Glossary

Advanced persistent threat (APT)

A sophisticated targeted attack against the corporate IT infrastructure that simultaneously uses different methods to infiltrate the network, hide on the network, and gain unobstructed access to confidential data.

Anti-Phishing

KSMG component designed to detect messages that are classified as phishing.

Anti-Spam

KSMG component designed to detect messages that are classified as spam.

Anti-Spam Quarantine

A Backup location where email messages are temporarily kept if the Anti-Spam module is unable to assign a final status after a scan.

Anti-Virus

KSMG component designed to detect viruses in email messages and email attachments.

Backup

Special storage for originals of email messages processed by the application.

If a processing rule applied to the message has "Place the message in Backup" configured in its settings, the application places the original message in Backup regardless of the configured action.

Backup Digest

An email summary that is sent on a schedule and includes information about the latest received emails placed in the user's personal Backup.

BEC attack

Business Email Compromise (BEC) refers to fraudulent business correspondence for the purpose of committing financial fraud, acquiring confidential information, or undermining the reputation of a company. A BEC attack normally involves an entire sequence of actions that ultimately provide hackers with the opportunity to begin correspondence with an employee of a company, gain that employee's trust through the use of social engineering techniques, and persuade the employee to perform actions that conflict with the interests of the company and/or its customers.

Certificate fingerprint

Information that can be used to confirm the authenticity of a server certificate. The fingerprint is created by applying a cryptographic hash function to the content of the server certificate.

Cluster

Group of servers that have KSMG installed and are combined for centralized management through the application web interface.

Content Filtering

KSMG component designed to scan the content of messages for matches with search templates configured by the administrator.

Content Filtering condition

Message attribute and the corresponding search template.

Content Filtering dictionary

A list of values that can be reused in conditions from different Content Filtering expressions.

Content Filtering expression

A set of settings for Content Filtering of messages. Expressions contain Content Filtering conditions, logical connectives of a certain type that interrelate conditions, and the action to be performed with the message if the expression is triggered.

Control node

Application component which allows the administrator to manage application settings using the web interface. The Control node monitors the state of Secondary nodes and provides them with settings and added license keys.

Directory service

A software system that can store information about network resources (such as users) in one place and provides centralized management capabilities.

DKIM Mail Sender Authentication

Verification of the digital signature added to messages.

DMARC Mail Sender Authentication

Verification that determines the policy and actions taken on messages based on the results of SPF and DKIM Mail Sender Authentication.

Email notification

An email message describing an application event or a message scan event, which KSMG sends to the specified email addresses.

Heuristic analysis

Technology designed to detect threats that cannot be detected using the current version of Kaspersky application databases. It detects files that may be infected with an unknown virus or a new variety of a known virus.

Kaspersky Anti Targeted Attack Platform

Solution designed for the protection of a corporate IT infrastructure and timely detection of threats such as zero-day attacks, targeted attacks, and complex targeted attacks known as advanced persistent threats (hereinafter also referred to as "APT").

Kaspersky Private Security Network

A solution that allows users of Kaspersky anti-virus applications to access Kaspersky Security Network data without sending their own information to Kaspersky Security Network servers.

Kaspersky Security Center

A solution designed for performing basic management and servicing tasks for the organization's network protection system in a centralized way. The application gives the administrator access to detailed information about the security level of the organization's network and allows configuring all protection components relying upon Kaspersky applications.

Kaspersky Security Network (KSN)

An infrastructure of cloud services that provides access to the Kaspersky online Knowledge Base, which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures that Kaspersky applications respond faster to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.

Kerberos authentication

A mechanism for mutual authentication of the client and the server before establishing a connection between them, which allows sending data over insecure networks. The mechanism is based on using a ticket that is given to the user by a trusted authentication center.

Key file

A xxxxxxxx.key file that allows using a Kaspersky application according to the terms of a trial or commercial license.

Keytab file

A file containing pairs of unique names (principals) for clients that are allowed to use Kerberos authentication and encrypted keys derived from the user password. Keytab files are used in systems with Kerberos support to authenticate users without having to enter a password.

LDAP

Lightweight Directory Access Protocol for accessing directory services.

Malicious links

Web addresses leading to malicious resources, that is, web resources designed to spread malware.

Moebius service

Instant Anti-Spam database update service that allows to install critical updates in real time.

MTA

Mail Transfer Agent is an agent that handles message sending between mail servers.

NTLM authentication

An authentication mechanism that works through requests/responses between the server and the client without transmitting the user's password as plaintext over the network. The request and response are encrypted with hashes of the user password that are sent over the network. By skimming network traffic, hackers can gain access to password hashes, which makes this mechanism less secure than Kerberos authentication.

Personal user

An Active Directory domain user for which Single Sign-On (SSO) authentication with the application is configured, and which does not have any role assigned.

Phishing

A type of Internet fraud aimed at obtaining unauthorized access to users' confidential data.

Privileged user

A user that has access to the functionality of the application management console. The items available in the management console menu depend on the role that is assigned to the user.

PTR record

A DNS record establishing a correspondence between the IP address of a computer and its domain name.

Reputation filtering

A cloud service that uses technologies for determining the reputation of messages. Information about new kinds of spam appears in the cloud service sooner than in Anti-Spam module databases, making it possible to improve the speed and accuracy of spam detection.

SCL rating

Spam Confidence Level is a special tag used by Microsoft Exchange mail servers to measure the probability that a message contains spam. The SCL rating can range from 0 (minimum probability of spam) to 9 (the message is most likely spam). Kaspersky Secure Mail Gateway can change the SCL rating of a message depending on the message scan results.

Secondary node

Application component that scans email traffic in accordance with message processing rules. The Secondary node receives settings configured by the administrator from the Control node.

Service Principal Name (SPN)

Unique service ID on the network for Kerberos authentication.

SIEM system

SIEM system (Security Information and Event Management) is a solution for managing information and events in an organization's security system.

SMTP verification

SMTP verification of email addresses involves verifying the existence of recipient email addresses.

SNMP agent

A network management software module of Kaspersky Secure Mail Gateway that tracks information about application performance.

SNMP trap

An application event notification sent by the SNMP agent.

Spam

Unsolicited mass mailing of emails, most often including advertisements

SPF Mail Sender Authentication

Comparison of IP addresses of mail senders with the list of possible message sources that has been created by the mail server administrator.

Spoofing

A type of attack based on the falsification (spoofing) of transmitted data. Spoofing may be aimed at obtaining elevated privileges, primarily through bypassing the verification mechanism by generating a request similar to an authentic request. One variant of spoofing is to forge an HTTP header to gain access to hidden content.

The goal of spoofing may also be to deceive a user. A classic example of such an attack is the falsification of the sender's address in emails.

Update source

A resource containing Anti-Virus database updates of the KSMG application. The source of anti-virus database updates can be Kaspersky update servers, an HTTP- or FTP server, or a local or network folder.