Glossary

The following glossary describes terms and concepts that you may encounter in Tenable documentation and products. To view industry standard cybersecurity terms and concepts, Tenable recommends using the National Institute of Standards and Technology (NIST) glossary.

    A
  • A Microsoft Windows directory service. IT administrators use Active Directory to manage functions such as applications, users, and other network components. It's a key solution for identity and access management (IAM).
  • People, tools, and technology used to identify vulnerabilities, misconfigurations, and other security issues within Active Directory.
  • Secure groupings of Active Directory data used by IT administrators to manage and grant access to Microsoft resources. Security groups may contain computer accounts, user accounts, or other groupings for IT management.
  • A methodology that security professionals use to actively scan a network to discover assets and security issues. Active scans send transmissions across a network to assets to see if they respond, how long the response takes, and if there are issues with data loss.
  • Individuals responsible for maintaining an organization's information security infrastructure (for example, networks, systems, and servers).
  • A targeted cyberattack where, once inside a network, the attacker generally remains undetected for an extended time. APTs are generally planned and sophisticated attacks and can be carried out by threat actors such as nation-states that have lots of resources and experience.
  • Cybersecurity solutions and security best practices that help organizations defend against malware and hackers.
  • Lightweight programs used to automate actions (for example, archiving computer files). Agents often run in the background on a preset schedule.
  • A cloud platform encompassing platform as a service (PaaS), software as a service (SaaS), and infrastructure as a service (IaaS). There are more than 100 services within AWS, including computing, storage, data management, networking, and more.
  • An unexplained output that differs from the norm or what is intended.
  • A cybersecurity attack that occurs when an attacker attempts unauthorized use of an API service. For example, in an API injection attack, an attacker may inject malicious code after exploiting a coding or misconfiguration issue to get software access. There are other times of API attacks such as Distributed Denial of Service (DDoS), Man in the Middle (MITM), SQL injection, broken user authentication, and others.
  • A technology that enables two applications to communicate with one another. An API requests information or services from one system to another.
  • The processes an organization uses to develop, update, and test application components to remove security vulnerabilities an attacker may be able to exploit.
  • Any data, device, or environmental component that supports information-related activities and needs to be protected from threats. Assets can be desktop computers, web servers, cloud resources, name servers, IoT devices, network printers, enabled users, or other items—and have elements such as hostnames, web application names, IP addresses, or DNS records. Assets are defined differently in each Tenable product.
  • A visualization of an attack path from multiple assets down to one asset.
  • A security exposure metric that Tenable calculates for each asset on your network to represent the asset's relative exposure as an integer between 0 and 1000. A higher AES indicates higher exposure.
  • A digital inventory that allows an organization to track and document details of all of its assets. This inventory isn't just for devices and hardware. It can also include intangible assets, for example, data or intellectual property.
  • Refers to the monitoring, configuring, and maintenance of assets.
  • A path an attacker can take to exploit security weaknesses and gain access to assets within your network. The attack path enables the attacker to move between assets.
  • Describes all of the possible points within an enterprise an attacker could potentially gain unauthorized access and exploit security weaknesses to access systems, networks, and data.
  • A singular method an attacker can use to gain unauthorized access to an asset and then exploit vulnerabilities and other security weaknesses.
  • A method to verify that an asset, process, or user can access certain system resources. It's a way to validate the identity that the asset, user, or process is who it claims it is.
  • A unique number that's available globally to identify an autonomous system and which enables that system to exchange exterior routing information with other neighboring autonomous systems.
  • B
  • The maximum volume of data a system can transmit from one point to another, across a network, during a certain amount of time. Bandwidth is typically measured in megabits per second (Mbps).
  • A method to evaluate how users and other assets, for example, servers and networks, behave in your environment. Today, many behavior analyses are conducted through analytics tools such as machine learning and artificial intelligence (AI). By analyzing and understanding normal behavior patterns, teams can better identify when there are changes that could indicate a potential security threat or incident.
  • A group of scores to which you can compare your scores and assess your performance.
  • A visualization of one or more attack paths from one asset to multiple other assets.
  • Represents a computer network that may be infected with malware and is often controlled by an attacker group with unauthorized access. The goal is to conduct activities the network owner is unaware of, for example, to spam other computers or conduct DDoS attacks.
  • A security incident that results in the exposure of confidential data or protected information.
  • Represents the actions an organization may take to respond to and recover from a security breach. The goal is to mitigate damage and resume business as usual as quickly as possible with minimal impact on operations.
  • Controls that allow attackers to access data and files. With broken access controls, attackers can change data, amend access rights, and get access to other unauthorized functionalities within a system.
  • C
  • A nonprofit organization responsible for CIS Controls and CIS Benchmarks. The organization is known around the world for the leading role it plays in establishing best practices to help organizations secure data and IT systems.
  • The head of cybersecurity for a company. A CISO can use the Exposure View to quickly quantify the overall enterprise risk exposure, measure its progress or regression over time, and easily communicate impact and ROI to key stakeholders.
  • A place where multiple potential attack paths merge before reaching a critical asset.
  • Best practices that help organizations secure a target system. There are 100 CIS Benchmarks that span more than 25 vent families. According to the Center for Internet Security, these benchmarks "are the only consensus-based, best-practice security configuration guides both developed and accepted by the government, business, industry, and academia."
  • Best practice actions organizations can take for cyber defense and to prevent cyber attacks. The controls are considered high-priority and effective. Organizations looking to implement or mature cyber hygiene practices can use CIS Security Controls as a starting point for a cybersecurity program.
  • Refers to services and software offered through the web rather than operating on-premises like traditional IT. This is generally through a network of servers, many operating simultaneously around the world.
  • Represents the way cloud computing services are delivered. Determining which model is best for an organization depends on a range of unique factors. There are three common cloud-based delivery models: IaaS, PaaS, and SaaS.
  • A type of cloud security architecture that helps protect cloud applications from development through production. There are several benefits of adopting a CNAAP; for example, more visibility into cloud-based environments and earlier detection of cloud-based risks.
  • Hardware or software that serves as a link between the cloud services provider and its users. A CASB can either be cloud-hosted or on-premises and generally serves as a security policy enforcement point.
  • Software that users can access in the cloud via the internet. Unlike a traditional application that might be installed directly on a computer from a disc or other hardware, a cloud application is managed by a server and not a user's computer.
  • A feature that enables users to access a cloud application on computers other than the one an application is installed on. Generally, these applications are set up on servers and a user can access it through a remote connection.
  • A vulnerability within a cloud environment in which an attacker may be able to exploit a misconfiguration or other security issue to gain unauthorized access to an asset.
  • Represents all of the elements that make up your cloud computing environment. Cloud architecture may look different from one organization to the next. It generally consists of a front-end component, for example, the device to access the cloud; a back-end element, for example, storage and servers; a cloud-based delivery model, for example, infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS); and a network.
  • Represents all of the components within and connected to a cloud environment in which an attacker could discover a security weakness and exploit it to gain unauthorized access to the environment.
  • Describes all of the components required to deliver cloud-based services through the web. This could include software and networks, but also hardware, storage, and more. Many organizations are moving from on-premises technologies because of the cost savings, flexibility, and scalability cloud computing offers.
  • Facilitates orchestration and management activities across a cloud computing environment, for example, items such as user and role creation, configuration guidelines, and access management.
  • A process to efficiently manage and optimize cloud computing-related expenses.
  • A process that examines an organization's existing IT infrastructure (for example, hardware, software, and other assets) and develops a plan to create, deploy, and manage either a cloud infrastructure, which could be a public, private, or hybrid environment.
  • A service that operates within a cloud environment to create a barrier between your cloud resources and malicious activities.
  • Represents all of the components needed to operate a cloud computing environment, for example, hardware, storage, and other resources.
  • Solutions that help organizations manage access privileges for cloud environments. Also known as Cloud Permissions Management (CPM), these solutions embrace a least-privilege access approach to manage permissions related to cloud resource access.
  • Represents the planning, development, and implementation of moving an organization's resources from a traditional IT environment (for example, hosted by on-site servers into a cloud-computing environment). Cloud migration generally involves the movement of all or some of an organization's data, as well as other applications or services, to a cloud environment (for example, Microsoft Azure, Google Cloud Services, or Amazon Web Services).
  • Defines applications built and run within the cloud. These applications are generally lightweight containers and enable efficient deployments, as well as flexibility and scalability, across a range of environments.
  • Processes, tools, resources, and policies that protect your data and resources stored off-premises and in the cloud. It continually assesses all of the assets within your cloud environments so you can discover and remediate vulnerabilities, misconfigurations, and other security issues to keep your organization safe.
  • Represents the enforcement points an organization places between a cloud services environment and its consumers to enforce security policy at various points. These gateways can be either cloud-hosted or on-premises.
  • Represents the tools and resources an organization may use to seek out cloud-based issues such as misconfigurations or other compliance or security risks. CSPMs generally alert security teams when they identify security or compliance issues within a cloud environment.
  • Policies, processes, procedures, technologies, and other resources an organization uses to reduce cloud security risks and identify security weaknesses.
  • A provider of cloud-based services (for example, cloud-computing infrastructure, applications, storage, and other services). Some well-known CSPs include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
  • A security weakness, for example, a misconfiguration or other security issue, that an attacker may be able to exploit to gain access to your cloud-based environment.
  • A program that helps secure and manage workloads within and across cloud environments. CWPP approaches cloud security from a workload level, not from a typical endpoint perspective.
  • A process that creates rules to govern and manage access and services between different cloud workloads.
  • A database of common, publicly disclosed computer flaws and security issues that is managed by the MITRE organization.
  • Enables organizations to evaluate security vulnerabilities and numerically score them to determine which may pose the greatest risk for an organization and ultimately drive prioritization and remediation processes.
  • A unified language used to address software vulnerabilities that might exist in development, code, design, or within architecture. The MITRE Corporation manages the CWE database and each CWE reflects a security weakness type. It's different from a CVE, which is a known instance of a specific vulnerability.
  • Refers to an organization's ability to demonstrate it meets a set of specific requirements or standards that are managed or overseen by a third party. For example, healthcare organizations must demonstrate data security and privacy requirements through HIPAA audits.
  • Compliance as a Service (CaaS) is often overseen by a managed service provider (MSP), which supports organizations by ensuring they're meeting requirements for specific compliance mandates.
  • Outlines specific requirements or guidelines an organization must meet to demonstrate it complies with a specific set of mandates or other requirements. There is a range of compliance frameworks available today that cover a range of industry, state, federal, and other requirements (for example, privacy frameworks, security frameworks, risk management frameworks, and others).
  • Encompasses all of the processes, tools, and resources used to protect computer systems, for example, your network or other environments, from potential breaches or other security issues. Also referred to as information security or cybersecurity.
  • Refers to how systems (for example, hardware, software, or applications) are set up and managed.
  • Refers to the processes used to manage any changes made to hardware or software within a computing environment.
  • Processes that ensure approved, consistent approaches are used when changes are made to a computing environment's functionality and performance.
  • A type of virtualized operating system. It packages an application and all of its needed components, for example, its libraries, as a run-time environment.
  • Ensures containers have access to important resources, for example, information about the container and other objects, as well as the filesystem that includes the container image and its related volumes.
  • A file of executable code that enables an application to run. It cannot be changed and helps ensure consistent deployment across any environment type.
  • A specific release or version of an application hosted inside of a container (for example, 14.04).
  • A storage location for container images. Container registries enable developers and continuous integration (CI) systems to store pushed containers.
  • Encompasses all the people, tools, and resources an organization uses to secure containers to ensure applications perform as intended.
  • A group of servers, which are generally in different geographical locations, that work together to deliver web content. It helps make content delivery faster by storing the content in areas closer to users.
  • A development practice where operations (or DevOps) automatically push successfully tested builds to production environments. Continuous deployment makes these test builds immediately available.
  • Enables monitoring for successful builds that have passed tests, which can then move into production environments. Essentially, a CD system automates successful build deployment.
  • A process that enables developers to integrate code into a shared source control repository, routinely, as authorized changes occur.
  • Monitors source control commits, such as merged pull requests in GitHub, to automatically trigger a build (to test) when there is a change in source control.
  • Monitors source control commits, such as merged pull requests in GitHub, to automatically trigger a build (to test) when there is a change in source control. When the build and test phase is completed, the successful builds are pushed to production environments. This automates the deployment of a successful build.
  • Enables non-intrusive insight into assets throughout all environments to discover vulnerabilities, traffic and bandwidth issues, misconfigurations, and other security issues. Nessus Network Monitor (NNM) is an example of a continuous network monitor.
  • A type of cyberattack where a threat actor obtains a user's identity, for example, username and password, to attempt unauthorized access into a system or network.
  • A type of cyberattack where an attacker uses automated tools to inject lists of stolen credentials, for example, username and password, to attempt unauthorized access into a system or network.
  • A scan that uses system privileges to conduct a deep evaluation of an asset. It's different from a non-credentialed scan, which provides a higher-level look at vulnerabilities and other issues through exposed ports, protocols, and other services. Credentialed scans are sometimes referred to as authenticated scans.
  • An attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.
  • The act of inserting malicious code on websites to target visitors.
  • Happens when an unauthorized user, often referred to as a hacker, attempts to gain unauthorized access to an asset, system, or network. While motivations vary from attack to attack, often common goals include disabling access, damaging, exfiltrating, encrypting data, or facilitating other attacks.
  • A strategy organizations use to prevent cyber attacks.
  • A discipline that helps organizations see, predict, and act on cyber risks across the entire attack surface. Built on principles of risk-based vulnerability management, Cyber Exposure management best practices introduce a common risk-focused and metric-based language that everyone understands—from security and IT Ops to executive leadership and key stakeholders. The term "cyber exposure" was pioneered by Tenable.
  • Represents the vulnerabilities, misconfigurations, and other security issues an organization should find, prioritize, and mitigate or remediate to mature its cybersecurity posture.
  • A framework organizations can use to continuously assess the health and security of their cybersecurity program. Organizations that apply the Cyber Exposure lifecycle to their cybersecurity program should be better enabled to answer questions such as: where is the organization exposed? Where should the organization prioritize based on risk? Is the organization reducing exposure over time? How does the organization compare to its peers?
  • A term used to define all of the processes and practices an organization takes to establish, manage, improve, and maintain security standards to protect assets, users, and data.
  • A term used for any potential damages an organization may face should it be compromised by a cyber attack.
  • Encompasses all of the practices an organization uses to discover, analyze, protect, respond to, and recover from any potential cybersecurity vulnerabilities or threats.
  • Weaknesses an organization may have that an attacker could potentially exploit to gain unauthorized access to systems or data. As enterprises evolve, so does the cyber threat landscape, which can include vulnerabilities, misconfigurations, or other security issues created by assets, users, or other network and system components.
  • A platform an organization can use to manage reporting related to the Federal Information Security Management Act (FISMA). The United States Depart of Homeland Security (DHS) mandates CyberScope for this reporting.
  • Represents all of the practices and processes an organization uses to secure all of its assets and data from a potential cyber attack.
  • There are five stages of a cybersecurity lifecycle based on NIST's Cybersecurity Framework: Identify, Protect, Detect, Respond, and Recover. An organization can use the voluntary framework as a guideline to establish cybersecurity best practices.
  • Represents vulnerabilities and other security issues an organization may have that could potentially result in unauthorized access to any of its systems, networks, or data.
  • D
  • Represents how an organization organizes all of its assets, including value assignments, to help guide decisions on which assets are critical, should be protected, and how.
  • Represents all of the components an organization uses to discover and protect its data against any weaknesses that might lead to unauthorized access.
  • How an organization protects its data to prevent unauthorized access or compromise.
  • A type of cyber attack that can prevent authorized users from accessing a network or device.
  • A process that takes data in one format and rebuilds it into an object, for example, serializing data with JSON.
  • A business partnership that integrates the two disciplines to improve the speed, accuracy, and security of software or an application during the software development lifecycle.
  • The act of identifying assets.
  • An attack where an attacker floods a server (or multiple servers simultaneously) to stop authorized users from being able to access certain services or sites.
  • A containerization platform developers use to put their applications into containers so all of the components needed to run the application will function in any environment.
  • Individuals that are responsible for managing a domain's access privileges.
  • A label that identifies a network domain. Domain names are used to identify Internet resources, such as computers, networks, and services, with an easy-to-remember text label that is easier to memorize than the numerical addresses used in internet protocols. For example, foo.tld is the domain name of URL http://www.foo.tld/index.html.
  • A type of ransomware attack where, in addition to successfully infiltrating an organization to encrypt data, an attacker also exfiltrates some or all of the data in an attempt to collect even more ransom.
  • A process the U.S. Defense Intelligence Agency (DIA) created to assess the capabilities and intentions of adversaries as related to each Joint Strategic Capabilities Plan.
  • E
  • Used in Active Directory to grant a user access to an Active Directory object, for example, a file or a folder a user or user group may access.
  • A process used to change data into a type of code that's designed to prevent unintended users from gaining access to that data or information.
  • An individual that has access to an organization's assets to perform job requirements.
  • A device on a network, for example, a computer, smartphone, or laptop.
  • Represents the processes an organization uses to protect all of its endpoints, such as computers, laptops, smartphones, tablets, and other devices that may be susceptible to a cyber attack.
  • All the resources an organization uses to protect all of its assets from cyber breaches. It's commonly used on devices such as computers, tablets, laptops, and smartphones.
  • All of the information and communications systems an organization may use to support its business functions.
  • All of the processes an organization uses to protect its data and assets, including identifying and remediating vulnerabilities, misconfigurations, and other security issues that may put it at risk of a cyberattack.
  • Data structures that determine user access.
  • All of the infrastructure, hardware, software, and other resources an organization uses for daily business operations.
  • A cybersecurity testing method whereby a hacker is authorized to attempt to get access to a network, data, or other asset.
  • The empirical data from different data sources that confirms the feasibility of a step as part of an attack path.
  • A type of tool an attacker uses to take advantage of a vulnerability or security weakness within an information system.
  • The accessibility of an asset that can be connected to from across the internet.
  • A type of vulnerability assessment that analyzes an organization's external-facing assets to identify if there are any potential security weaknesses an attacker may be able to exploit.
  • F
  • A set of standards for federal information cybersecurity practices.
  • A device an organization uses to monitor and filter data that flows into and out of its network through a set of preset security policies.
  • G
  • A node within a network between two different networks or applications. It usually is between two networks or applications that have different transmission protocols.
  • A set of privacy and security regulations established within the European Union (EU). It is considered one of the toughest such policies in the world and applies to organizations, even those located outside the EU, if they collect data from EU residents.
  • A tool developers use to create, deploy, and scale a range of services, for example, websites and applications, within a cloud infrastructure Google offers.
  • The people, processes, and policies that guide privacy, security, compliance, and other critical business areas to ensure consistent practices across an organization.
  • H
  • An abbreviation used for the Health Insurance Portability and Accountability Act of 1996, which created national standards in the U.S. to protect and secure the confidentiality, availability, and integrity of personal health information (PHI).
  • A device connected to a network that communicates with other hosts on the network.
  • A unique name given to any device that is connected to a specific computer network, typically appended to a domain name, and resolves to an IP address using the Domain Name System (DNS). For example, ‘bar’ is the hostname of bar.foo.tld.
  • I
  • A process IT teams use to ensure the right people have the right access to information and resources needed to do their jobs and prevent unauthorized users from accessing data, systems, or assets.
  • Enables organizations to control user authentication, for example, user identities and access, to ensure authorized and secure access into systems and networks. Identity Security a component of IAM.
  • An application hosted inside of a container image file (for example, ubuntu:14.04).
  • A process that helps uncover vulnerabilities or other security issues within a container.
  • A specific release or version of an application hosted inside of a container (for example, 14.04).
  • The plans, processes, and policies an organization uses to manage actions when faced with a disruptive incident, for example, a cyber breach.
  • A component of a programmable logic control (PLC) within an ICS network. There are two protocol types: the control plane protocol for managing engineering functions such as programming, configuration, and updates for firmware; and the data plane protocol for managing physical parameters of ongoing processes such as process parameters like set points and tags. If a cyber attack disrupts or affects a control plane, it can cause a myriad of problems, including the failure of critical services, such as power, or the development of defective products.
  • The main component of operational technology. An ICS includes different types of devices, controls, systems, and networks that manage industrial processes.
  • The processes, hardware, and software used to secure an ICS. ICS security solutions include detailed visibility, asset inventory, passive and active threat detection, risk-based vulnerability management, and configuration control. Maintaining ICS security is essential to decrease risks from internal and external threats and to keep most industrial operations up and running.
  • The use of IoT devices within industrial environments. IIoT devices help provide telemetry data and leverage the cloud rather than require manual intervention, thereby increasing efficiencies and reducing the chance of errors.
  • Processes that ensure industrial control systems (ICS) are safe and secure. Security management practices include visibility, security, and control elements. Protecting industrial plants involves significantly minimizing potential risks and achieving affordable and minimally disruptive security for all assets, including industrial automation networks. Organizations should design and manage security so it does not conflict with other important requirements such as performance output, uptime, and workforce-friendliness.
  • Refers to the Fourth Industrial Revolution and represents the digitization and increasing automation in industrial settings today.
  • A benchmark based on members of your Tenable-assigned industry which you can compare your scores and assess your performance.
  • Manages user access to certain sensitive data or systems to ensure unauthorized users don't have access. IRM is a component of digital rights management (DRM).
  • All the resources an organization uses to manage and mitigate information security risks. Refers to how organizations prevent unauthorized access to data, networks, and other assets.
  • The processes related to information networks within an organization that ensure all hardware, software, data, and other components function and remain secure to ensure operational resilience.
  • All the facilities, hardware, software, and other supporting services necessary to enable IT business services, including on-prem and cloud-based technologies.
  • A cloud-based service where organizations can access virtualized resources via the internet such as operating systems, networks, servers, storage, and other cloud foundation needs.
  • Enables organizations to automate security and operations in virtualized and cloud infrastructure in terms of source code so that infrastructure can be provisioned in a data center.
  • A security risk when an insider, for example, an employee, vendor, supplier, contractor, or others, (either on purpose or not) harms an organization's assets, data, systems, network, intellectual property, and other components.
  • A data pipeline that connects data and assets across an enterprise.
  • The accessibility of an asset that cannot be connected to from across the Internet, and generally resides on an internal network.
  • A vulnerability assessment tool that organizations can use to conduct a full authorized scan of an environment to discover vulnerabilities and other security issues such as misconfigurations. The process discovers known and unknown security issues within an enterprise and to see if security controls function as intended.
  • Refers to an asset that can be connected to over the Internet.
  • Interconnected devices that collect and send data to other devices over a network and generally happen without human interaction.
  • Processes used to secure internet resources such as websites, networks, browsers, and other online behaviors.
  • The processes, hardware, resources, and tools used to manage and keep IoT devices safe.
  • A set of security standards the International Organization for Standardization (ISO) manages for information security management systems (ISMS). According to the ISO, these standards "[enable] organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties."
  • The processes, hardware, resources, and tools used to manage and keep your information security infrastructure safe from security weaknesses and potential breaches.
  • An environment in which IT and OT devices connect or interact with one another. This can happen intentionally, for example, when an OT device connects to an outside network, or accidentally, for example, when someone connects a laptop (that has been connected to an outside network) to an OT device for updates.
  • The people, tools, and resources an organization needs to secure both its IT environment and OT environment, particularly in places where IT/OT converge.
  • K
  • An open-source orchestration platform organizations use to automate key processes in cloud-native application development. Designed originally by Google, the Cloud Native Computing Foundation now manages it. Kubernetes can help organizations manage and scale containers in cloud environments.
  • A cybersecurity tool that helps organizations discover and remediate security issues within Kubernetes, a resource many organizations use to manage their container environments.
  • L
  • The way attackers move through an environment. Once an attack compromises an asset or endpoint, the attacker can then move deeper into a network, often undetected.
  • Sometimes referred to as the principle of least privilege (POLP). With least access privilege, a user has a minimal level of access rights, generally, the lowest level needed for a specific role or task.
  • CVE-2021-44228, also known as Log4Shell, is a critical flaw in the Apache Log4j software. Log4j is a widely used Java logging library included in Apache Logging Services used to log messages from an application or service, often for debugging purposes. An attacker can exploit Log4Shell by sending a specially crafted request to a server running a vulnerable version of Log4j. If the server uses Log4j to log requests, the exploit will then request a malicious payload from an attacker-controlled server through the Java Naming and Directory Interface (JNDI) over a variety of services, such as Lightweight Directory Access Protocol (LDAP).
  • M
  • A computing method that uses data and other information to continuously improve task performance.
  • Software that is developed with a specific malicious intent, for example, to disrupt an asset or network, to gain unauthorized access into systems, or to steal, modify, delete, or encrypt data or other assets.
  • Devices used by organizations to scan assets or networks for malicious software or code, for example, a virus on a computer.
  • A cyberattack that compromises users through insecure networks such as public WiFi.
  • An entity that is responsible for managing a client's security devices, processes, and systems. For example, an MSSP may manage VPNs, and firewalls, or offer vulnerability scanning and other cybersecurity-related services.
  • An entity that is responsible for services such as providing infrastructure, security, applications, support, administration, and other services for its clients. This may be accomplished through an MSPs own data center or the MSP may work directly with a third-party services provider. Many MSPs offer continuous monitoring services.
  • A set of data that describes and gives information about an asset. Metadata may include, but is not limited to geolocation, operating system, open ports, service banners, and TLS certificate details.
  • A process that enables InfoSec professionals to create security segments within a data center, all the way down to an individual workload level, and then develop specific security controls and services for each of those different segments.
  • Microsoft's public cloud computing platform. Azure offers a range of services such as PaaS, IaaS, and managed database services.
  • Refers to when software, a device, or a system is configured improperly, which could facilitate unauthorized access or other security issues.
  • A globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The MITRE ATT&CK® knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
  • A cloud computing model that uses a combination of cloud-based services, for example, a public and private cloud or other combinations of public, private, and edge cloud services.
  • A type of software architecture where one instance of the software and its supporting services serve multiple clients, which are called tenants.
  • My definition
  • N
  • A federally funded research and development center that supports NIST's National Cybersecurity Center of Excellence and is designed to help organizations meet pressing cybersecurity needs.
  • Founded in 1901, the National Institute of Standards and Technology (NIST) is a part of the U.S. Department of Commerce. It manages a range of security standards, for example, the NIST Cybersecurity Framework. While NIST compliance is mandatory for federal agencies, its guidelines are considered best practices across industries.
  • A tool that continuously monitors an environment to discover assets and related vulnerabilities and security issues. Network monitors enable non-intrusive continuous visibility into a network for all assets such as traditional IT, mobile devices, cloud-hosted applications and assets, operational technologies, operating systems, databases, endpoints, web apps, virtual machines, network devices, hypervisors, and more. Network monitors analyze network traffic at a packet level to uncover vulnerabilities, both server and client-side, and monitor network usage. A network monitor can also discover PII and sensitive data in transit, as well as identify port scans and other port-related activities. A network monitor can detect suspicious activities and enable teams to prevent attackers from compromising a network, data, and systems.
  • Hardware and software that monitor network traffic. Continuous network monitoring, for example with Nessus Network Monitor, enables non-intrusive insight into assets throughout all environments to discover vulnerabilities, traffic and bandwidth issues, misconfigurations, and other security issues.
  • Tools that continuously monitor a network and assets for security and other issues. They enable non-intrusive and continuous visibility into networks with visibility into network traffic at the packet level to seek out server and client-side vulnerabilities, including new and transient assets.
  • Programs, policies, processes, tools, and resources used to protect networks from potential cyber breaches and other security issues, for example, unauthorized access.
  • A method that divides a network into smaller segments so InfoSec teams can manage them individually and apply different controls and other policies to each segment.
  • A type of firewall organizations can use to uncover and stop potential attacks by enforcing policies at different levels, for example at the application, port, or protocol level.
  • A set of cybersecurity regulations that apply to the European Union (EU), specifically operators of essential services (OES) and relevant digital service providers (RDSPs). It creates a uniform set of standards to improve security for networks and information systems to help prevent cyberattacks and exploitation of other security issues.
  • Enables insight into how a threat actor might exploit a network through exposures without using credentials.
  • A set of standards to help ensure security and operational resilience for North America's Bulk Electronic System (BES).
  • O
  • A computing environment that is set up within an organization's facility. On-prem infrastructure keeps all data and core services within a private network, which can only be accessed by authorized users.
  • A type of external scanner that seeks out vulnerabilities within your website or network.
  • A service on the server that responds to network requests.
  • Open source software is a type of code that can be publicly distributed, changed, or used by anyone.
  • A nonprofit organization focused on improving software security.
  • A Kubernetes management platform.
  • Technology that organizations use to keep critical infrastructure and industrial environments functioning. OT includes software and hardware to manage, secure, and control industrial control systems (ICS) systems, devices, and processes in an OT environment. OT devices are commonly found in manufacturing, transportation, oil and gas, electricity and utilities, and other similar industries.
  • An organization administrator, or organization admin, is a person within the InfoSec team responsible for identity and access management (IAM) for your organization. This includes related policy and user access role management.
  • A hostname that no longer resolves to an IP address.
  • Processes that protect all hardware, software, and devices within OT infrastructure, including steps to manage and monitor OT devices from internal and external attacks and other cyber risks.
  • According to the OWASP foundation, the OWASP Top 10 is " a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."
  • P
  • Enables organizations to configure an automated system to continuously monitor a network, instantly identifying new assets, rogue assets, or transient assets, and activating alerts whenever issues arise outside of preset baselines.
  • A software update that fixes a discovered security weakness or other issues within deployed software or services. Patches are often required because the issues were not undetected during the development and testing phases and need to be corrected in deployed environments.
  • A prioritization metric for attack paths based on the exposure of the source, criticality of the target, and the number of steps of the attack path.
  • Standards that outline how organizations that handle credit card data should protect the confidentiality, integrity, and availability of that sensitive and protected data.
  • Testing that detects weaknesses in an attack surface. Vulnerability assessment programs find these weaknesses so teams can fix them before attackers exploit the weaknesses. Pen testing is a stand-alone activity. A third party often conducts pen tests. Penetration testing gives insight into how effective vulnerability assessment and vulnerability management programs are.
  • A cyberattack where, once inside a network, an attacker remains undetected for an extended time.
  • A social engineering attack method where an attacker sends a malicious email with the intent of tricking a user into revealing sensitive information, for example, usernames and passwords or financial information. These emails often look like they come from a legitimate source, but are not.
  • A cloud-based model that provides hardware and software to support a full development environment that enables organizations to build and deploy applications.
  • Software elements that add new features without having to modify the original software. Also referred to as extensions or add-ons.
  • A benchmark based on members of the entire population to which you can compare your scores and assess your performance.
  • A scan that analyzes a server to determine which ports are open.
  • A vulnerability metric that combines Tenable-collected vulnerability data with third-party vulnerability and threat data to analyze them with an advanced data science algorithm Tenable developed. With Predictive Prioritization, each vulnerability gets a Vulnerability Priority Rating (VPR, which incorporates the result of this analysis and is updated daily including vulnerabilities yet to be published in the National Vulnerability Database (NVD).
  • A middle point between a user and an endpoint, for example, the web. It is used to send information between a user and web-based services.
  • R
  • A type of malicious software attackers use to take control of a device, such as a server or other computer, with the intent of encrypting data and preventing access until a user pays a ransom.
  • The act of finding assets.
  • A storage location for container images. The registry enables developers and continuous integration (CI) systems to store pushed containers.
  • Digital access that is facilitated by hardware or software and enables a user to access network resources from outside of the network environment.
  • A storage location or namespace, within a registry, for an image.
  • The components used within an enterprise to store or transmit data. This includes hardware, services, applications, software, and other infrastructure components.
  • Any potential threat to an organization's systems, services, or data. Risk examples include vulnerabilities, misconfigurations, malware, and more.
  • A subset of Cyber Exposure that helps organizations identify and manage cyber risks. RBVM uses machine-learning analytics to associate vulnerability severity and threat actor activity with asset criticality to enable organizations to prioritize and remediate the ones that cause the greatest risk and then prioritize those that create lesser risk.
  • A methodology that identifies and analyzes an internal and external risk to determine how it may negatively impact an organization's ability to deliver products, goods, and critical services. While the terms risk analysis and risk assessment are often used interchangeably, they are not the same. A risk analysis generally is a component of a large-scale risk assessment.
  • A methodology that discovers and analyzes any potential internal and external threats that may impact an organization. While the terms risk assessment and risk analysis are often used interchangeably, they are not the same. A risk assessment is generally a higher-level look at an organization's overall risk.
  • The processes an organization uses to discover, assess, prioritize, mitigate, and remediate security threats—or security risks—within a technology environment.
  • A vulnerability metric takes an in-depth look at an organization's risks and then, with risk intelligence, enables the organization to determine which threats pose the greatest actual risk so teams can make plans to remediate those that pose the most risk to critical services, data, and operations.
  • Quantifies the greatest amount of cyber risk an organization is willing to accept. It is often used to help teams determine whether they will mitigate, remediate, accept, or reject potential risks to an organization.
  • Sets a baseline for the amount of risk an organization will accept based on specific strategies or goals.
  • A type of IP address where network traffic can be routed over the internet. As defined by RFC-1918, there are certain IP address ranges where network traffic cannot be routed over the Internet, which are referred to as ‘non-routable’ IP addresses or ‘private’ IP space.
  • Enables the execution of a program or application.
  • A methodology that seeks out any malicious or suspicious activities that may happen when a program or application executes.
  • S
  • A process developers use to isolate and test a program, system, or application without harming the environment in which it typically runs.
  • A process an organization can use to evaluate its security practices to determine if controls are functioning as expected. These assessments create an opportunity for organizations to close security gaps before a breach or other incident occurs.
  • A type of assessment that evaluates an organization's security records, activities, document repository, and artifacts to determine how well it meets specific standards or requirements for data security.
  • Guidelines to ensure that an organization has all of the processes, policies, documentation, and controls in place to meet a certain set of security regulations or standards.
  • Standards an organization can use to discover, assess, and mitigate or remediate security risks across an enterprise.
  • Identifies security weaknesses within an enterprise or directly related to standards or regulations that an organization should mitigate to reduce risk.
  • A combination of technologies an organization can use for threat detection and incident management. Most SIEMs will analyze events in real-time and in the past to give an organization a full view of what's happening with its information security systems.
  • Represents where an organization is in terms of meeting its security program goals and objectives. Many organizations will conduct a security assessment to determine a current security profile so they can establish a target profile to mature those practices.
  • A centralized hub that unites technologies, processes, people, and other resources to continuously monitor and address security issues for an organization.
  • A combination of technologies and other resources that enables an organization to efficiently and effectively focus on risk identification and management, incident response, and other security processes. SOARs automate and streamline security processes between multiple sources and individuals.
  • Represents an organization's current information security status. It generally represents the visibility an organization has into its risks and what it is doing to mitigate and remediate those risks.
  • Represents any risk, for example, an external attack or vulnerability, that puts an organization's systems, network, or data at risk of being stolen, modified, or otherwise disrupted in an unauthorized capacity.
  • A weakness, bug, or programming mistake in hardware or software attackers can exploit to compromise a network for unauthorized access to your data and systems.
  • A flaw, misconfiguration, or other security issue an attacker may use to attempt an exploit.
  • A process used to divide a network into different components. With network segmentation, for example, each segment can be designed as a small network on its own.
  • A type of cloud computing in which a cloud services provider (CSP) offers on-demand resource allocation for its clients. Some organizations choose serverless computing as a cost-saving model for cloud services.
  • An agreement between a service provider, for example, a cloud-hosting service, and a client. It is often used to determine the scope of a relationship or product offerings and includes information such as availability, service level, and other relevant metrics.
  • A specific layer of infrastructure an organization can use for communications between services or microservices.
  • A model that defines which processes in cloud security fall to the cloud services provider and which fall to the user.
  • Describes a shift in the way DevOps teams approach testing, quality, and other evaluations of software development to an earlier stage in the process. It refers to moving those steps earlier in the software development life cycle.
  • A practice attackers use to try to deceive a user into giving out sensitive or personal information, for example, credentials, to use in a cyber attack. Phishing emails are an example of social engineering. These emails appear to be from a legitimate source and are designed to manipulate a user into releasing information they otherwise would not.
  • A software-defined wide area network, which is often used as a virtual service to connect users to applications across a wide-area network (WAN) via a virtual private LAN service (VPLS) and multiprotocol label switching (MPLS).
  • A service that enables users to access cloud-based applications via the web without having to install the application on a device like traditional software. Instead, the application is available through the internet.
  • A process developers use to design, create, test, implement and maintain software while meeting certain customer and business-focused goals and objectives.
  • A network monitoring tool that attackers used in 2020 to exploit users' systems. Attackers hacked the platform code, which was included in an update sent out to customers, as a backdoor into systems where they then installed additional malware to spy on those customers. According to a SolarWinds report to the SEC about 18,000 customers were affected by the breach.
  • A type of phishing attack that targets specific users or organizations to steal sensitive information with malicious intent.
  • An attack in which attackers insert malicious code on a server and then use SQL to access sensitive information that otherwise would be inaccessible.
  • A domain name with a hostname appended, which is sometimes more accurately described as a fully qualified domain name (FQDN).
  • Effective SCADA security employs both smart scanning and passive network monitoring to protect SCADA systems.
  • A control system that communicates with and collects data from industrial machines, sensors, and end devices, often at distributed sites. SCADA transmits data to computers for processing and makes it available to operators and other employees.
  • An attack that occurs when a threat actor takes advantage of a security weakness within a third-party environment. Often, these types of breaches enable attackers to move laterally through connected networks, often undetected.
  • Voluntary controls that help organizations protect the security, availability, integrity, and confidentiality of customer data.
  • T
  • A way to group assets by business context. For example, you can group assets by product, permissions, or business owner.
  • Represents how an adversary achieves a tactical goal by acting. For example, an adversary can dump credentials to achieve credential access.
  • A Cyber Exposure Management company. Some 40,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include about 60 percent of the Fortune 500, about 40 percent of the Global 2000, and large government agencies.
  • A knowledge base about Tenable products and concepts. Tenable Community is a place where people with common interests in Tenable and cybersecurity can get together and exchange ideas, share information, and explore a wide range of security-related topics.
  • Enables organizations to see everything in Active Directory, predict what matters, and act to address risk to disrupt attack paths before attackers exploit them.
  • An advanced visualization, decision support, analytics, and measurement solution that helps organizations understand and reduce cyber exposure. Lumin transforms vulnerability data into meaningful insights to help manage cyber risk across an entire organization.
  • Developed by Tenable, Nessus is a vulnerability scanning tool that continually monitors assets for vulnerabilities and other security weaknesses. Nessus identifies vulnerabilities that need attention with high-speed, accurate scanning and highlights which vulnerabilities an organization should address first.
  • Protects industrial networks from cyber threats, malicious insiders, and human error. It identifies and protects operational technology (OT) environments from cyber exposure and threats and ensures operational safety and reliability.
  • Tenable Research delivers world-class cyber exposure intelligence, data science insights, alerts and security advisories.
  • Tenable Security Center is managed on-premises and powered by Nessus technology. The Tenable Security Center suite of products provides the industry's most comprehensive vulnerability coverage with real-time continuous assessment of networks. It is a complete end-to-end vulnerability management solution.
  • Provides the industry's most comprehensive vulnerability coverage with the ability to predict which security issues to remediate first. It is a complete end-to-end vulnerability management solution, managed in the cloud and powered by Nessus.
  • Provides comprehensive and accurate vulnerability scanning for full visibility of IT, cloud, and web application vulnerabilities in a single platform.
  • A process used to discover threats across an enterprise based on a variety of threat indicators or other security research.
  • Represents information and resources an organization can use to ascertain a better understanding of threats that may exist within the threat landscape. This information is valuable in helping teams prioritize which security weaknesses should be prioritized for remediation to lessen the likelihood of potential exploitation from an attacker.
  • Consists of all of the types of cybersecurity-related threats and risks that impact your organization. This can be all-encompassing for your entire enterprise, but also approached from a granular level, down to an individual asset, user, or service.
  • The processes an organization may use to decrease the potential impact of a threat. This may include containment activities used between detection and remediation or steps to isolate the threat until it can be resolved.
  • Represents the processes an organization uses to identify, communicate, and understand threats and mitigations within the context of protecting something of value, for example, security related to an application and its environment.
  • The processes an organization uses to discover and resolve threats within its environment. Unlike threat mitigation, which is generally a process used when a threat remains within your environment, threat remediation is used to remove the threat completely, for example, installing a patch or applying an update.
  • A digital device used for device security authentication, for example, as part of a two-factor authentication process.
  • Refers to the last segment of a domain name, the part following immediately after the “dot” symbol. The most common and familiar TLDs are .com, .net, and .org. Example: TLD is the Top-Level Domain name of the domain name bar.foo.tld There are many other TLDs, such as .co.uk and co.jp, which are technically not TLDs because they are not located at the ‘top level’ of the domain. These types of domains are referred to as effective TLDs (eTLDS) because they serve as a branching point for domain name registrars.
  • A type of malware. Trojans can be a type of malicious code, malicious file, or program. Often, attackers disguise trojans in a way that they appear to be legitimate, but they're not. Attackers use trojans in a variety of ways, for example, to set up a backdoor so they can execute tasks on an asset or to copy, damage, encrypt, or delete data and prevent asset access.
  • The processes, tools, and resources an organization uses to prevent authorized access to your network infrastructures such as your hardware, software, and all of your cloud services. While not all-encompassing, here are some examples of network security: access control, email security, firewalls, antivirus, antimalware, application security, vulnerability assessment and management, VPNs, multi-factor authentication, and more.
  • U
  • Enables networks and servers to communicate. URLs generally consist of a domain name and other information that make up a web address.
  • A process used to look at a web address to see if there is any potential malicious activity that may be related to that URL.
  • V
  • A method for hosting multiple hostnames or domain names, with separate handling of each name, on a single server.
  • An operating system that runs off software and not a physical device. A VM is generally an image or computer file that functions like a computer system. These images function within a window on a computer.
  • Organizations use virtual private networks, also known as VPNs, for online privacy. VPNs hide your asset's IP address. They also encrypt and route data via secure networks. VPNS enables secure and anonymous internet access.
  • A way to discover, analyze, and fix weaknesses within an attack surface to lessen the likelihood attackers can exploit a network and gain unauthorized access to assets.
  • A tool used to discover vulnerabilities across an environment. Vulnerability assessment programs rely on vulnerability assessment tools to facilitate continuous asset discovery and vulnerability monitoring, along with processes to prioritize threats based on actual risk to an organization.
  • A program that uses a variety of tools and processes to identify assets and vulnerabilities across an enterprise. It also helps organizations plan how to mitigate issues, remediate weaknesses, and improve security posture.
  • A process InfoSec teams use to fix (or patch) security issues within an environment after a vulnerability assessment identifies those weaknesses. Organizations with mature vulnerability management programs use tools and resources, for example, Tenable's Predictive Prioritization, to prioritize vulnerabilities for remediation so they can focus on fixing vulnerabilities that pose the greatest threat to an organization first.
  • A scanner that discovers misconfigurations, vulnerabilities, and other security issues within an IT infrastructure, including networks, servers, operating systems, and applications.
  • A tool that discovers weaknesses within an attack surface. They are used as part of mature vulnerability assessment and vulnerability management processes to identify cyber risks for prioritization and remediation.
  • Tools that help organizations find vulnerabilities and other security issues, for example, misconfigurations, within their environment to plan for remediation.
  • W
  • A type of software that runs within a web browser instead of a traditional computer or on-site server. Some examples of web applications might include emails such as Gmail or Yahoo, web-based forms, or online shopping programs.
  • A type of scanning that discovers vulnerabilities within web apps. These scans, for example, through Tenable Nessus, can be automated so they continuously look for web app security issues.
  • A cybersecurity practice used to discover all of the web applications and web services used within an organization to evaluate them for vulnerabilities, misconfigurations, and other security weaknesses.
  • Web security is an information security practice designed to protect web services and applications from a variety of security risks.
  • A scanner used to identify security risks, for example, vulnerabilities and misconfigurations, within a website.
  • X
  • With XML External Entities (XXE), attackers can use external entities to access internal files through a file URL handler, internal file shares, internal port scanning, remote code execution, or DoS attacks.
  • Z
  • A known vulnerability that does not yet have a patch to fix it, leaving it vulnerable to potential attacker exploitation.
  • A cloud-based platform that adopts a zero-trust approach to protect it. It is based on a verify-everything concept to limit the possibility of a breach or other security issue.
  • Establishes access control policies and other procedures that enable remote access to systems and data based on a zero-trust approach to security.