Glossary

AAPM
AAPM (Application to Application Password Manager) module enables secure password exchange between applications.
account
accounts
Account defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.
Active Directory
Users authorization and authentication in Windows domain.
AD
Active Directory - users authorization and authentication in Windows domain.
Azure
Microsoft Azure is a cloud computing service operated by Microsoft for application management via Microsoft-managed data centers.
anonymous safe
An anonymous safe has at least one anonymous account assigned to it and it can only have that type of accounts assigned. You cannot assign users to anonymous safes.
AUROC
Area Under ROC curve (AUROC) is a single metric representing model quality (the higher the better).
ARP
Address Resolution Protocol - protocol used for mapping Internet layer addresses (IP addresses) to the physical - link layer addresses (MAC addresses).
CERB
Complete user authentication and authorization solution, supporting different authentication methods i.e., mobile token (mobile phone application), static password, SMS one-time passwords, etc.
CIDR
Short notation of network addressing, in which the IP address is written according to the IPv4 standard, and the subnet mask is provided as a number of 1 in the subnet mask in binary system (192.168.1.1 - 255.255.255.0; 192.168.1.1/24).
data retention
Data retention mechanism automatically deletes session data after define time period transpires.
DHCP
Mechanism for dynamic IP addressing management i LAN networks.
DNS
Domain Name Server - name server service which maps IP addresses to hosts names which are easier to remember.
DUO
is a mobile application that works with Duo Security’s two-factor authentication service. The application generates passcodes for login and can receive push notifications for authentication.
Efficiency Analyzer/Productivity Analyzer
Efficiency Analyzer/Productivity Analyzer module delivers statistical information on users’ activity.
external authentication server
Server storing user data used for verification of user login credentials when connecting to Fudo Enterprise or the monitored server.
False Positive Rate
False Positive Rate (FPR) is the percentage of legitimate sessions inappropriately identified as malicious (the lower the better).
Fingerprint
Characters string being a result of a hash function on input data, allowing to determine if the input data has been altered.
fudopv
AAPM module script, installed on the server, which enables secure password exchange between applications.
heartbeat
Network packet used for informing other cluster nodes about machine’s current state. If a cluster node does not receive a heartbeat packet in a given timeframe, it will take over the master node role and will start processing users’ requests.
hot-swap
Hot-swap mechanism enables replacing hardware components without the necessity to turn the system off.
Kerberos
A network authentication protocol that uses secret-key cryptography to provide strong authentication for client-server applications by enabling secure identity verification over non-secure network connections.
LDAP
Lightweight Directory Access Protocol - distributed catalog services management and access protocol in IP networks.
listener
Listener determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.
OATH
Open Authentication - open standard enabling implementation of strong, two-factor user and devices authentication.
OCR
Optical Character Recognition - image processing for identifying and indexing text.
Okta
Okta provides cloud software to manage and secure user authentication into applications.
OpenID Connect
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol.
password changer
Tool which enables facilitating automated password changing on a server.
passwords repository
Passwords repository manages password to privileged accounts on monitored hosts.
policy
Mechanism which enables defining patterns which in case of being detected will trigger defined actions.
PSM (Privileged Session Management)
PSM module is used for recording remote access sessions.
PSM
PSM (Privileged Session Monitoring) module enables monitoring and recording remote access sessions.
Public key
Authentication method which uses a pair of keys - private (held only by the user) and public (publicly available) to determine user’s identity.
RADIUS
Remote Authentication Dial In User Service - networking protocol used to control access to different services within IT infrastructure.
RDP
Remote Desktop Protocol - remote access protocol to computer systems running Microsoft operating system.
RDP connections broker
Remote sessions management mechanism for server farms.
redundancy group
Defined group of IP addresses, which in case of a system failure, will be seamlessly carried over to another cluster node to maintain the availability of the services.
safe
Safe directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.
server
servers
Server is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.
shared session
User session which was joined by another user.
SMS
is a text messaging service component of most telephone, and mobile device systems.
SSO
is a user authentication process that allows a user to access multiple applications with one set of login credentials, enhancing convenience and security by reducing the need for multiple passwords.
SSH
Secure Shell - networking protocol for secure communication with remote systems.
SSH access
Service access to Fudo Enterprise over SSH protocol.
Static password
Basic user authorization method which uses login and password combination to determine users’s identity.
Syslog
Events logging standard in computer systems. Syslog server collects and stores log data from networked devices, which can be later used for analysis and reporting.
Threat Probability
Threat probability is a percentage-wise value that reflects a threat level of the session.
time policy
Time policy mechanism enables defining time periods during which users are allowed to connect to monitored hosts.
timestamp
Session data hash value, which enables verifying that the data has not been modified.
True Positive Rate
True Positive Rate (TPR), sometimes called Recall - is a percentage of malicious sessions properly flagged by the model as suspicious (the higher the better).
user
User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.
VLAN
Virtual networks mechanism, enabling separation of broadcast domains.
VNC
Remote access protocol to graphical user interfaces.
WWN
World Wide Name - unique object identifier in external storage solutions.