Cybersecurity glossary

Application Dependency Mapping (ADM) is the process of identifying and visualizing all the interconnections between software applications, services, processes, and the underlying infrastructure they rely on, such as servers, databases, APIs, and networks.

An attack surface is all of an organization's IT assets that are exposed to a potential attacker.

These assets may have physical or digital vulnerabilities that an unauthorized user can leverage to gain access to a corporate network and extract data. People themselves can also be an attack surface when they are targeted with phishing emails and other types of social engineering.

‍

Botnets are networks of computers that have been hijacked by malware and used to carry out cyberattacks. Most of the time, devices that are part of the botnet or "bots", are not the target of the attack and may only experience slower processing speeds when the bot software uses resources.

Effective breach containment is a pivotal phase in the incident response lifecycle, bridging the gap between detection and eradication. Learn more about what it is, why it matters, and how to implement Illumio's approach to breach containment.

CI/CD Security is the practice of securing the tools, processes, and environments involved in continuous integration and continuous delivery

Cloud Detection and Response (CDR) refers to a set of security capabilities designed to detect, investigate, and respond to threats within cloud environments. Unlike traditional security tools that focus on perimeter defenses, CDR provides visibility and control over cloud-native resources, including containers, microservices, and serverless functions.

‍

Cloud migration means moving your data, apps, and workloads from on-prem systems to the cloud or even from one cloud provider to another. Companies make the move to scale faster, save money, and boost security.

Discover the ultimate guide to cloud security and how Illumio CloudSecure can help your enterprise secure your cloud environment.

Cloud applications and workloads are distributed across the country or the world to provide speed, access, and scalability. Cloud workload protection keeps these workloads secure as they move between different cloud environments. Older security strategies like endpoint protection and firewalls miss what is happening in the cloud environment.

Common Criteria or CC is an international standard for computer security. It is a framework that computer users can employ to specify functional and assurance requirements for security.

Container orchestration is the automated management of containers. This allows a software team to maneuver these containers. This is done using strategic deployment, managing lifecycles, load balancing, and networking.

Containers have changed the game for building and running apps — they’re fast, flexible, and built to scale. But with that speed comes serious security risks. Just because it’s in the cloud doesn’t mean it’s safe. In fact, the risks grow. That’s why container security matters. It keeps your apps protected, compliant, and ready to fight off modern threats.

A cyberattack is an assault that cybercriminals have launched to target a network or the devices, applications, and data on a network. Attackers can steal data, disable or damage devices, and leave malware behind that can launch future attacks on other networks.

Cyber resilience means being ready for cyberattacks — and knowing how to bounce back fast if one happens.It’s more than just trying to stop hackers. It’s about keeping your business running, even during an attack, and recovering quickly afterward.While cybersecurity focuses on keeping threats out, cyber resilience prepares you for what to do when they get in.

Cybersecurity is a term that defines the processes, technologies, and practices used to safeguard devices, applications, networks, and data from damage or unauthorized access. Cybersecurity is also known as electronic information security or information technology security.

Cybersecurity compliance means following laws, regulations, and industry standards that help keep a company’s digital assets, sensitive data, and IT systems safe from cyberattacks. Organizations must align with various cybersecurity compliance frameworks that outline security controls, best practices, and reporting guidelines.

‍

DevSecOps means "development, security and operations." It is a mindset and a way of working that ensures everyone is accountable for the security of the IT in the organization.

A distributed denial of service attack (DDoS) is an attempt to make an online service inaccessible by hitting it with a massive amount of traffic from a variety of machines. A DDoS attack can block access to servers, devices, databases, networks, and applications.

The difference between a DDoS attack and a standard denial of service attack is that a DDoS attack comes from multiple machines rather than just one. Let's look at how this is accomplished.

Endpoint Detection and Response (EDR) is a cybersecurity solution that continuously monitors and analyzes activity on endpoints like laptops, desktops, servers, and mobile devices to detect, investigate, and respond to threats in real time

Many  employees today are issued laptops. Some workers at the office even have  desktop systems, often for development work. These are the endpoints that  need to be protected from malware with endpoint security.

A firewall is a network security device that monitors and controls incoming and outgoing network traffic. Security rules set in the firewall device determine what type of data packets will be allowed into or out of a network.

GitOps is a modern DevOps practice that uses Git as the single source of truth for declarative infrastructure and application deployments.

A hypervisor is what makes virtualization technology possible. Let's look at the definition of virtualization to get a clearer understanding of what hypervisors do.

Incident response in cybersecurity refers to the organized approach a company or organization takes to prepare for, detect, contain, and recover from a cybersecurity incident, such as a data breach, malware attack, or unauthorized access.

Infrastructure as Code (IaC) automates infrastructure setup using code and is an essential process to keep environments repeatable, scalable, and consistent.

Kubernetes security means keeping your containerized applications safe from potential threats, vulnerabilities, and unauthorized access. As more companies use Kubernetes to run their containerized workloads, it’s crucial to ensure consistent security across clusters, nodes, and workloads.

Lateral movement has become synonymous with data breaches over the past several years, which references cybercriminals' techniques once they gain access to a network. Lateral movement allows hackers to move deeper into a system to track sensitive data, intellectual information, and other high-value assets.

Malware is a catch-all phrase that is a shortened version of "malicious software," which means it is any type of software that can damage devices, steal data, and cause chaos. This differs from a bug in software because while a bug is an accident, attackers create malware to intentionally cause harm.

Microsegmentation is a security technique that breaks data centers and cloud environments into segments down to the individual workload level. Organizations implement microsegmentation to reduce attack surface, achieve regulatory compliance, and contain breaches.

Network Access Control, or NAC, is all about keeping the wrong devices and users out of your network. It makes sure only trusted, secure devices get in — cutting down on hacks, data leaks, and unwanted access.But NAC does more than just check IDs at the door. It also enforces security rules, watches connected devices in real time, and works with other tools to support a strong Zero Trust strategy.

Zero Trust security means no one gets automatic access ever. Not people, not devices, not apps. Everything has to prove who they are every time they try to connect, even if they’re already inside the network.

Cybersecurity isn’t just about keeping attackers out. It’s also about stopping them if they get in. That’s where network segmentation comes in. Read on to find out why network segmentation is an essential plan for businesses big and small, and why it matters.

Observability in cybersecurity is the ability to understand system behavior through logs, metrics, and traces, helping teams investigate and diagnose security issues.

PCI DSS stands for Payment Card Industry Data Security Standard, and is a set of information security standards for any organization that handles and accepts branded credit cards from the major credit card networks such as American Express, Discover Financial Services, JCB International, MasterCard, and Visa.

Personally identifiable information (PII) is any sensitive information or data intended to identify an individual. Sometimes a single piece of PII can identify a specific person, while at other times, other relevant PII details are required to result in a precise match to an individual.

Phishing attacks are an attempt to trick people into doing things they would "never" do using social engineering. By masquerading as people with authority and using fear tactics, scammers can scare people into submitting their login credentials on a site that looks just like their banking site but isn't.

A Policy Compute Engine (PCE) is a central system that analyzes network and application traffic, determines the appropriate security policies, and distributes those policies to enforcement points, helping control and segment communications without being in the actual data path.

Ransomware is a type of malware that encrypts files and information on a system and prevents access to the information until a ransom is paid via cryptocurrency to decrypt them. Discover prevention strategies and common FAQs with our informative guide.

Role-based access control (RBAC) is a way of limiting or managing access to or use of an application or network, based on an individual or device’s role in the organization and the permissions assigned to their role. RBAC allows employees to have access only to the applications and information necessary to do their job, and limits access to any information that doesn’t pertain to their role.

A security breach is an incident where an unauthorized party gains access to data, systems, or networks without permission. This can result in the exposure, theft, alteration, or destruction of sensitive information such as personal data, financial records, or intellectual property.

An information technology (IT) security policy sets the rules and procedures for users who access a company's IT resources. These rules protect an enterprise's data and systems from unauthorized access, use, modification, or destruction.

Shift Left Security is a software development approach that emphasizes integrating security early in the development lifecycle, "shifting left" in the timeline, rather than waiting until the end of the process or during deployment.

Software-defined networking is a modern, dynamic alternative to traditional networking that aims to make the network easier to administrate and troubleshoot. In place of hardware devices like routers and switches, SDN communicates within the infrastructure established using APIs or software-based controls.

SSL (Secure Sockets Layer) is a security protocol that encrypts data transmitted between a user’s browser and a website, ensuring that sensitive information like passwords, credit card details, and personal data remain private and protected from interception. It’s the predecessor to TLS (Transport Layer Security), which is now the modern standard for secure internet communication.

Threat intelligence is the information that a business or other organization uses to identify potential cybersecurity threats that it will face. Professionals look into these potential threats so that they can be prepared for a breach to take place pre-emptively.

TLS or Transport Layer Security, is a protocol that protects data as it travels across a network through encryption and authentication. Used in secure connections like HTTPS, it prevents eavesdropping, tampering, and impersonation.

Virtual  Desktop Infrastructure (VDI) is a technology that allows the hosting of desktop environments on a central server or a cloud provider. End users can  then access these virtual desktop environments remotely over the network from  their personal laptops or tablets.

Visibility in cybersecurity refers to the ability for security teams to see and monitor activity across networks, systems, devices, and applications. It allows organizations to track communication between assets, identify unusual behavior, and detect potential security threats across their IT environment.

Vulnerability management is the process of discovering, prioritization, remediation, and ongoing measurement and reporting of security vulnerabilities in software and systems. This process is essential for organizations to understand and address vulnerabilities to minimize their "attack surface."

A zero-day attack is a cyberattack that exploits a software vulnerability that is unknown to the software vendor or developers. Because the vulnerability hasn’t been discovered or patched yet, defenders have “zero days” to fix it, making these attacks especially dangerous.

Zero Trust architecture is a security strategy eliminating implicit trust by using micro-segmentation to help prevent breaches, ransomware, and lateral movement.

Zero Trust works on one core idea: “Never trust, always verify.”It’s not a tool — it’s a strategy. Zero Trust uses different technologies and rules to lock down every part of your system, including cloud, endpoint, data center environments. It’s all about reducing risk and keeping bad actors out, no matter where they’re hiding. Learn more about Zero Trust Security in our guide.

Zero Trust Segmentation (ZTS), also called microsegmentation, is a security tool that helps stop threats from spreading inside a company’s network. Unlike older methods that use fixed boundaries like VLANs, ZTS works in real-time, focusing on who is accessing what, how they behave, and the current risks.

Zero Trust Network Access (ZTNA) models adaptively grant access to authorized users or devices based on contextual awareness. These systems set access permissions to deny by default, and only authorized users who are approved based on identity, time, device, and other configurable parameters are provided access to your network, data, or applications.