Home
Capabilities
Partners
Blog
Get Assessment
Learn the terminology used by security professionals. 50+ terms defined.
A prolonged, targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period. APTs typically target high-value organizations for espionage or data theft.
The total sum of vulnerabilities that can be exploited to carry out a security attack. Includes all entry points, software, hardware, and network components exposed to potential threats.
The defensive security team responsible for protecting an organization's systems, detecting threats, and responding to incidents. Contrast with Red Team (offensive).
An attack method that uses trial and error to guess passwords, encryption keys, or other credentials by systematically trying all possible combinations.
A standardized system for identifying and cataloging publicly known security vulnerabilities. Each CVE has a unique ID (e.g., CVE-2024-1234).
A standardized scoring system (0-10) that rates the severity of security vulnerabilities. Critical (9.0-10.0), High (7.0-8.9), Medium (4.0-6.9), Low (0.1-3.9).
An attack that overwhelms a target server, service, or network with traffic from multiple sources, making it unavailable to legitimate users.
Security solutions that monitor endpoints (computers, servers, mobile devices) for suspicious activity, provide visibility into threats, and enable rapid response to incidents.
The process of encoding data so that only authorized parties can access it. Uses algorithms and keys to transform plaintext into ciphertext.
A network security device or software that monitors incoming and outgoing traffic and permits or blocks data packets based on a set of security rules.
Evidence that a security breach has occurred. Examples include unusual network traffic, suspicious file hashes, or known malicious IP addresses.
A security process requiring two or more verification methods to access an account: something you know (password), something you have (phone), or something you are (biometrics).
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Used to classify and describe cyberattacks and develop threat models.
A simulated cyberattack against your systems performed by ethical hackers to find and exploit vulnerabilities before malicious attackers do. Also called "pen testing."
A social engineering attack using deceptive emails, websites, or messages to trick victims into revealing sensitive information like passwords or credit card numbers.
Malware that encrypts a victim's files and demands payment (ransom) for the decryption key. Often spreads via phishing emails or exploiting vulnerabilities.
An offensive security team that simulates real-world attacks to test an organization's defenses. They think and act like attackers to find weaknesses.
Software that aggregates and analyzes security data from across an organization's IT infrastructure to detect threats and generate alerts.
A centralized team (in-house or managed) that monitors, detects, analyzes, and responds to security incidents 24/7 using technology and processes.
An attack that inserts malicious SQL code into a query, allowing attackers to view, modify, or delete database data. One of the most common web vulnerabilities.
Evidence-based knowledge about existing or emerging threats, including indicators of compromise, threat actor tactics, and vulnerability information.
A weakness in a system, application, or process that can be exploited by attackers. Vulnerabilities can exist in software, hardware, or human processes.
A service that creates a secure, encrypted connection over a less secure network (like the internet), protecting data in transit from eavesdropping.
A vulnerability unknown to the software vendor with no available patch. "Zero-day" refers to the fact that developers have had zero days to fix the flaw.
A security framework requiring all users, inside or outside the network, to be authenticated, authorized, and continuously validated before accessing applications and data.
Get a professional assessment from our certified experts.
Request Assessment →