AI Threat Detection
AI threat detection identifies suspicious activity in digital systems by analyzing patterns in security data and detecting behavior that may indicate a cyberattack.
24/7 Coverage
Cybersecurity Glossary
Explore definitions of common cybersecurity terms, frameworks, and security operations concepts. Written to make complex security language easier to understand.
Last updated: April 30, 2026
Browse by Letter
A
11 termsAutonomous SOC
Autonomous SOC refers to a security operations model where investigations, triage, and response actions are carried out largely by automated systems with minimal human intervention.
Application Vulnerability Management
Application vulnerability management is the continuous process of identifying, prioritizing, and fixing security weaknesses in software before attackers can exploit them.
Asset Discovery
Asset discovery is a critical process for identifying and tracking all hardware and software within an organization, enabling better security, compliance, and cost management across your technology landscape.
Asset Visibility
Asset visibility provides a continuously updated view of all devices, systems, and cloud resources so organizations can monitor, secure, and manage them effectively.
Attack Path Analysis
Attack path analysis maps how attackers could move through your environment by linking together vulnerabilities, identities, and access paths.
Attack Surface Monitoring
Attack surface monitoring finds and tracks every entry point hackers could use before they do—here's how it works and why it matters.
Attribute-Based Access Control (ABAC)
Learn how Attribute-Based Access Control (ABAC) enables fine-grained, context-aware access decisions by evaluating user, resource, and environmental attributes replacing static role-based models with dynamic, adaptive security.
Audit-Ready Evidence
Audit-ready evidence provides clear, verifiable proof that security controls and policies are operating as intended—allowing organizations to demonstrate compliance without scrambling during audits.
Auto-Remediation
Automatically fix security issues the moment they appear, without waiting on manual response.
Automated Threat Intelligence
Automated threat intelligence continuously collects, processes, and analyzes threat data to identify risks faster and help security teams respond before attacks escalate.
B
2 termsBotnets
Understand how botnets, which is a network of millions of compromised devices controlled by attackers, execute massive DDoS attacks, spam campaigns, and data theft.
Blast Radius
Blast radius measures how much damage a security incident can cause based on how far an attacker can move after gaining access.
C
12 termsCVEs
CVEs provide a standardized way to identify and track publicly known cybersecurity vulnerabilities across tools, vendors, and security teams.
CI/CD Security
CI/CD security protects the continuous integration and continuous delivery pipeline by preventing vulnerabilities, misconfigurations, and malicious code from entering software during development and deployment.
Cloud Jacking
Cloud jacking is an identity-driven cyberattack where threat actors hijack cloud accounts and control planes to stealthily exploit resources and exfiltrate data without using malware.
Cloud Misconfiguration
Cloud computing allows organizations to deploy applications, store data, and scale infrastructure quickly. However, the flexibility of cloud platforms also introduces complexity. Each cloud service comes with dozens—or sometimes hundreds—of configuration options controlling access, networking, encryption, logging, and resource behavior. When these settings are implemented incorrectly or left in insecure states, they create security gaps...
Cloud Security
Cloud security protects dynamic cloud environments, applications, and data from cyber threats through automated, identity-centric, and intelligence-driven controls.
Compliance Automation
Compliance automation uses software to continuously track, test, and document controls, replacing manual audit prep with real time visibility.
Configuration Drift
Configuration drift happens when systems slowly diverge from their intended configuration over time, leading to inconsistencies, security vulnerabilities, and management challenges.
Continuous Compliance
Continuous compliance uses real-time monitoring and automation to keep businesses secure, reduce risk, and simplify audits without increasing headcount.
Continuous Control Monitoring
Continuous Control Monitoring is the ongoing process of tracking whether security and compliance controls are functioning correctly, rather than relying on periodic audit checks.
Control Mapping
Control mapping is the strategic process of linking internal security safeguards to multiple regulatory requirements, enabling organizations to "build once and comply many times."
CSPM
CSPM monitors cloud environments for misconfigurations and security gaps, helping teams detect and fix risks before they lead to breaches.
Cyber Resilience
Cyber resilience is the ability of an organization to prepare for cyber threats, withstand attacks, and restore operations quickly without major disruption.
E
3 termsEndpoint Detection and Response (EDR)
Endpoint Detection and Response helps security teams detect suspicious activity on devices and respond quickly before attackers move deeper into the network.
Exposure Management
Exposure management is the practice of continuously identifying, prioritizing, and reducing security weaknesses across an organization’s entire digital attack surface.
External Attack Surface Management
External attack surface management identifies and monitors all internet-facing assets so organizations can find exposed systems, unknown infrastructure, and security weaknesses before attackers exploit them.
F
2 termsFalse Positive in Cybersecurity
A false positive in cybersecurity is an alert that flags harmless activity as malicious, often adding noise that slows down real threat detection.
Fileless Malware
Fileless malware executes entirely in memory using trusted system tools, allowing attackers to stay hidden longer and bypass traditional, file-based security defenses.
H
2 termsHIPAA
HIPAA sets the standard for protecting patient health data, defining how it should be stored, shared, and secured.
Hybrid Cloud Security
Hybrid cloud security protects data and workloads across on-premises and cloud environments by unifying visibility, enforcing consistent policies, and adapting defenses to a distributed, constantly changing attack surface.
I
3 termsInsider Threats
Insider threats exploit trusted access and everyday behavior, making them harder to detect and often more damaging than external cyberattacks.
Identity Threat Detection and Response (ITDR)
Identity Threat Detection and Response (ITDR) protects enterprises by detecting and responding to identity-based attacks before credentials are misused.
Incident Escalation
Incident escalation is the formal process of transferring responsibility to higher-level experts or management to ensure complex security threats are resolved swiftly and effectively.
M
5 termsMalware
Malware is malicious software designed to damage, disrupt, or gain unauthorized access to computers and networks.
Mean Time to Contain (MTTC) in Cybersecurity
Mean Time to Contain (MTTC) measures how quickly a security team can stop a threat from spreading after it’s detected.
Mean Time to Respond (MTTR)
Slow MTTR isn’t just a technical problem—it’s the result of alert overload, manual processes, fragmented tools, and missing context that delay response and increase business risk.
MTBF (Mean Time Between Failures)
MTBF measures how long a system typically runs before it fails, helping teams track reliability and reduce unexpected downtime.
MTTD (Mean Time to Detect)
MTTD measures how long it takes to detect a security incident after it begins, revealing how quickly an organization can spot threats before they escalate.
N
3 termsNetwork Access Control (NAC)
Network Access Control (NAC) ensures only authorized and compliant devices can access your network, reducing risk and enforcing security policies in real time.
Network Detection and Response (NDR)
Network Detection and Response (NDR) continuously analyzes network behavior to uncover stealthy threats that evade traditional security tools, enabling faster detection, deeper visibility, and smarter incident response.
NIST
A practical guide to what NIST is and how its frameworks help organizations manage cybersecurity risk and structure their security programs.
P
2 termsPCI DSS
PCI DSS is a global security standard that defines how organizations must protect cardholder data when storing, processing, or transmitting payment information.
Penetration Testing (Pentesting)
Penetration testing simulates real-world cyberattacks to identify exploitable vulnerabilities and measure true business risk before attackers do.
R
2 termsRisk Register
A risk register is a structured record that helps organizations track security risks, assess their business impact, and prioritize remediation actions.
Risk Acceptance
Risk acceptance is a deliberate decision to acknowledge a cybersecurity or business risk without taking immediate mitigation steps.
S
11 termsSandbox in Cybersecurity
A sandbox in cybersecurity is an isolated testing environment where suspicious files or programs can run safely without risking the main system.
Security Questionnaire
A security questionnaire is a structured set of questions used to evaluate a vendor’s security practices, compliance controls, and ability to protect sensitive data.
SAST
SAST scans code for security flaws during development, helping teams fix vulnerabilities before they reach production.
SCA (Software Composition Analysis)
Software Composition Analysis (SCA) identifies and tracks open source components in your code to detect vulnerabilities, manage licenses, and reduce software supply chain risk.
Secure SDLC
Most software teams don’t set out to ship insecure code. It still happens. Not because developers don’t care, but because security often shows up too late, usually right before release, when fixing issues is slow, expensive, and sometimes ignored. Secure SDLC changes that timing. Secure SDLC, or Secure Software Development Life Cycle, is the practice...
Security Case Management
Modern security teams face an overwhelming volume of alerts, incidents, and investigative tasks. Security operations centers (SOCs) must track suspicious activity, investigate threats, coordinate responses, and document every action taken during an incident. Without a structured system, investigations often become fragmented—spread across emails, spreadsheets, ticketing systems, and multiple security tools. Security case management addresses this...
Separation of Duties
Separation of Duties is a fundamental control that prevents fraud and errors by dividing responsibilities across multiple individuals.
Shadow IT
Shadow IT is the use of unapproved apps and services inside an organization, creating hidden visibility gaps that can increase security risk.
Shift Left Security
Shift left security embeds automated security checks into design and development so teams catch and fix vulnerabilities early—reducing costs, accelerating releases, and preventing production-stage fire drills.
SOC Threat Hunting
SOC threat hunting is the proactive search for hidden threats in an organization’s network before they can cause damage.
SOC2
SOC 2 is a compliance framework that evaluates how organizations protect customer data using the Trust Services Criteria of security, availability, processing integrity, confidentiality, and privacy.
V
3 termsVulnerability Assessment
A vulnerability assessment identifies, analyzes, and prioritizes security weaknesses across systems so organizations can fix risks before they are exploited.
Vulnerability Management
Vulnerability management is the ongoing process of identifying, assessing, and addressing security weaknesses before they can be exploited.
Vulnerability Prioritization
Prioritize vulnerabilities based on real-world risk—not just severity—to reduce remediation backlog, improve MTTR, and focus on what truly threatens your business.