--- title: "What is cybersecurity?" page_name: "Cybersecurity" type: "glossary" slug: "cyber-security" published_at: "2025-02-17" modified_at: "2026-02-27" url: "https://www.sumologic.com/glossary/cyber-security" canonical: "https://www.sumologic.com/glossary/cyber-security" markdown_url: "https://www.sumologic.com/glossary/cyber-security.md" lang: "en" excerpt: "Explore what cybersecurity is, how it works, and why it's important for business. Learn how Sumo Logic enhances your cybersecurity with Cloud SIEM." --- [Glossary](/glossary)# Cybersecurity [A](/glossary#A) [B](/glossary#B) [C](/glossary#C) [D](/glossary#D) [E](/glossary#E) [F](/glossary#F) [G](/glossary#G) [H](/glossary#H) [I](/glossary#I) [J](/glossary#J) [K](/glossary#K) [L](/glossary#L) [M](/glossary#M) [N](/glossary#N) [O](/glossary#O) [P](/glossary#P) [Q](/glossary#Q) [R](/glossary#R) [S](/glossary#S) [T](/glossary#T) [U](/glossary#U) [V](/glossary#V) [W](/glossary#W) [X](/glossary#X) [Y](/glossary#Y) [Z](/glossary#Z) ##### Table of contents ## What is cybersecurity? Cybersecurity refers to the set of processes, policies and techniques designed to protect an organization’s computer systems, networks, and connected devices from cyberattacks, unauthorized access, and data breaches. As the number of cyber threats and malicious software increases, businesses of all sizes, especially those managing critical infrastructure, must adopt cybersecurity best practices to defend against hackers, cybercriminals, and other attackers seeking to exploit vulnerabilities in their digital environments. Key takeaways - Cybersecurity professionals protect organizations from digital attacks and unauthorized access. - Security analysts must review security measures and protocols throughout the IT infrastructure and implement a variety of preventive, detective and retrospective analytical tools to mitigate the consequences of successful attacks, such as identity theft or system downtime. - Effective cybersecurity countermeasures significantly reduce the risk of a data breach that could cost your company millions of dollars. - Sumo Logic Cloud SIEM helps your IT organization respond to threats as they occur, streamline forensic investigations and access the most up-to-date [threat intelligence](https://www.sumologic.com/glossary/threat-intelligence) to maintain your cybersecurity posture. ### How cybersecurity works Cybersecurity is built on a layered defense strategy that includes prevention, detection, and response. Chief Information Security Officers (CISOs) and IT security analysts use multiple tools and frameworks to identify threats, detect suspicious activity, and prevent successful attacks across an organization’s information technology environment. IT organizations deploy a range of versatile tools, such as antivirus software, firewalls, intrusion detection systems, and security information and event management (SIEM) systems, to safeguard against cyber attacks at various points of vulnerability. There is no single cybersecurity tool that can repel all types of attacks from every known attack vector. Security analysts must review security measures and protocols throughout the [IT infrastructure](https://www.sumologic.com/glossary/it-infrastructure) and implement a variety of preventive, detective and retrospective analytical tools to detect cyber attacks and mitigate the consequences of successful attacks. ### Four key areas of cybersecurity We identify four aspects of IT infrastructure that can be secured using cybersecurity tools and technologies. **Application** **security** Today’s applications are often deployed and supported through web-based portals, making them a potential attack vector for cybercriminals. Cybersecurity operatives deploy security measures to prevent hackers from executing cyber attacks against applications. These include preventive measures such as static security testing, web application firewalls and intrusion detection systems. **Network security** Network security is a major focus for IT security analysts. Preventive tools, such as network traffic analysis, firewalls, intrusion detection and prevention systems, threat intelligence, and malware analysis platforms, are deployed to detect and mitigate threats as they occur. Additional technologies such as SIM, SEM and[ SIEM](https://www.sumologic.com/guides/siem) cybersecurity tools, network forensics and security orchestration technologies can be implemented to detect attacks that are in progress, identify possible security threats, and perform a retrospective analysis of detected anomalies or outlier data that could indicate a breach. **Endpoint security** Network endpoints represent an especially vulnerable attack vector, as mobile endpoints such as laptops, mobile phones or tablets may be taken off-site and used to access unsecured networks. Endpoints can be secured using technologies such as host-based intrusion detection, anti-virus and anti-spyware software applications, and device firewalls. Processes such as mobile device management and regular patching updates can help maintain the security posture of network endpoints. **Cloud security** The [SaaS](https://www.sumologic.com/glossary/saas) delivery model for cloud services has resulted in enterprise organizations accessing increasing numbers of applications through web-based application portals. Organizations that subscribe to [platform-as-a-service](https://www.sumologic.com/glossary/paas) (PaaS), [infrastructure-as-a-service](https://www.sumologic.com/glossary/infrastructure-as-a-service) (IaaS), or other types of cloud services may face additional exposure to cybersecurity vulnerabilities through these potential attack vectors. Technologies such as data discovery and classification, anomaly detection, and forensic analysis can be used to prevent, detect, and analyze threats to cloud-based IT infrastructure. Developers will gather the needs for that specific feature, design and code it, test it, receive feedback from customers, and test for errors before finalizing the code. ### Why cybersecurity is important for business In today’s technological environment, organizations of all sizes are capturing, creating and storing massive amounts of sensitive data. While this data can be used to inform decision-making and drive value creation, it can also be stolen by cyber attackers with dramatic consequences for the business. We identify three major risks that businesses and IT organizations can mitigate through effective cybersecurity processes and countermeasures. **Cybersecurity supports compliance with standards and regulations** If your organization collects payment card information from its customers, you are responsible for complying with the [Payment Card Industry Data Security Standard (PCI DDS)](https://www.sumologic.com/app-catalog/pci-compliance). If you collect health care information, such as payment records from Americans, you are probably covered by the Health Insurance Portability and Accountability Act (HIPAA). You may want to maintain an [ISO 27001 Information Security Management](https://www.sumologic.com/security/platform-security/) certificate, which requires you to establish effective controls to protect data security and privacy. Whatever the case, failure to maintain cybersecurity in these instances could result in legal fines and penalties, loss of certification, or a loss of trust with payment card companies, which could ultimately harm your business. **Cybersecurity protects services from unplanned downtime** Organizations of all sizes rely on the uninterrupted functioning of core applications to support their most important revenue-driving business processes. For large organizations, the cost of application outages can easily reach the thousands, hundreds of thousands, or even millions of dollars in cases where the outage lasts for much longer than is acceptable. While many cyber attackers are focused on stealing data that can be sold in illegal marketplaces, cyber attackers can also be initiated by competitor companies who wish to gain an edge by attacking your systems and services. The financial impact of service outages varies from company to company, with estimates ranging from $90,000 per hour for media companies to nearly $6.5 million per hour for large online financial brokerages. Organizations that implement the necessary procedures and systems to maintain cybersecurity benefit from the reduced application and network downtime that has a direct return on investment for the organization. **Cybersecurity prevents costly data breaches** Data breaches are enormously expensive and most IT organizations today are shockingly ineffective at preventing, containing or even detecting them when they happen. For organizations that respond late to data breaches, the pain doesn’t end there. Notification costs, fines and penalties, regulatory compliance audits, and litigation can all stem from a single data breach where sensitive customer information is compromised. Effective cybersecurity countermeasures significantly reduce the risk of a data breach that could cost your company millions of dollars. ### Enhance your cybersecurity with Sumo Logic When it comes to maintaining cybersecurity throughout your IT infrastructure, organizations must develop capabilities to prevent attacks as they happen, detect and identify possible security threats and forensically analyze data to investigate anomalies and outliers. [Sumo Logic Cloud SIEM](https://www.sumologic.com/solutions/cloud-siem) benefits your IT organization with data-driven [threat detection](https://www.sumologic.com/solutions/threat-detection-investigation) and automated incident response capabilities with custom alerts. Sumo Logic helps your IT organization respond to threats as they occur, streamline forensic investigations and access the most up-to-date threat intelligence to maintain your cybersecurity posture. [Learn how Sumo Logic Cloud SIEM helps you detect and respond to threats](https://www.sumologic.com/guides/siem). ### FAQs How do SIEM tools work?+SIEM delivers superior incident response and enterprise security outcomes through several key capabilities, including: **Data collection** – SIEM tools aggregate event and system logs and security data from various sources and applications in one place. **Correlation** – SIEM tools use various correlation techniques to link bits of data with common attributes and help turn that data into actionable information for SecOps teams. **Alerting** – SIEM tools can be configured to automatically alert SecOps or IT teams when predefined signals or patterns are detected that might indicate a security event. **Data retention** – SIEM tools are designed to store large volumes of log data, ensuring that security teams can correlate data over time and enabling forensic investigations into threats or cyber-attacks that may have initially gone undetected. **Parsing, log normalization and categorization** – SIEM tools make it easier for organizations to parse through logs that might have been created weeks or even months ago. Parsing, log normalization and categorization are additional features of SIEM tools that make logs more searchable and help to enable forensic analysis, even with millions of log entries to sift through. What are some example use cases for SIEM?+Popular SIEM use cases include: **Compliance** – Streamline the compliance process to meet data security and privacy compliance regulations. For example, to comply with the PCI DSS, data security standards for merchants that collect credit card information from their customers, SIEM monitors network access and transaction logs within the database to verify that there has been no unauthorized access to customer data. **Incident response** – Increase the efficiency and timeliness of incident response activities. When a breach is detected, SecOps teams can use SIEM software to quickly identify how the attack breached enterprise security systems and what hosts or applications were affected by the breach. SIEM tools can even respond to these attacks through automated mechanisms. **Vulnerability management** – Proactively test your network and IT infrastructure to detect and address possible entry points for cyber attacks. SIEM software tools are an important data source for discovering new vulnerabilities, along with network vulnerability testing, staff reports and vendor announcements. **Threat intelligence** – Collaborate closely to reduce your vulnerability to advanced persistent threats (APTs) and zero-day threats. SIEM software tools provide a framework for collecting and analyzing log data that is generated within your application stack. With UEBA, you can proactively discover insider threats. What is Security Information and Event Management (SIEM)?+[SIEM](https://www.sumologic.com/glossary/siem) software combines the capabilities of security information management (SIM) and security event management (SEM) tools. SIM technology collects information from a log consisting of various data types. In contrast, SEM looks more closely at specific types of events. Together, you can collect, monitor and analyze security-related data from automatically generated computer logs while centralizing computer log data from multiple sources. This comprehensive security solution enables a formalized incident response process. Typical functions of a SIEM software tool include: - Collecting, analyzing and presenting security-related data - Real-time analysis of security alerts - Logging security data and generating reports - Identity and access management - Log auditing and review - Incident response and security operations [Learn more](https://www.sumologic.com/glossary/siem) [AI Instructions](https://www.sumologic.com/ai-instructions.md)