Glossary

Active Directory

A Microsoft Windows directory service. IT administrators use Active Directory to manage functions such as applications, users, and other network components. It's a key solution for identity and access management (IAM).

Active Directory Security

People, tools, and technology used to identify vulnerabilities, misconfigurations, and other security issues within Active Directory.

Active Directory Security Groups

Secure groupings of Active Directory data used by IT administrators to manage and grant access to Microsoft resources. Security groups may contain computer accounts, user accounts, or other groupings for IT management.

Active Scanning

A methodology that security professionals use to actively scan a network to discover assets and security issues. Active scans send transmissions across a network to assets to see if they respond, how long the response takes, and if there are issues with data loss.

Administrator (Admin)

Individuals responsible for maintaining an organization's information security infrastructure (for example, networks, systems, and servers).

Advanced Persistent Threat (APT)

A targeted cyberattack where, once inside a network, the attacker generally remains undetected for an extended time. APTs are generally planned and sophisticated attacks and can be carried out by threat actors such as nation-states that have lots of resources and experience.

Advanced Threat Protection (ATP)

Cybersecurity solutions and security best practices that help organizations defend against malware and hackers.

Agent

Lightweight programs used to automate actions (for example, archiving computer files). Agents often run in the background on a preset schedule.

Amazon Web Services (AWS)

A cloud platform encompassing platform as a service (PaaS), software as a service (SaaS), and infrastructure as a service (IaaS). There are more than 100 services within AWS, including computing, storage, data management, networking, and more.

Anomaly

An unexplained output that differs from the norm or what is intended.

API Attack

A cybersecurity attack that occurs when an attacker attempts unauthorized use of an API service. For example, in an API injection attack, an attacker may inject malicious code after exploiting a coding or misconfiguration issue to get software access. There are other times of API attacks such as Distributed Denial of Service (DDoS), Man in the Middle (MITM), SQL injection, broken user authentication, and others.

Application Programming Interface (API)

A technology that enables two applications to communicate with one another. An API requests information or services from one system to another.

Application Security

The processes an organization uses to develop, update, and test application components to remove security vulnerabilities an attacker may be able to exploit.

Asset

Any data, device, or environmental component that supports information-related activities and needs to be protected from threats. Assets can be desktop computers, web servers, cloud resources, name servers, IoT devices, network printers, enabled users, or other items—and have elements such as hostnames, web application names, IP addresses, or DNS records. Assets are defined differently in each Tenable product.

Asset Exposure Graph

A visualization of an attack path from multiple assets down to one asset.

Asset Exposure Score (AES)

A security exposure metric that Tenable calculates for each asset on your network to represent the asset's relative exposure as an integer between 0 and 1000. A higher AES indicates higher exposure.

Asset Inventory

A digital inventory that allows an organization to track and document details of all of its assets. This inventory isn't just for devices and hardware. It can also include intangible assets, for example, data or intellectual property.

Asset Management

Refers to the monitoring, configuring, and maintenance of assets.

Attack Path

A path an attacker can take to exploit security weaknesses and gain access to assets within your network. The attack path enables the attacker to move between assets.

Attack Surface

Describes all of the possible points within an enterprise an attacker could potentially gain unauthorized access and exploit security weaknesses to access systems, networks, and data.

Attack Vector

A singular method an attacker can use to gain unauthorized access to an asset and then exploit vulnerabilities and other security weaknesses.

Authentication

A method to verify that an asset, process, or user can access certain system resources. It's a way to validate the identity that the asset, user, or process is who it claims it is.

Autonomous System Number (ASN)

A unique number that's available globally to identify an autonomous system and which enables that system to exchange exterior routing information with other neighboring autonomous systems.

Bandwidth

The maximum volume of data a system can transmit from one point to another, across a network, during a certain amount of time. Bandwidth is typically measured in megabits per second (Mbps).

Behavioral Analysis

A method to evaluate how users and other assets, for example, servers and networks, behave in your environment. Today, many behavior analyses are conducted through analytics tools such as machine learning and artificial intelligence (AI). By analyzing and understanding normal behavior patterns, teams can better identify when there are changes that could indicate a potential security threat or incident.

Benchmark

A group of scores to which you can compare your scores and assess your performance.

Blast Radius

A visualization of one or more attack paths from one asset to multiple other assets.

Botnet

Represents a computer network that may be infected with malware and is often controlled by an attacker group with unauthorized access. The goal is to conduct activities the network owner is unaware of, for example, to spam other computers or conduct DDoS attacks.

Breach

A security incident that results in the exposure of confidential data or protected information.

Breach Response

Represents the actions an organization may take to respond to and recover from a security breach. The goal is to mitigate damage and resume business as usual as quickly as possible with minimal impact on operations.

Broken Access Controls

Controls that allow attackers to access data and files. With broken access controls, attackers can change data, amend access rights, and get access to other unauthorized functionalities within a system.

Center for Internet Security (CIS)

A nonprofit organization responsible for CIS Controls and CIS Benchmarks. The organization is known around the world for the leading role it plays in establishing best practices to help organizations secure data and IT systems.

Chief Information Security Officer (CISO)

The head of cybersecurity for a company. A CISO can use the Exposure View to quickly quantify the overall enterprise risk exposure, measure its progress or regression over time, and easily communicate impact and ROI to key stakeholders.

Choke Point

A place where multiple potential attack paths merge before reaching a critical asset.

CIS Benchmarks

Best practices that help organizations secure a target system. There are 100 CIS Benchmarks that span more than 25 vent families. According to the Center for Internet Security, these benchmarks "are the only consensus-based, best-practice security configuration guides both developed and accepted by the government, business, industry, and academia."

CIS Critical Security Controls

Best practice actions organizations can take for cyber defense and to prevent cyber attacks. The controls are considered high-priority and effective. Organizations looking to implement or mature cyber hygiene practices can use CIS Security Controls as a starting point for a cybersecurity program.

Cloud

Refers to services and software offered through the web rather than operating on-premises like traditional IT. This is generally through a network of servers, many operating simultaneously around the world.

Cloud-Based Delivery Model

Represents the way cloud computing services are delivered. Determining which model is best for an organization depends on a range of unique factors. There are three common cloud-based delivery models: IaaS, PaaS, and SaaS.

Cloud-Native Application Protection Platform

A type of cloud security architecture that helps protect cloud applications from development through production. There are several benefits of adopting a CNAAP; for example, more visibility into cloud-based environments and earlier detection of cloud-based risks.

Cloud Access Security Broker (CASB)

Hardware or software that serves as a link between the cloud services provider and its users. A CASB can either be cloud-hosted or on-premises and generally serves as a security policy enforcement point.

Cloud Application

Software that users can access in the cloud via the internet. Unlike a traditional application that might be installed directly on a computer from a disc or other hardware, a cloud application is managed by a server and not a user's computer.

Cloud Application Virtualization

A feature that enables users to access a cloud application on computers other than the one an application is installed on. Generally, these applications are set up on servers and a user can access it through a remote connection.

Cloud Application Visibility

A vulnerability within a cloud environment in which an attacker may be able to exploit a misconfiguration or other security issue to gain unauthorized access to an asset.

Cloud Architecture

Represents all of the elements that make up your cloud computing environment. Cloud architecture may look different from one organization to the next. It generally consists of a front-end component, for example, the device to access the cloud; a back-end element, for example, storage and servers; a cloud-based delivery model, for example, infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS); and a network.

Cloud Attack Surface

Represents all of the components within and connected to a cloud environment in which an attacker could discover a security weakness and exploit it to gain unauthorized access to the environment.

Cloud Computing

Describes all of the components required to deliver cloud-based services through the web. This could include software and networks, but also hardware, storage, and more. Many organizations are moving from on-premises technologies because of the cost savings, flexibility, and scalability cloud computing offers.

Cloud Control Plane

Facilitates orchestration and management activities across a cloud computing environment, for example, items such as user and role creation, configuration guidelines, and access management.

Cloud Cost Containment

A process to efficiently manage and optimize cloud computing-related expenses.

Cloud Enablement

A process that examines an organization's existing IT infrastructure (for example, hardware, software, and other assets) and develops a plan to create, deploy, and manage either a cloud infrastructure, which could be a public, private, or hybrid environment.

Cloud Firewall as a Service (FWaaS)

A service that operates within a cloud environment to create a barrier between your cloud resources and malicious activities.

Cloud Infrastructure

Represents all of the components needed to operate a cloud computing environment, for example, hardware, storage, and other resources.

Cloud Infrastructure Entitlements Management

Solutions that help organizations manage access privileges for cloud environments. Also known as Cloud Permissions Management (CPM), these solutions embrace a least-privilege access approach to manage permissions related to cloud resource access.

Cloud Migration

Represents the planning, development, and implementation of moving an organization's resources from a traditional IT environment (for example, hosted by on-site servers into a cloud-computing environment). Cloud migration generally involves the movement of all or some of an organization's data, as well as other applications or services, to a cloud environment (for example, Microsoft Azure, Google Cloud Services, or Amazon Web Services).

Cloud Native

Defines applications built and run within the cloud. These applications are generally lightweight containers and enable efficient deployments, as well as flexibility and scalability, across a range of environments.

Cloud Security

Processes, tools, resources, and policies that protect your data and resources stored off-premises and in the cloud. It continually assesses all of the assets within your cloud environments so you can discover and remediate vulnerabilities, misconfigurations, and other security issues to keep your organization safe.

Cloud Security Gateway

Represents the enforcement points an organization places between a cloud services environment and its consumers to enforce security policy at various points. These gateways can be either cloud-hosted or on-premises.

Cloud Security Posture Management (CSPM)

Represents the tools and resources an organization may use to seek out cloud-based issues such as misconfigurations or other compliance or security risks. CSPMs generally alert security teams when they identify security or compliance issues within a cloud environment.

Cloud Security Tools

Policies, processes, procedures, technologies, and other resources an organization uses to reduce cloud security risks and identify security weaknesses.

Cloud Service Provider (CSP)

A provider of cloud-based services (for example, cloud-computing infrastructure, applications, storage, and other services). Some well-known CSPs include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Cloud Vulnerability

A security weakness, for example, a misconfiguration or other security issue, that an attacker may be able to exploit to gain access to your cloud-based environment.

Cloud Workload Protection Program (CWPP)

A program that helps secure and manage workloads within and across cloud environments. CWPP approaches cloud security from a workload level, not from a typical endpoint perspective.

Cloud Workload Segmentation

A process that creates rules to govern and manage access and services between different cloud workloads.

Common Vulnerabilities and Exposures (CVE)

A database of common, publicly disclosed computer flaws and security issues that is managed by the MITRE organization.

Common Vulnerability Scoring System (CVSS) Score

Enables organizations to evaluate security vulnerabilities and numerically score them to determine which may pose the greatest risk for an organization and ultimately drive prioritization and remediation processes.

Common Weakness Enumeration (CWE)

A unified language used to address software vulnerabilities that might exist in development, code, design, or within architecture. The MITRE Corporation manages the CWE database and each CWE reflects a security weakness type. It's different from a CVE, which is a known instance of a specific vulnerability.

Compliance

Refers to an organization's ability to demonstrate it meets a set of specific requirements or standards that are managed or overseen by a third party. For example, healthcare organizations must demonstrate data security and privacy requirements through HIPAA audits.

Compliance as a Service (CaaS)

Compliance as a Service (CaaS) is often overseen by a managed service provider (MSP), which supports organizations by ensuring they're meeting requirements for specific compliance mandates.

Compliance Framework

Outlines specific requirements or guidelines an organization must meet to demonstrate it complies with a specific set of mandates or other requirements. There is a range of compliance frameworks available today that cover a range of industry, state, federal, and other requirements (for example, privacy frameworks, security frameworks, risk management frameworks, and others).

Computer Security

Encompasses all of the processes, tools, and resources used to protect computer systems, for example, your network or other environments, from potential breaches or other security issues. Also referred to as information security or cybersecurity.

Configuration

Refers to how systems (for example, hardware, software, or applications) are set up and managed.

Configuration Control

Refers to the processes used to manage any changes made to hardware or software within a computing environment.

Configuration Management

Processes that ensure approved, consistent approaches are used when changes are made to a computing environment's functionality and performance.

Container

A type of virtualized operating system. It packages an application and all of its needed components, for example, its libraries, as a run-time environment.

Container Environment

Ensures containers have access to important resources, for example, information about the container and other objects, as well as the filesystem that includes the container image and its related volumes.

Container Image

A file of executable code that enables an application to run. It cannot be changed and helps ensure consistent deployment across any environment type.

Container Image Tag

A specific release or version of an application hosted inside of a container (for example, 14.04).

Container Registry

A storage location for container images. Container registries enable developers and continuous integration (CI) systems to store pushed containers.

Container Security

Encompasses all the people, tools, and resources an organization uses to secure containers to ensure applications perform as intended.

Content Delivery Network (CDN)

A group of servers, which are generally in different geographical locations, that work together to deliver web content. It helps make content delivery faster by storing the content in areas closer to users.

Continuous Deployment

A development practice where operations (or DevOps) automatically push successfully tested builds to production environments. Continuous deployment makes these test builds immediately available.

Continuous Deployment (CD) System

Enables monitoring for successful builds that have passed tests, which can then move into production environments. Essentially, a CD system automates successful build deployment.

Continuous Integration

A process that enables developers to integrate code into a shared source control repository, routinely, as authorized changes occur.

Continuous Integration (CI) System

Monitors source control commits, such as merged pull requests in GitHub, to automatically trigger a build (to test) when there is a change in source control.

Continuous Integration and Continuous Deployment (CI/CD) System

Monitors source control commits, such as merged pull requests in GitHub, to automatically trigger a build (to test) when there is a change in source control. When the build and test phase is completed, the successful builds are pushed to production environments. This automates the deployment of a successful build.

Continuous Network Monitoring

Enables non-intrusive insight into assets throughout all environments to discover vulnerabilities, traffic and bandwidth issues, misconfigurations, and other security issues. Nessus Network Monitor (NNM) is an example of a continuous network monitor.

Credential Stealing

A type of cyberattack where a threat actor obtains a user's identity, for example, username and password, to attempt unauthorized access into a system or network.

Credential Stuffing

A type of cyberattack where an attacker uses automated tools to inject lists of stolen credentials, for example, username and password, to attempt unauthorized access into a system or network.

Credentialed Scan

A scan that uses system privileges to conduct a deep evaluation of an asset. It's different from a non-credentialed scan, which provides a higher-level look at vulnerabilities and other issues through exposed ports, protocols, and other services. Credentialed scans are sometimes referred to as authenticated scans.

Cross-Site Request Forgery (CSRF)

An attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.

Cross-Site Scripting (XSS)

The act of inserting malicious code on websites to target visitors.

Cyber Attack

Happens when an unauthorized user, often referred to as a hacker, attempts to gain unauthorized access to an asset, system, or network. While motivations vary from attack to attack, often common goals include disabling access, damaging, exfiltrating, encrypting data, or facilitating other attacks.

Cyber Defense

A strategy organizations use to prevent cyber attacks.

Cyber Exposure

A discipline that helps organizations see, predict, and act on cyber risks across the entire attack surface. Built on principles of risk-based vulnerability management, Cyber Exposure management best practices introduce a common risk-focused and metric-based language that everyone understands—from security and IT Ops to executive leadership and key stakeholders. The term "cyber exposure" was pioneered by Tenable.

Cyber Exposure Gap

Represents the vulnerabilities, misconfigurations, and other security issues an organization should find, prioritize, and mitigate or remediate to mature its cybersecurity posture.

Cyber Exposure Lifecycle

A framework organizations can use to continuously assess the health and security of their cybersecurity program. Organizations that apply the Cyber Exposure lifecycle to their cybersecurity program should be better enabled to answer questions such as: where is the organization exposed? Where should the organization prioritize based on risk? Is the organization reducing exposure over time? How does the organization compare to its peers?

Cyber Hygiene

A term used to define all of the processes and practices an organization takes to establish, manage, improve, and maintain security standards to protect assets, users, and data.

Cyber Risk

A term used for any potential damages an organization may face should it be compromised by a cyber attack.

Cyber Risk Management

Encompasses all of the practices an organization uses to discover, analyze, protect, respond to, and recover from any potential cybersecurity vulnerabilities or threats.

Cyber Threats

Weaknesses an organization may have that an attacker could potentially exploit to gain unauthorized access to systems or data. As enterprises evolve, so does the cyber threat landscape, which can include vulnerabilities, misconfigurations, or other security issues created by assets, users, or other network and system components.

CyberScope

A platform an organization can use to manage reporting related to the Federal Information Security Management Act (FISMA). The United States Depart of Homeland Security (DHS) mandates CyberScope for this reporting.

Cybersecurity

Represents all of the practices and processes an organization uses to secure all of its assets and data from a potential cyber attack.

Cybersecurity Lifecycle

There are five stages of a cybersecurity lifecycle based on NIST's Cybersecurity Framework: Identify, Protect, Detect, Respond, and Recover. An organization can use the voluntary framework as a guideline to establish cybersecurity best practices.

Cybersecurity Risk

Represents vulnerabilities and other security issues an organization may have that could potentially result in unauthorized access to any of its systems, networks, or data.

Data Classification

Represents how an organization organizes all of its assets, including value assignments, to help guide decisions on which assets are critical, should be protected, and how.

Data Loss Prevention (DLP)

Represents all of the components an organization uses to discover and protect its data against any weaknesses that might lead to unauthorized access.

Data Protection

How an organization protects its data to prevent unauthorized access or compromise.

Denial Of Service (DoS)

A type of cyber attack that can prevent authorized users from accessing a network or device.

Deserialization

A process that takes data in one format and rebuilds it into an object, for example, serializing data with JSON.

Development and Operations (DevOps)

A business partnership that integrates the two disciplines to improve the speed, accuracy, and security of software or an application during the software development lifecycle.

Discovery

The act of identifying assets.

Distributed Denial Of Service (DDoS)

An attack where an attacker floods a server (or multiple servers simultaneously) to stop authorized users from being able to access certain services or sites.

Docker

A containerization platform developers use to put their applications into containers so all of the components needed to run the application will function in any environment.

Domain Administrator

Individuals that are responsible for managing a domain's access privileges.

Domain Name

A label that identifies a network domain. Domain names are used to identify Internet resources, such as computers, networks, and services, with an easy-to-remember text label that is easier to memorize than the numerical addresses used in internet protocols. For example, foo.tld is the domain name of URL http://www.foo.tld/index.html.

Double Extortion Ransomware

A type of ransomware attack where, in addition to successfully infiltrating an organization to encrypt data, an attacker also exfiltrates some or all of the data in an attempt to collect even more ransom.

Dynamic Threat Assessment (DTA)

A process the U.S. Defense Intelligence Agency (DIA) created to assess the capabilities and intentions of adversaries as related to each Joint Strategic Capabilities Plan.

Effective Permissions

Used in Active Directory to grant a user access to an Active Directory object, for example, a file or a folder a user or user group may access.

Encryption

A process used to change data into a type of code that's designed to prevent unintended users from gaining access to that data or information.

End User

An individual that has access to an organization's assets to perform job requirements.

Endpoint

A device on a network, for example, a computer, smartphone, or laptop.

Endpoint Protection

Represents the processes an organization uses to protect all of its endpoints, such as computers, laptops, smartphones, tablets, and other devices that may be susceptible to a cyber attack.

Endpoint Security

All the resources an organization uses to protect all of its assets from cyber breaches. It's commonly used on devices such as computers, tablets, laptops, and smartphones.

Enterprise

All of the information and communications systems an organization may use to support its business functions.

Enterprise IT Security

All of the processes an organization uses to protect its data and assets, including identifying and remediating vulnerabilities, misconfigurations, and other security issues that may put it at risk of a cyberattack.

Entitlements

Data structures that determine user access.

Environment

All of the infrastructure, hardware, software, and other resources an organization uses for daily business operations.

Ethical Hacking

A cybersecurity testing method whereby a hacker is authorized to attempt to get access to a network, data, or other asset.

Evidence

The empirical data from different data sources that confirms the feasibility of a step as part of an attack path.

Exploit

A type of tool an attacker uses to take advantage of a vulnerability or security weakness within an information system.

External

The accessibility of an asset that can be connected to from across the internet.

External Testing

A type of vulnerability assessment that analyzes an organization's external-facing assets to identify if there are any potential security weaknesses an attacker may be able to exploit.

Federal Information Security Management Act (FISMA)

A set of standards for federal information cybersecurity practices.

Firewall

A device an organization uses to monitor and filter data that flows into and out of its network through a set of preset security policies.

Gateway

A node within a network between two different networks or applications. It usually is between two networks or applications that have different transmission protocols.

General Data Protection Regulation (GDPR)

A set of privacy and security regulations established within the European Union (EU). It is considered one of the toughest such policies in the world and applies to organizations, even those located outside the EU, if they collect data from EU residents.

Google Cloud Platform (GCP)

A tool developers use to create, deploy, and scale a range of services, for example, websites and applications, within a cloud infrastructure Google offers.

Governance

The people, processes, and policies that guide privacy, security, compliance, and other critical business areas to ensure consistent practices across an organization.

HIPAA

An abbreviation used for the Health Insurance Portability and Accountability Act of 1996, which created national standards in the U.S. to protect and secure the confidentiality, availability, and integrity of personal health information (PHI).

Host

A device connected to a network that communicates with other hosts on the network.

Hostname

A unique name given to any device that is connected to a specific computer network, typically appended to a domain name, and resolves to an IP address using the Domain Name System (DNS). For example, ‘bar’ is the hostname of bar.foo.tld.

Identity Access Management (IAM)

A process IT teams use to ensure the right people have the right access to information and resources needed to do their jobs and prevent unauthorized users from accessing data, systems, or assets.

Identity Security

Enables organizations to control user authentication, for example, user identities and access, to ensure authorized and secure access into systems and networks. Identity Security a component of IAM.

Image

An application hosted inside of a container image file (for example, ubuntu:14.04).

Image Scanning

A process that helps uncover vulnerabilities or other security issues within a container.

Image Tag

A specific release or version of an application hosted inside of a container (for example, 14.04).

Incident Response

The plans, processes, and policies an organization uses to manage actions when faced with a disruptive incident, for example, a cyber breach.

Industrial Control Plane (ICP)

A component of a programmable logic control (PLC) within an ICS network. There are two protocol types: the control plane protocol for managing engineering functions such as programming, configuration, and updates for firmware; and the data plane protocol for managing physical parameters of ongoing processes such as process parameters like set points and tags. If a cyber attack disrupts or affects a control plane, it can cause a myriad of problems, including the failure of critical services, such as power, or the development of defective products.

Industrial Control System (ICS)

The main component of operational technology. An ICS includes different types of devices, controls, systems, and networks that manage industrial processes.

Industrial Control System (ICS) Security

The processes, hardware, and software used to secure an ICS. ICS security solutions include detailed visibility, asset inventory, passive and active threat detection, risk-based vulnerability management, and configuration control. Maintaining ICS security is essential to decrease risks from internal and external threats and to keep most industrial operations up and running.

Industrial Internet Of Things (IIoT)

The use of IoT devices within industrial environments. IIoT devices help provide telemetry data and leverage the cloud rather than require manual intervention, thereby increasing efficiencies and reducing the chance of errors.

Industrial Security Management

Processes that ensure industrial control systems (ICS) are safe and secure. Security management practices include visibility, security, and control elements. Protecting industrial plants involves significantly minimizing potential risks and achieving affordable and minimally disruptive security for all assets, including industrial automation networks. Organizations should design and manage security so it does not conflict with other important requirements such as performance output, uptime, and workforce-friendliness.

Industry 4.0

Refers to the Fourth Industrial Revolution and represents the digitization and increasing automation in industrial settings today.

Industry Benchmark

A benchmark based on members of your Tenable-assigned industry which you can compare your scores and assess your performance.

Information Rights Management (IRM)

Manages user access to certain sensitive data or systems to ensure unauthorized users don't have access. IRM is a component of digital rights management (DRM).

Information Security (InfoSec)

All the resources an organization uses to manage and mitigate information security risks. Refers to how organizations prevent unauthorized access to data, networks, and other assets.

Information Technology (IT)

The processes related to information networks within an organization that ensure all hardware, software, data, and other components function and remain secure to ensure operational resilience.

Infrastructure

All the facilities, hardware, software, and other supporting services necessary to enable IT business services, including on-prem and cloud-based technologies.

Infrastructure as a Service (IaaS)

A cloud-based service where organizations can access virtualized resources via the internet such as operating systems, networks, servers, storage, and other cloud foundation needs.

Infrastructure as Code (IaC)

Enables organizations to automate security and operations in virtualized and cloud infrastructure in terms of source code so that infrastructure can be provisioned in a data center.

Insider Threat

A security risk when an insider, for example, an employee, vendor, supplier, contractor, or others, (either on purpose or not) harms an organization's assets, data, systems, network, intellectual property, and other components.

Integration

A data pipeline that connects data and assets across an enterprise.

Internal

The accessibility of an asset that cannot be connected to from across the Internet, and generally resides on an internal network.

Internal Testing

A vulnerability assessment tool that organizations can use to conduct a full authorized scan of an environment to discover vulnerabilities and other security issues such as misconfigurations. The process discovers known and unknown security issues within an enterprise and to see if security controls function as intended.

Internet-accessible

Refers to an asset that can be connected to over the Internet.

Internet Of Things (IoT)

Interconnected devices that collect and send data to other devices over a network and generally happen without human interaction.

Internet Security

Processes used to secure internet resources such as websites, networks, browsers, and other online behaviors.

IoT Security

The processes, hardware, resources, and tools used to manage and keep IoT devices safe.

ISO 27000

A set of security standards the International Organization for Standardization (ISO) manages for information security management systems (ISMS). According to the ISO, these standards "[enable] organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties."

IT Security

The processes, hardware, resources, and tools used to manage and keep your information security infrastructure safe from security weaknesses and potential breaches.

IT/OT Convergence

An environment in which IT and OT devices connect or interact with one another. This can happen intentionally, for example, when an OT device connects to an outside network, or accidentally, for example, when someone connects a laptop (that has been connected to an outside network) to an OT device for updates.

IT/OT Security

The people, tools, and resources an organization needs to secure both its IT environment and OT environment, particularly in places where IT/OT converge.

Kubernetes

An open-source orchestration platform organizations use to automate key processes in cloud-native application development. Designed originally by Google, the Cloud Native Computing Foundation now manages it. Kubernetes can help organizations manage and scale containers in cloud environments.

Kubernetes Security Posture Management (KSPM)

A cybersecurity tool that helps organizations discover and remediate security issues within Kubernetes, a resource many organizations use to manage their container environments.

Lateral Movement

The way attackers move through an environment. Once an attack compromises an asset or endpoint, the attacker can then move deeper into a network, often undetected.

Least Access Privilege (or Least Privilege Access)

Sometimes referred to as the principle of least privilege (POLP). With least access privilege, a user has a minimal level of access rights, generally, the lowest level needed for a specific role or task.

Log4Shell

CVE-2021-44228, also known as Log4Shell, is a critical flaw in the Apache Log4j software. Log4j is a widely used Java logging library included in Apache Logging Services used to log messages from an application or service, often for debugging purposes. An attacker can exploit Log4Shell by sending a specially crafted request to a server running a vulnerable version of Log4j. If the server uses Log4j to log requests, the exploit will then request a malicious payload from an attacker-controlled server through the Java Naming and Directory Interface (JNDI) over a variety of services, such as Lightweight Directory Access Protocol (LDAP).

Machine Learning

A computing method that uses data and other information to continuously improve task performance.

Malware

Software that is developed with a specific malicious intent, for example, to disrupt an asset or network, to gain unauthorized access into systems, or to steal, modify, delete, or encrypt data or other assets.

Malware Scanner

Devices used by organizations to scan assets or networks for malicious software or code, for example, a virus on a computer.

Man-in-the-Middle (MitM) Attacks

A cyberattack that compromises users through insecure networks such as public WiFi.

Managed Security Services Provider (MSSP)

An entity that is responsible for managing a client's security devices, processes, and systems. For example, an MSSP may manage VPNs, and firewalls, or offer vulnerability scanning and other cybersecurity-related services.

Managed Services Provider (MSP)

An entity that is responsible for services such as providing infrastructure, security, applications, support, administration, and other services for its clients. This may be accomplished through an MSPs own data center or the MSP may work directly with a third-party services provider. Many MSPs offer continuous monitoring services.

Metadata

A set of data that describes and gives information about an asset. Metadata may include, but is not limited to geolocation, operating system, open ports, service banners, and TLS certificate details.

Microsegmentation

A process that enables InfoSec professionals to create security segments within a data center, all the way down to an individual workload level, and then develop specific security controls and services for each of those different segments.

Microsoft Azure

Microsoft's public cloud computing platform. Azure offers a range of services such as PaaS, IaaS, and managed database services.

Misconfiguration

Refers to when software, a device, or a system is configured improperly, which could facilitate unauthorized access or other security issues.

MITRE ATT&CK®

A globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The MITRE ATT&CK® knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Multi-Cloud

A cloud computing model that uses a combination of cloud-based services, for example, a public and private cloud or other combinations of public, private, and edge cloud services.

Multi-Tenant

A type of software architecture where one instance of the software and its supporting services serve multiple clients, which are called tenants.

My Term

My definition

National Cybersecurity Federally Funded Research and Development Center (FFRDC)

A federally funded research and development center that supports NIST's National Cybersecurity Center of Excellence and is designed to help organizations meet pressing cybersecurity needs.

National Institute of Standards and Technology (NIST)

Founded in 1901, the National Institute of Standards and Technology (NIST) is a part of the U.S. Department of Commerce. It manages a range of security standards, for example, the NIST Cybersecurity Framework. While NIST compliance is mandatory for federal agencies, its guidelines are considered best practices across industries.

Network Monitor

A tool that continuously monitors an environment to discover assets and related vulnerabilities and security issues. Network monitors enable non-intrusive continuous visibility into a network for all assets such as traditional IT, mobile devices, cloud-hosted applications and assets, operational technologies, operating systems, databases, endpoints, web apps, virtual machines, network devices, hypervisors, and more. Network monitors analyze network traffic at a packet level to uncover vulnerabilities, both server and client-side, and monitor network usage. A network monitor can also discover PII and sensitive data in transit, as well as identify port scans and other port-related activities. A network monitor can detect suspicious activities and enable teams to prevent attackers from compromising a network, data, and systems.

Network Monitoring System

Hardware and software that monitor network traffic. Continuous network monitoring, for example with Nessus Network Monitor, enables non-intrusive insight into assets throughout all environments to discover vulnerabilities, traffic and bandwidth issues, misconfigurations, and other security issues.

Network Monitoring Tools

Tools that continuously monitor a network and assets for security and other issues. They enable non-intrusive and continuous visibility into networks with visibility into network traffic at the packet level to seek out server and client-side vulnerabilities, including new and transient assets.

Network Security

Programs, policies, processes, tools, and resources used to protect networks from potential cyber breaches and other security issues, for example, unauthorized access.

Network Segmentation

A method that divides a network into smaller segments so InfoSec teams can manage them individually and apply different controls and other policies to each segment.

Next Generation Firewall (NGFW)

A type of firewall organizations can use to uncover and stop potential attacks by enforcing policies at different levels, for example at the application, port, or protocol level.

NIS Directive

A set of cybersecurity regulations that apply to the European Union (EU), specifically operators of essential services (OES) and relevant digital service providers (RDSPs). It creates a uniform set of standards to improve security for networks and information systems to help prevent cyberattacks and exploitation of other security issues.

Non-Credentialed Scan

Enables insight into how a threat actor might exploit a network through exposures without using credentials.

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)

A set of standards to help ensure security and operational resilience for North America's Bulk Electronic System (BES).

On-Premises

A computing environment that is set up within an organization's facility. On-prem infrastructure keeps all data and core services within a private network, which can only be accessed by authorized users.

Online Vulnerability Scanner

A type of external scanner that seeks out vulnerabilities within your website or network.

Open / Listening Service

A service on the server that responds to network requests.

Open Source

Open source software is a type of code that can be publicly distributed, changed, or used by anyone.

Open Web Application Security Project (OWASP)

A nonprofit organization focused on improving software security.

OpenShift

A Kubernetes management platform.

Operational Technology (OT)

Technology that organizations use to keep critical infrastructure and industrial environments functioning. OT includes software and hardware to manage, secure, and control industrial control systems (ICS) systems, devices, and processes in an OT environment. OT devices are commonly found in manufacturing, transportation, oil and gas, electricity and utilities, and other similar industries.

Organization Admin

An organization administrator, or organization admin, is a person within the InfoSec team responsible for identity and access management (IAM) for your organization. This includes related policy and user access role management.

Orphaned Hostname

A hostname that no longer resolves to an IP address.

OT Security

Processes that protect all hardware, software, and devices within OT infrastructure, including steps to manage and monitor OT devices from internal and external attacks and other cyber risks.

OWASP Top 10

According to the OWASP foundation, the OWASP Top 10 is " a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."

Passive Scanning

Enables organizations to configure an automated system to continuously monitor a network, instantly identifying new assets, rogue assets, or transient assets, and activating alerts whenever issues arise outside of preset baselines.

Patch

A software update that fixes a discovered security weakness or other issues within deployed software or services. Patches are often required because the issues were not undetected during the development and testing phases and need to be corrected in deployed environments.

Path Priority Rating

A prioritization metric for attack paths based on the exposure of the source, criticality of the target, and the number of steps of the attack path.

Payment Card Industry Data Security Standard (PCI DSS)

Standards that outline how organizations that handle credit card data should protect the confidentiality, integrity, and availability of that sensitive and protected data.

Penetration Testing (Pen Testing)

Testing that detects weaknesses in an attack surface. Vulnerability assessment programs find these weaknesses so teams can fix them before attackers exploit the weaknesses. Pen testing is a stand-alone activity. A third party often conducts pen tests. Penetration testing gives insight into how effective vulnerability assessment and vulnerability management programs are.

Persistent Threat

A cyberattack where, once inside a network, an attacker remains undetected for an extended time.

Phishing

A social engineering attack method where an attacker sends a malicious email with the intent of tricking a user into revealing sensitive information, for example, usernames and passwords or financial information. These emails often look like they come from a legitimate source, but are not.

Platform as a Service (PaaS)

A cloud-based model that provides hardware and software to support a full development environment that enables organizations to build and deploy applications.

Plugin

Software elements that add new features without having to modify the original software. Also referred to as extensions or add-ons.

Population Benchmark

A benchmark based on members of the entire population to which you can compare your scores and assess your performance.

Port Scan

A scan that analyzes a server to determine which ports are open.

Predictive Prioritization

A vulnerability metric that combines Tenable-collected vulnerability data with third-party vulnerability and threat data to analyze them with an advanced data science algorithm Tenable developed. With Predictive Prioritization, each vulnerability gets a Vulnerability Priority Rating (VPR, which incorporates the result of this analysis and is updated daily including vulnerabilities yet to be published in the National Vulnerability Database (NVD).

Proxy Server

A middle point between a user and an endpoint, for example, the web. It is used to send information between a user and web-based services.

Ransomware

A type of malicious software attackers use to take control of a device, such as a server or other computer, with the intent of encrypting data and preventing access until a user pays a ransom.

Reconnaissance (Recon)

The act of finding assets.

Registry

A storage location for container images. The registry enables developers and continuous integration (CI) systems to store pushed containers.

Remote Access

Digital access that is facilitated by hardware or software and enables a user to access network resources from outside of the network environment.

Repository

A storage location or namespace, within a registry, for an image.

Resources

The components used within an enterprise to store or transmit data. This includes hardware, services, applications, software, and other infrastructure components.

Risk

Any potential threat to an organization's systems, services, or data. Risk examples include vulnerabilities, misconfigurations, malware, and more.

Risk-Based Vulnerability Management (RBVM)

A subset of Cyber Exposure that helps organizations identify and manage cyber risks. RBVM uses machine-learning analytics to associate vulnerability severity and threat actor activity with asset criticality to enable organizations to prioritize and remediate the ones that cause the greatest risk and then prioritize those that create lesser risk.

Risk Analysis

A methodology that identifies and analyzes an internal and external risk to determine how it may negatively impact an organization's ability to deliver products, goods, and critical services. While the terms risk analysis and risk assessment are often used interchangeably, they are not the same. A risk analysis generally is a component of a large-scale risk assessment.

Risk Assessment

A methodology that discovers and analyzes any potential internal and external threats that may impact an organization. While the terms risk assessment and risk analysis are often used interchangeably, they are not the same. A risk assessment is generally a higher-level look at an organization's overall risk.

Risk Management

The processes an organization uses to discover, assess, prioritize, mitigate, and remediate security threats—or security risks—within a technology environment.

Risk Prioritization

A vulnerability metric takes an in-depth look at an organization's risks and then, with risk intelligence, enables the organization to determine which threats pose the greatest actual risk so teams can make plans to remediate those that pose the most risk to critical services, data, and operations.

Risk Threshold

Quantifies the greatest amount of cyber risk an organization is willing to accept. It is often used to help teams determine whether they will mitigate, remediate, accept, or reject potential risks to an organization.

Risk Tolerance

Sets a baseline for the amount of risk an organization will accept based on specific strategies or goals.

Routable / Non-Routable

A type of IP address where network traffic can be routed over the internet. As defined by RFC-1918, there are certain IP address ranges where network traffic cannot be routed over the Internet, which are referred to as ‘non-routable’ IP addresses or ‘private’ IP space.

Run-time

Enables the execution of a program or application.

Run-time Analysis

A methodology that seeks out any malicious or suspicious activities that may happen when a program or application executes.

Sandboxing

A process developers use to isolate and test a program, system, or application without harming the environment in which it typically runs.

Security Assessment

A process an organization can use to evaluate its security practices to determine if controls are functioning as expected. These assessments create an opportunity for organizations to close security gaps before a breach or other incident occurs.

Security Audit

A type of assessment that evaluates an organization's security records, activities, document repository, and artifacts to determine how well it meets specific standards or requirements for data security.

Security Compliance

Guidelines to ensure that an organization has all of the processes, policies, documentation, and controls in place to meet a certain set of security regulations or standards.

Security Framework

Standards an organization can use to discover, assess, and mitigate or remediate security risks across an enterprise.

Security Gap

Identifies security weaknesses within an enterprise or directly related to standards or regulations that an organization should mitigate to reduce risk.

Security Information and Event Management (SIEM)

A combination of technologies an organization can use for threat detection and incident management. Most SIEMs will analyze events in real-time and in the past to give an organization a full view of what's happening with its information security systems.

Security Maturity

Represents where an organization is in terms of meeting its security program goals and objectives. Many organizations will conduct a security assessment to determine a current security profile so they can establish a target profile to mature those practices.

Security Operations Center (SOC)

A centralized hub that unites technologies, processes, people, and other resources to continuously monitor and address security issues for an organization.

Security Orchestration and Automation (SOAR)

A combination of technologies and other resources that enables an organization to efficiently and effectively focus on risk identification and management, incident response, and other security processes. SOARs automate and streamline security processes between multiple sources and individuals.

Security Posture

Represents an organization's current information security status. It generally represents the visibility an organization has into its risks and what it is doing to mitigate and remediate those risks.

Security Threat

Represents any risk, for example, an external attack or vulnerability, that puts an organization's systems, network, or data at risk of being stolen, modified, or otherwise disrupted in an unauthorized capacity.

Security Vulnerability

A weakness, bug, or programming mistake in hardware or software attackers can exploit to compromise a network for unauthorized access to your data and systems.

Security Weakness

A flaw, misconfiguration, or other security issue an attacker may use to attempt an exploit.

Segmentation

A process used to divide a network into different components. With network segmentation, for example, each segment can be designed as a small network on its own.

Serverless Computing

A type of cloud computing in which a cloud services provider (CSP) offers on-demand resource allocation for its clients. Some organizations choose serverless computing as a cost-saving model for cloud services.

Service Level Agreement (SLA)

An agreement between a service provider, for example, a cloud-hosting service, and a client. It is often used to determine the scope of a relationship or product offerings and includes information such as availability, service level, and other relevant metrics.

Service Mesh

A specific layer of infrastructure an organization can use for communications between services or microservices.

Shared Responsibility Model

A model that defines which processes in cloud security fall to the cloud services provider and which fall to the user.

Shift Left

Describes a shift in the way DevOps teams approach testing, quality, and other evaluations of software development to an earlier stage in the process. It refers to moving those steps earlier in the software development life cycle.

Social Engineering

A practice attackers use to try to deceive a user into giving out sensitive or personal information, for example, credentials, to use in a cyber attack. Phishing emails are an example of social engineering. These emails appear to be from a legitimate source and are designed to manipulate a user into releasing information they otherwise would not.

Software-Defined Wide Area Network (SD-WAN)

A software-defined wide area network, which is often used as a virtual service to connect users to applications across a wide-area network (WAN) via a virtual private LAN service (VPLS) and multiprotocol label switching (MPLS).

Software as a Service (SaaS)

A service that enables users to access cloud-based applications via the web without having to install the application on a device like traditional software. Instead, the application is available through the internet.

Software Development Life Cycle (SDLC)

A process developers use to design, create, test, implement and maintain software while meeting certain customer and business-focused goals and objectives.

SolarWinds

A network monitoring tool that attackers used in 2020 to exploit users' systems. Attackers hacked the platform code, which was included in an update sent out to customers, as a backdoor into systems where they then installed additional malware to spy on those customers. According to a SolarWinds report to the SEC about 18,000 customers were affected by the breach.

Spear Phishing

A type of phishing attack that targets specific users or organizations to steal sensitive information with malicious intent.

SQL Structured Query Language (SQL) Injection

An attack in which attackers insert malicious code on a server and then use SQL to access sensitive information that otherwise would be inaccessible.

Subdomain

A domain name with a hostname appended, which is sometimes more accurately described as a fully qualified domain name (FQDN).

Supervisory Control and Data Acquisition (SCADA) Security

Effective SCADA security employs both smart scanning and passive network monitoring to protect SCADA systems.

Supervisory Control and Data Acquisition (SCADA) System

A control system that communicates with and collects data from industrial machines, sensors, and end devices, often at distributed sites. SCADA transmits data to computers for processing and makes it available to operators and other employees.

Supply Chain Attack

An attack that occurs when a threat actor takes advantage of a security weakness within a third-party environment. Often, these types of breaches enable attackers to move laterally through connected networks, often undetected.

System and Organization Controls for Service Organization Control 2 (SOC2)

Voluntary controls that help organizations protect the security, availability, integrity, and confidentiality of customer data.