Abstract image representing cybersecurity

Quick Reference: Cyber Security Acronyms

The cybersecurity industry is filled with acronyms. For your reference (and ours!), we maintain the list of common acronyms. We hope you find it useful.

Cyber Security Architectures & Frameworks

CASB – Cloud Access Security Broker: A software tool or service that sits between an organization’s on-premises infrastructure and a cloud provider’s infrastructure to ensure security policies are enforced for cloud applications.

CNAPPCloud-Native Application Protection Platform: A security solution designed to provide protection for cloud-native applications across their entire lifecycle, from development to production.

CWPPCloud Workload Protection Platform: A security solution designed to protect workloads running in public, private, or hybrid cloud environments.

EDREndpoint Detection and Response: Tools and solutions that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts/endpoints.

FWaaSFirewall as a Service: A cloud-based firewall service that provides firewall protection delivered as a cloud service.

IAMIdentity and Access Management: The framework of policies and technologies to ensure the right individuals access the right resources at the right times for the right reasons.

IDaaSIdentity as a Service: A cloud-based authentication infrastructure for managing identities and providing access to applications.

IDSIntrusion Detection System: A device or software application that monitors network or system activities for malicious activities or policy violations.

IPSIntrusion Prevention System: A preemptive approach to network security that monitors network traffic and takes immediate action to block malicious activity.

MDRManaged Detection and Response: A service that provides organizations with threat hunting services and responds to threats once they are discovered.

NACNetwork Access Control: A security solution that controls access to an organization’s network.

PAM – Privileged Access Management: A cybersecurity strategy and technology for exerting control over the elevated (privileged) access and permissions for users, accounts, processes, and systems across an IT environment.

SASESecure Access Service Edge: A network architecture that combines wide-area networking (WAN) and security into a single cloud-delivered service model.

SIEMSecurity Information and Event Management: A solution that provides real-time analysis of security alerts generated by network hardware and applications.

SOARSecurity Orchestration, Automation, and Response: A set of software tools that allow organizations to collect and analyze security data from multiple sources and respond to low-level security events without human assistance.

SWGSecure Web Gateway: A security solution that filters unwanted software/malware from user-initiated web/internet traffic and enforces corporate policy compliance.

UEBAUser and Entity Behavior Analytics: A cybersecurity process about the detection of insider threats, targeted attacks, and financial fraud by analyzing patterns of human behavior and applying algorithms and statistical analysis.

VAPTVulnerability Assessment and Penetration Testing: A security testing process that identifies vulnerabilities in an application, network, or system and attempts to exploit them to assess their impact.

XDRExtended Detection and Response: An integrated suite of security products that provide a unified interface for detecting and responding to threats across multiple layers such as endpoints, networks, servers, and cloud workloads.

Other Related Acronyms

APTAdvanced Persistent Threat: A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.

CISOChief Information Security Officer: The executive responsible for an organization’s information and data security.

CSIRTComputer Security Incident Response Team: A group of experts that handles and responds to computer security incidents.

DDoSDistributed Denial of Service: An attack in which multiple compromised systems are used to target a single system, causing a denial of service.

DLPData Loss Prevention: A strategy for making sure that end users do not send sensitive or critical information outside the corporate network.

FIMFile Integrity Monitoring: A security technology that monitors and detects changes in files that may indicate a cyber attack.

GRCGovernance, Risk, and Compliance: A strategy for managing an organization’s overall governance, enterprise risk management, and compliance with regulations.

MFAMulti-Factor Authentication: A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity.

MITRE ATT&CKMITRE Adversarial Tactics, Techniques, and Common Knowledge: A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

PKIPublic Key Infrastructure: A framework for creating a secure method for exchanging information based on public key cryptography.

SOCSecurity Operations Center: A centralized unit that deals with security issues on an organizational and technical level.

TLSTransport Layer Security: A cryptographic protocol designed to provide communications security over a computer network.

UEBAUser and Entity Behavior Analytics: A cybersecurity process about the detection of insider threats, targeted attacks, and financial fraud by analyzing patterns of human behavior and applying algorithms and statistical analysis.

VPN – Virtual Private Network: A service that encrypts your internet traffic and protects your online identity by hiding your IP address.

Disclosure: The author is an industry analyst, and NAND Research an industry analyst firm, that engages in, or has engaged in, research, analysis, and advisory services with many technology companies, which may include those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.