Cybersecurity Glossary

Security mechanisms that restrict user or system access to specific resources based on identity, roles, and predefined permissions. Essential for enforcing the principle of least privilege.

A sophisticated, prolonged, and targeted cyberattack orchestrated by skilled adversaries (often nation-state actors) who maintain persistent access to a network to exfiltrate sensitive data.

The practice of protecting Application Programming Interfaces from misuse, unauthorized access, and data breaches. Involves authentication, rate limiting, input validation, and monitoring for abnormal behavior.

The total sum of all possible entry points (vulnerabilities) where an attacker could try to penetrate a system or network. Includes hardware, software, cloud infrastructure, and human factors.

The process of verifying the identity of a user, device, or system before granting access. Common methods include passwords, biometrics, security tokens, and multi-factor authentication (MFA).

The security process that determines what resources, data, or actions an authenticated user or system is permitted to access. Works hand-in-hand with authentication and access control policies.

A comprehensive set of technologies, policies, controls, and services designed to protect cloud-based infrastructure, applications, and data from unauthorized access, breaches, and compliance violations.

The state of adhering to external laws, regulations, and industry standards (e.g., GDPR, HIPAA, SOC 2, ISO 27001). Ensures organizations maintain proper security controls and audit readiness.

The study of analyzing cryptographic algorithms and protocols to identify mathematical or implementation weaknesses. Contrasts with cryptography, which focuses on creating secure encryption systems.

Evidence-based knowledge about existing or emerging cyber threats, including adversaries, tactics, techniques, and procedures (TTPs). Used to make proactive defense decisions and prioritize security investments.

Distributed Denial of Service. A malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic from multiple compromised sources.

A suite of technologies and policies designed to detect and prevent unauthorized transmission, exfiltration, or misuse of sensitive data. Monitors data in motion, at rest, and in use.

A multi-layered cybersecurity strategy that employs overlapping controls (technical, physical, administrative) across different points. If one layer fails, others remain to block or mitigate the threat.

The scientific process of identifying, preserving, analyzing, and presenting digital evidence from devices and networks. Critical for incident response, legal proceedings, and understanding attack vectors.

The process of converting plaintext data into ciphertext using mathematical algorithms and cryptographic keys. Ensures confidentiality so only authorized parties with the correct key can read the information.

Comprehensive protection of endpoint devices (laptops, desktops, servers, mobile devices) that connect to a network. Includes EDR, antivirus, firewall, and behavioral monitoring to prevent lateral movement.

The authorized practice of simulating cyberattacks against systems, applications, and networks to identify vulnerabilities before malicious actors can exploit them. Also known as penetration testing.

A network security device or software that monitors incoming and outgoing traffic, applying rules to permit or block data packets based on predefined security policies. Acts as a barrier between trusted and untrusted networks.

Structured, standardized sets of guidelines, best practices, and controls for managing cybersecurity risk. NIST CSF and CIS Controls are widely adopted to help organizations build and measure security programs.

A comprehensive framework for managing digital identities, authentication methods, and authorization policies. Ensures the right users have appropriate access to resources while preventing unauthorized entry.

A structured, organized approach to addressing and managing the aftermath of a cybersecurity breach or attack. Includes preparation, detection, containment, eradication, recovery, and post-incident analysis.

A security tool that passively monitors network traffic or system activity for signs of malicious behavior, policy violations, or known attack patterns. Alerts administrators but does not automatically block traffic.

An active network security tool that monitors traffic for malicious activity and automatically takes action to block or prevent identified threats. Operates inline with network traffic for real-time protection.

A defensive model (Lockheed Martin's Cyber Kill Chain) that breaks down a cyberattack into seven stages: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control, and Actions on Objectives.

The lifecycle management of cryptographic keys, including generation, storage, distribution, rotation, and destruction. Critical for maintaining encryption security and regulatory compliance.

Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Includes viruses, worms, trojans, spyware, adware, and ransomware. CyberVault's AI engine detects novel variants in real-time.

A security mechanism that requires users to provide two or more verification factors to gain access. Combines something you know (password), something you have (token/phone), and something you are (biometrics).

A comprehensive, globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Used to evaluate security capabilities, test defenses, and map threat behaviors.

The practice of dividing a computer network into smaller, isolated segments to limit lateral movement, contain breaches, and improve performance. A cornerstone of zero-trust architecture.

National Institute of Standards and Technology. A U.S. federal agency that develops and promotes cybersecurity standards, guidelines, and best practices, including the widely adopted NIST Cybersecurity Framework.

The systematic process of acquiring, testing, and installing software updates (patches) to fix vulnerabilities, improve functionality, or address security flaws in operating systems and applications.

An authorized, simulated cyberattack against a system, network, or application to identify exploitable vulnerabilities. Conducted by certified ethical hackers using real-world attack methodologies.

A social engineering attack where threat actors impersonate trusted entities via email, SMS, or calls to trick victims into revealing credentials, financial data, or executing malicious payloads.

A technique where an attacker exploits a bug, design flaw, or misconfiguration to gain unauthorized elevated access rights (e.g., from standard user to administrator) within a system or network.

Personally Identifiable Information. Any data that can be used on its own or with other information to identify, contact, or locate a single person. Includes names, SSNs, email addresses, and biometric data.

A type of malware that encrypts a victim's files or locks them out of systems, demanding a ransom (usually cryptocurrency) in exchange for decryption keys or restored access. A top threat to enterprises.

Role-Based Access Control. A security model where system access is restricted based on the roles of individual users within an organization. Simplifies permission management and enforces least privilege.

A systematic process to identify, analyze, and prioritize cybersecurity risks to an organization's operations, assets, and people. Helps determine appropriate controls and resource allocation.

A security group authorized to simulate real-world adversarial attacks against an organization's infrastructure, people, and processes. Tests detection capabilities, response workflows, and overall security posture.

Secure Access Service Edge. A cloud-based architecture that combines wide-area networking (SD-WAN) with comprehensive security services (FWaaS, CASB, ZTNA, SWG) into a single, unified service.

Security Information and Event Management. Platforms that aggregate, correlate, and analyze log data from across an organization's infrastructure in real-time to detect threats and meet compliance requirements.

A centralized function that employs people, processes, and technology to continuously monitor, detect, analyze, and respond to cybersecurity incidents. CyberVault operates a 24/7 global SOC.

Psychological manipulation tactics used by attackers to trick individuals into revealing sensitive information, bypassing security controls, or performing actions that compromise security.

The proactive, human-driven process of searching through networks and systems to detect and isolate advanced threats that evade existing security solutions. Goes beyond alert-driven response.

The individual, group, organization, or nation-state responsible for initiating a cyberattack. Motivations vary from financial gain, espionage, hacktivism, to state-sponsored sabotage.

The specific path, method, or channel exploited by a threat actor to infiltrate a target system or network. Examples include email, USB devices, compromised websites, or physical access.

A security framework that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are inside or outside the network perimeter.

A cyberattack that targets a previously unknown software vulnerability before the vendor can develop and release a patch. Highly dangerous due to the lack of existing defenses or signatures.

Zero Trust Network Access. An identity-driven approach to securing network resources that grants users minimal access based on strict policy evaluation, replacing traditional VPNs with granular, app-level security.