen
Quickly upgrading software with the latest patches is essential when you understand how data breaches happen and how the exploit market can work against you when you have network and system vulnerabilities. Our expert walks you through how attackers take advantages of vulnerabilities.

Adobe zero-day fix precedes June Patch Tuesday
An Adobe zero-day exploit stole the attention of administrators before Microsoft addressed about 50 security updates this June Patch Tuesday. Find out which vulnerabilities to prioritize this month and how to address the updated advisory for the Spectre vulnerability.

Trending Terms
advanced persistent threat
vulnerability scanner
Google Project Zero
Patch Tuesday

Quiz Yourself
Ransomware hasn’t been in the news for _______ but it seems to be making a comeback.
a. a while
b. awhile

August 1, 2018  10:01 PM

spear phishing

Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Continued…

Quote of the Day

“The best way for IT to improve email phishing security is through comprehensive testing, which helps identify which users are susceptible and what type of fake email is most effective.” – Kevin Beaver

Learning Center
LifeLock vulnerability exposed user email addresses to public
A LifeLock vulnerability exposed millions of customers’ email address to anyone with a web browser, according to a report from Brian Krebs, and it jeopardized anyone using the identity theft protection service.

Physical security keys eliminate phishing at Google
Following a requirement for Google employees to use physical security keys, successful phishing attempts were completely eliminated, at least in part, because of the ease of U2F.

Russian intelligence officers indicted for DNC hack
As part of special counsel Robert Mueller’s investigation into Russian interference with the 2016 presidential campaign, a grand jury indicted 12 members of Russia’s GRU for the DNC hack, as well as other malicious activity.

Phishing threats still dwarf vulnerabilities, zero-days
Email security vendor Proofpoint released its Human Factor 2018 report, which details how phishing threats are evolving and still beating enterprise defenses.

Seven factors that make up an effective email phishing test
An effective phishing test should feature emails that include typical phishing indicators, such as misspelled company names. IT pros must have the support of management to effectively run a test, and they should include everyone in the company.

Trending Terms
Trojan horse
social engineering

Quiz Yourself
Exploit kits allow non-technical threat actors to do ____ of damage.
A. a lot
B. alot

July 31, 2018  9:32 PM

application whitelisting

Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system. Continued…

Quote of the Day

“With application whitelisting, admins can create a list of approved apps users can work with. This way, users cannot accidentally open an app containing ransomware.” – Brien Posey

Learning Center
Mobile application management tools balance service and cost
Stand-alone mobile application management tools often provide more flexibility and specialized functionality at lower costs. Find out when stand-alone MAM tools could be a better fit for your organization than EMM suites.

How can you whitelist apps and fight ransomware with Windows 10 AppLocker?
Admins should whitelist apps with Windows 10 AppLocker to combat ransomware. Whitelisting creates a curated list of apps users can work with.

How a hybrid whitelisting-blacklisting approach can help enterprises
Application whitelisting isn’t enough. Here’s why a hybrid whitelisting-blacklisting approach is best for enterprise security.

Security for applications: What tools and principles work?
Ensuring security for applications means both designing security in and adding protections from without. Learn what app security tools and strategy work best.

The endpoint security controls you should consider now
Threats to endpoints are changing, and endpoint security controls must adjust to new realities. Learn what steps to take to up endpoint security now.

Trending Terms
application blacklisting
digital signature
application security
Trojan horse

Quiz Yourself
A botnet is a group of computers organized to distribute spam or malware — _________ the owners are typically unaware of the fact.
a. though
b. although
c. even though

July 30, 2018  9:43 PM

industrial control system (ICS)

Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

Industrial control system (ICS) is a general term used to describe the integration of hardware and software with network connectivity in order to support critical infrastructure. Continued…

Quote of the Day

“DHS said Russian hackers first targeted key industrial control vendors in order to steal credentials and access air-gapped and isolated utility networks.” – Michael Heller

Learning Center
DHS details electrical grid attacks by Russian agents
DHS claims Russian agents have performed hundreds of electrical grid attacks, including on utilities that were air-gapped and isolated, with the potential for serious damage.

An introduction to ICS threats and the current landscape
ICS threats have been coming into the spotlight more as attacks happen more frequently. Here’s a review of what ICS security threats can really do if successful.

Creators of Trisis malware have expanded their ICS attacks
The group behind the Trisis malware attacks on industrial control systems has been identified as Xenotime, and it is still active, expanding its efforts to companies across the globe, according to Dragos research.

Triton, Industrial control systems, infrastructure attacks, nation-state
The Trisis malware used in an ICS cyberattack in Saudi Arabia in December is thought to have been made by a nation-state actor and has been freely available.

Dragos’ Robert Lee discusses latest ICS threats, hacking back
In a Q&A at RSA Conference 2018, Dragos CEO Robert Lee talked about how industrial control systems differ from IT systems and the newest looming ICS threats.

Trending Terms
programmed logic controller
IT/OT convergence
ICS security
distributed control system
industrial automation

Quiz Yourself
_______ are common in factory automation, building automation and material handling systems.
a. PLC’s
b. PLCs

July 19, 2018  8:19 PM


Kaitlin Herbert Kaitlin Herbert Profile: Kaitlin Herbert

XMPP is a communications protocol based on Extensible Markup Language (XML). Continued…

Quote of the Day

“When setting up a two-way communication channel, where there is structured data and devices are not memory constrained, use XMPP.” – Sushant Taneja

Learning Center
Better team messaging app security could boost enterprise adoption
Cisco recently unveiled security updates to its Spark service. Team messaging apps, in general, could see greater adoption with these enterprise controls.

GoToMeeting client adds business messaging to chase rivals
The GoToMeeting client is getting business messaging and automated transcription as LogMeIn chases web conferencing rivals Zoom and Cisco Webex.

Cisco eyes blockchain messaging for better security
Vendors, including Cisco, are hoping blockchain messaging can offer more security than the traditional encryption used for group communications.

Standardizing on unified communications standards
Enterprise adoption of unified communications (UC) standards—like SIP, XMPP, SIPconnect 1.1 and TIP—is fast becoming an imperative driven by increased user demand for extranet connectivity and access to UC apps beyond the firewall.

XMPP: IoT protocol winner, or second place to MQTT?
The open, community-based XMPP-IoT standard is entering the wild world of the internet of things, but it may not be the best choice for every IoT deployment.

Trending Terms
instant messaging

Quiz Yourself
No matter how important your message is, if you don’t choose the right delivery channel, the point is ____.
a. mute
b. moot

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: