The cybersecurity industry is filled with acronyms. For your reference (and ours!), we maintain the list of common acronyms. We hope you find it useful.

Cyber Security Architectures & Frameworks

CASB – Cloud Access Security Broker: A software tool or service that sits between an organization’s on-premises infrastructure and a cloud provider’s infrastructure to ensure security policies are enforced for cloud applications.

CNAPP – Cloud-Native Application Protection Platform: A security solution designed to provide protection for cloud-native applications across their entire lifecycle, from development to production.

CWPP – Cloud Workload Protection Platform: A security solution designed to protect workloads running in public, private, or hybrid cloud environments.

EDR – Endpoint Detection and Response: Tools and solutions that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts/endpoints.

FWaaS – Firewall as a Service: A cloud-based firewall service that provides firewall protection delivered as a cloud service.

IAM – Identity and Access Management: The framework of policies and technologies to ensure the right individuals access the right resources at the right times for the right reasons.

IDaaS – Identity as a Service: A cloud-based authentication infrastructure for managing identities and providing access to applications.

IDS – Intrusion Detection System: A device or software application that monitors network or system activities for malicious activities or policy violations.

IPS – Intrusion Prevention System: A preemptive approach to network security that monitors network traffic and takes immediate action to block malicious activity.

MDR – Managed Detection and Response: A service that provides organizations with threat hunting services and responds to threats once they are discovered.

NAC – Network Access Control: A security solution that controls access to an organization’s network.

PAM – Privileged Access Management: A cybersecurity strategy and technology for exerting control over the elevated (privileged) access and permissions for users, accounts, processes, and systems across an IT environment.

SASE – Secure Access Service Edge: A network architecture that combines wide-area networking (WAN) and security into a single cloud-delivered service model.

SIEM – Security Information and Event Management: A solution that provides real-time analysis of security alerts generated by network hardware and applications.

SOAR – Security Orchestration, Automation, and Response: A set of software tools that allow organizations to collect and analyze security data from multiple sources and respond to low-level security events without human assistance.

SWG – Secure Web Gateway: A security solution that filters unwanted software/malware from user-initiated web/internet traffic and enforces corporate policy compliance.

UEBA – User and Entity Behavior Analytics: A cybersecurity process about the detection of insider threats, targeted attacks, and financial fraud by analyzing patterns of human behavior and applying algorithms and statistical analysis.

VAPT – Vulnerability Assessment and Penetration Testing: A security testing process that identifies vulnerabilities in an application, network, or system and attempts to exploit them to assess their impact.

XDR – Extended Detection and Response: An integrated suite of security products that provide a unified interface for detecting and responding to threats across multiple layers such as endpoints, networks, servers, and cloud workloads.

Other Related Acronyms

APT – Advanced Persistent Threat: A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.

CISO – Chief Information Security Officer: The executive responsible for an organization’s information and data security.

CSIRT – Computer Security Incident Response Team: A group of experts that handles and responds to computer security incidents.

DDoS – Distributed Denial of Service: An attack in which multiple compromised systems are used to target a single system, causing a denial of service.

DLP – Data Loss Prevention: A strategy for making sure that end users do not send sensitive or critical information outside the corporate network.

FIM – File Integrity Monitoring: A security technology that monitors and detects changes in files that may indicate a cyber attack.

GRC – Governance, Risk, and Compliance: A strategy for managing an organization’s overall governance, enterprise risk management, and compliance with regulations.

MFA – Multi-Factor Authentication: A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity.

MITRE ATT&CK – MITRE Adversarial Tactics, Techniques, and Common Knowledge: A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

PKI – Public Key Infrastructure: A framework for creating a secure method for exchanging information based on public key cryptography.

SOC – Security Operations Center: A centralized unit that deals with security issues on an organizational and technical level.

TLS – Transport Layer Security: A cryptographic protocol designed to provide communications security over a computer network.

UEBA – User and Entity Behavior Analytics: A cybersecurity process about the detection of insider threats, targeted attacks, and financial fraud by analyzing patterns of human behavior and applying algorithms and statistical analysis.

VPN – Virtual Private Network: A service that encrypts your internet traffic and protects your online identity by hiding your IP address.