Glossary of Terms
Alternate Exhaust Interface |
An eth2 interface configured (optionally) to contain analysis engine CnC traffic off the management network (eth0). |
Anti-SIEM |
A Juniper ATP Appliance Advanced Threat Analytics (ATA) feature that allows for more detailed endpoint and log ingestion handling, management and reporting; includes Active Directory, Splunk and Direct Log Ingestion options. |
AWS |
Amazon Web Services and EC2 management console from which Juniper ATP Appliance administrators can configure vCore AMI images. |
Blocklist |
A list or register of entities to be denied a specified access or privilege. During detection engine analysis, when content matches any pattern on the blocklist, the content is deemed malicious and therefore an alert or block action is enacted immediately. |
Collector |
Juniper ATP Appliance’s Traffic inspection and object collection mechanism |
CnC server |
Command and control server that directs the operation of a botnet. |
CLI |
Command-line interface. The Juniper ATP Appliance has a CLI interface for administering the appliance. |
CM |
The Juniper ATP Appliance Central Manager component that has a web-based graphical user interface. |
Darkspace |
Currently unused address space. |
DHCP |
Dynamic Host Configuration Protocol. |
DMZ |
Demilitarized zone. An area of the network where systems have direct access to the Internet or an external network. |
DNS |
Domain Name Service. |
Event |
Indicates a type of security intrusion or attack. |
Greylist |
Greylists provide control over the priority of workorders for known IP addresses and URLs. Greylists contain files that contain either URLs or IP addresses and are used by the Juniper ATP Appliance analysis engines to check if the specified URLs or IP addresses contain a malicious rule match. |
GUI |
Graphical user interface. The Juniper ATP Appliance uses a web-based GUI for managing the appliance. |
Known botnet server bot command |
Events that are triggered when the appliance sees any of the common IRC bot commands or detects any communication sent to known botnet servers. |
Lateral Detection |
East-west detection of malware within the enterprise spread from endpoint host to host. |
Malware |
Malicious software used by attackers to disrupt, control, steal, cause data loss, spy upon, or gain unauthorized access to computer systems. |
NTP |
Network Time Protocol. |
OS-anomaly |
Events that indicate modification of the operating system. |
OSPF |
Open Shortest Path First. A protocol that computes an optimal path for traffic in a TCP/IP network. |
Sandbox mode |
A mode in which malware is permitted to run, but results of the malware action are restricted to the virtual machine and not permitted to escape. |
SNMP |
Simple Network Management Protocol. |
spyware |
A type of malware installed on computers that collects small pieces of information about user(s) it is spying on. |
SSL |
Secure Sockets Layer. |
TLS |
Transport Layer Security. |
VLAN |
Virtual Local Area Network. |
VM |
Virtual Machine. A software program that runs an instance of an operating system. The operating system runs on top of a program that emulates a hardware system. |
Worm |
A self-replicating malware program that uses a computer network to send copies of itself to other computers. This may be done without any user intervention. |
Zero-day attack |
An attack by malware that exploits unknown or newly discovered vulnerabilities in software before they become known or before security patches are applied to fix them |