Cybersecurity Glossary - Dalwax Cybersecurity

APT (Advanced Persistent Threat)

A sophisticated, well-resourced threat actor (typically nation-state) that maintains long-term unauthorized access to a target network for espionage or sabotage, using advanced TTPs to evade detection.

CASB (Cloud Access Security Broker)

A security policy enforcement point between cloud service consumers and providers that enforces security policies including authentication, SSO, authorization, encryption, and DLP for cloud applications.

CNAPP (Cloud-Native Application Protection Platform)

A unified security platform that combines CSPM, CWPP, CIEM, and IaC scanning to protect cloud-native applications from development through runtime.

CSPM (Cloud Security Posture Management)

Automated tools that continuously monitor cloud infrastructure for security misconfigurations, compliance violations, and drift from security baselines across IaaS, PaaS, and SaaS environments.

CVE (Common Vulnerabilities and Exposures)

A standardized system for identifying and naming publicly known information security vulnerabilities, maintained by MITRE Corporation with unique IDs (e.g., CVE-2024-3094).

EDR (Endpoint Detection and Response)

Security technology that continuously monitors endpoint devices for suspicious behavior, provides real-time visibility, enables investigation, and automates response to threats.

EPSS (Exploit Prediction Scoring System)

A data-driven model by FIRST.org that estimates the probability a vulnerability will be exploited in the wild within 30 days, providing risk-based prioritization beyond CVSS scores.

FAIR (Factor Analysis of Information Risk)

A quantitative risk analysis framework that models cyber risk in financial terms by analyzing threat event frequency and loss magnitude to enable data-driven risk decisions.

IOC (Indicator of Compromise)

Forensic artifacts — such as IP addresses, file hashes, domain names, or registry keys — that indicate a system or network has been breached or infected with malware.

ITDR (Identity Threat Detection and Response)

Security technology focused on detecting identity-based threats including credential theft, privilege escalation, MFA bypass, token manipulation, and lateral movement via compromised identities.

MITRE ATT&CK

A globally accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations, used for threat modeling, detection engineering, and security gap analysis.

SIEM (Security Information and Event Management)

A platform that aggregates and analyzes log data from across the IT environment, correlates events, detects threats, and provides compliance reporting and forensic capabilities.

SOAR (Security Orchestration, Automation, and Response)

Technology that enables organizations to automate security operations through predefined playbooks, orchestrate tools, and streamline incident response workflows.

TTP (Tactics, Techniques, and Procedures)

The behavioral patterns of threat actors describing their goals (tactics), methods (techniques), and specific implementations (procedures) used to compromise targets.

XDR (Extended Detection and Response)

An evolution of EDR that correlates data across multiple security layers — endpoints, network, cloud, email, and identity — to provide unified threat detection and automated response.

Zero Trust

A security model based on the principle "never trust, always verify" that requires continuous authentication, authorization, and validation of all users, devices, and network flows regardless of location.

ZTNA (Zero Trust Network Access)

A security framework that provides secure remote access to applications based on defined access control policies, replacing traditional VPN with identity-aware, application-specific tunnels.

UEBA (User and Entity Behavior Analytics)

Security analytics that uses machine learning to establish baseline behavior for users and entities, then detects anomalies that may indicate insider threats, compromised accounts, or advanced attacks.