Cybersecurity Glossary & Terminology

Explore our comprehensive cyber security glossary, featuring essential terms and concepts to help you stay informed and protected.

Advanced Persistent Threat

Advanced Persistent Threats (APTs) are typically initiated and executed by state actors or cybercriminal organizations with plentiful resources, and these threats have more staying power than typical, everyday threats that organizations might encounter, as they are designed to have a long-term presence in a network.

Related Links

Attack Surface Management

Attack surface management (ASM) involves continuous discovery, rapid analysis, remediation, and ongoing monitoring of vulnerabilities within a system and across all potential attack vectors within an organization’s attack surfaces.

Related Links

Cyber Insurance

Cyber insurance is exactly what it sounds like: insurance coverage to help protect businesses from the losses and impacts that could result from a cyberattack. This coverage can include things like data breaches, theft of personal identifiable information (PII), theft of data, network breaches, terrorist attacks, or attacks occurring on or against global IT or physical infrastructure (i.e., not just within the United States).

Related Links

Data Collection

This is a systematic on-premise and/or cloud-based (virtual) solution used to gather logs and collect, analyze, and store that data for security purposes.

Data Source

Any technology or data source that sends telemetry to a designated platform, sensor, or log.

Endpoint Management

Endpoint Management is a broad term used to describe many administrative capabilities over endpoint devices. These are defined by a variety of factors, including:

Endpoint Security

Endpoint security is designed to identify and stop the successful deployment of malware and other endpoint attack vectors from compromising endpoint system devices. Those devices typically include users' systems like PCs, laptops, and mobile devices. At a network level, this also includes virtual and hardware applications, server database, and email servers.

Related Links


The process of adding relevant contextual information to improve the value of detection event/alert data.

Event Source

A security source providing security-related event occurrences within a customer’s environment.

Incident Response

An organized approach to addressing and managing what happens after a security breach or cyberattack, also known as an IT incident, computer incident, or security incident occurs. The goal is to manage the situation to reduce and limit damage, and to minimize recovery time and costs.

Related Links

Ingested Data

The importing of relevant data files at scale from multiple sources to aid immediate or longer-term analytics results within a cloud-based platform — sometimes refers to data that has yet to be normalized.


A platform’s interaction and combining of separate internal or external components so the data, events or other information may be used by the platform.

Investigation Context

Any event(s) that are used to provide meaningful support to an investigation and any decision being made.


Managed Detection and Response (MDR) is a service often offered by MSSPs who are organizations that act as Managed Security Services Providers. MSSPs usually provide other security services as well as MDR.

Related Links

MITRE Attack Framework

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics, techniques and procedures (TTPs) based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the cybersecurity product and service community.

Related Links

Normalized Data

This is any ingested, unstructured data that has then been put into a standardized format so it may be used on its own or with other datasets.

Penetration Testing

An authorized simulated cyberattack on one or more computer systems, performed to evaluate the security of the systems and to check for exploitable vulnerabilities.

Related Links

Pivot Searching

The process of switching from one dataset to another using a field’s value.

Ransomware Detection

The critical first step when ransomware is discovered in your system, typically using malware analysis, automation, or any other technique that helps detect malicious files.

Related Links

Risk-Based Vulnerability Management

Risk-based vulnerability management is a strategy for handling the myriad of vulnerabilities on a typical enterprise network, according to the risk each individual vulnerability poses to an organization.

Risk-based vulnerability management is designed to address two key objectives:

Related Links

Security Operations Center (SOC)

A Security Operations Center (or SOC) is a physical or virtual facility or platform housing an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. A SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. SOCs are typically staffed with security analysts and engineers, as well as managers who can oversee all security operations. Staff work closely with organizational Incident Response teams to ensure that security issues are addressed quickly upon discovery.

Threat Intelligence

Data produced, analyzed, and validated by our Counter Threat Unit™ researchers and automatically correlated against your telemetry to ensure you are protected from the latest threats and adversary behaviors.

Related Links

Vendor Native Alerts

Any notification that a 3rd party vendor considers to be a security incident.

Vulnerability Management

Vulnerability management is the process of continuously identifying, evaluating, treating and reporting vulnerabilities within a particular network or environment.

Related Links