Glossary
This glossary defines the acronyms and key terms used throughout the cybersecurity market research site. Use it as a quick reference when navigating segment analyses, pain-point discussions, and opportunity assessments.
A
| Term | Definition |
| ACL | Access Control List: rules determining which users/systems can access resources |
| APT | Advanced Persistent Threat: a prolonged, targeted cyberattack where an intruder gains and maintains unauthorized access |
| ASM | Attack Surface Management: continuous discovery, inventory, and risk assessment of an organization's external-facing assets |
| ASPM | Application Security Posture Management: unified visibility and risk management across the application lifecycle |
| AV | Antivirus: software designed to detect, prevent, and remove malware |
B
| Term | Definition |
| BAS | Breach and Attack Simulation: automated tools that simulate real-world attacks to test security controls |
| BEC | Business Email Compromise: a social-engineering attack targeting employees with access to company finances or data |
| BYOVD | Bring Your Own Vulnerable Driver: attack technique where adversaries load a legitimately signed but vulnerable kernel driver to disable security tools |
C
| Term | Definition |
| C2 | Command and Control: infrastructure used by attackers to communicate with compromised systems |
| CASB | Cloud Access Security Broker: a security policy enforcement point between cloud consumers and providers |
| CCPA | California Consumer Privacy Act: California state law granting consumers rights over their personal data |
| CIAM | Customer Identity and Access Management: managing and securing external customer identities and authentication |
| CIEM | Cloud Infrastructure Entitlement Management: managing identities and privileges in cloud environments |
| CTEM | Continuous Threat Exposure Management: a program for continuously assessing and prioritizing threat exposures |
| CNAPP | Cloud-Native Application Protection Platform: integrated security for cloud-native applications across the full lifecycle |
| CSPM | Cloud Security Posture Management: continuous monitoring of cloud infrastructure for misconfigurations and compliance risks |
| CWPP | Cloud Workload Protection Platform: security for workloads running in cloud environments (VMs, containers, serverless) |
| CVE | Common Vulnerabilities and Exposures: a standardized identifier for publicly known cybersecurity vulnerabilities |
D
| Term | Definition |
| DAST | Dynamic Application Security Testing: testing a running application for vulnerabilities by simulating attacks |
| DCS | Distributed Control System: a control system for managing industrial processes across multiple locations |
| DLP | Data Loss Prevention: tools and processes to prevent unauthorized data exfiltration or leakage |
| DORA | Digital Operational Resilience Act: EU regulation on ICT risk management for financial entities |
| DSPM | Data Security Posture Management: discovering, classifying, and protecting sensitive data across cloud environments |
E
| Term | Definition |
| EASM | External Attack Surface Management: discovering and monitoring internet-facing assets for exposures |
| EDR | Endpoint Detection and Response: tools that monitor endpoints for threats and provide investigation and response capabilities |
| EPP | Endpoint Protection Platform: integrated endpoint security combining prevention, detection, and response |
F/G
| Term | Definition |
| FAIR | Factor Analysis of Information Risk: a quantitative model for understanding, analyzing, and measuring information risk |
| GRC | Governance, Risk, and Compliance: integrated framework for aligning IT with business goals, managing risk, and meeting regulations |
| GDPR | General Data Protection Regulation: EU regulation on data protection and privacy for individuals |
H
| Term | Definition |
| HIPAA | Health Insurance Portability and Accountability Act: US law governing the privacy and security of health information |
I
| Term | Definition |
| IAB | Initial Access Broker: specialized cybercriminals who compromise networks and sell access to ransomware operators and other buyers |
| IAM | Identity and Access Management: framework for managing digital identities and controlling access to resources |
| ICS | Industrial Control System: control systems used in industrial production and critical infrastructure |
| IDS | Intrusion Detection System: a system that monitors network traffic for suspicious activity and alerts |
| ITDR | Identity Threat Detection and Response: detecting and responding to identity-based attacks and compromises |
| IoT | Internet of Things: network of physical devices embedded with sensors, software, and connectivity |
| IPS | Intrusion Prevention System: a system that monitors and actively blocks detected threats in network traffic |
L
| Term | Definition |
| LOLBin | Living Off the Land Binary: a legitimate system binary that can be abused by attackers for malicious purposes such as downloading payloads, executing code, or bypassing security controls |
| LOTL | Living Off the Land: attack technique using legitimate, pre-installed system tools and binaries rather than custom malware to evade detection |
M
| Term | Definition |
| MaaS | Malware-as-a-Service: cybercrime business model where malware developers sell or rent their tools to other criminals |
| MDR | Managed Detection and Response: outsourced security service providing 24/7 threat monitoring, detection, and response |
| MITRE ATT&CK | MITRE Adversarial Tactics, Techniques, and Common Knowledge: a knowledge base of adversary behaviors and techniques |
| MSSP | Managed Security Service Provider: a third-party provider offering outsourced monitoring and management of security devices |
| MFA | Multi-Factor Authentication: requiring two or more verification factors to gain access to a resource |
N
| Term | Definition |
| NDR | Network Detection and Response: detecting and responding to threats by analyzing network traffic patterns |
| NERC CIP | North American Electric Reliability Corporation Critical Infrastructure Protection: security standards for the electric grid |
| NGAV | Next-Generation Antivirus: advanced antivirus using behavioral analysis, AI, and machine learning beyond signature-based detection |
| NIS2 | Network and Information Systems Directive 2: updated EU directive on cybersecurity for essential and important entities |
| NIST CSF | National Institute of Standards and Technology Cybersecurity Framework: a voluntary framework for managing cybersecurity risk |
O
| Term | Definition |
| ORB | Operational Relay Box: compromised network devices (typically SOHO routers or IoT devices) used by threat actors as proxy infrastructure for command and control traffic |
| OT | Operational Technology: hardware and software that monitors and controls physical devices and processes |
| OWASP | Open Worldwide Application Security Project: a nonprofit focused on improving software security through open-source projects and guidance |
P
| Term | Definition |
| PAM | Privileged Access Management: securing, managing, and monitoring privileged accounts and access |
| PCI DSS | Payment Card Industry Data Security Standard: security standards for organizations that handle credit card data |
| PII | Personally Identifiable Information: any data that could identify a specific individual |
| PLC | Programmable Logic Controller: an industrial computer used to control manufacturing processes |
R
| Term | Definition |
| RaaS | Ransomware-as-a-Service: cybercrime business model where ransomware operators provide malware and infrastructure to affiliates who conduct attacks, splitting profits |
| RGB | Reconnaissance General Bureau: North Korea's primary intelligence agency responsible for clandestine operations including cyber operations |
S
| Term | Definition |
| SASE | Secure Access Service Edge: converged network and security-as-a-service architecture delivered from the cloud |
| SAST | Static Application Security Testing: analyzing source code for vulnerabilities without executing the application |
| SBOM | Software Bill of Materials: a formal inventory of components, libraries, and dependencies in a software product |
| SCA | Software Composition Analysis: identifying open-source components and known vulnerabilities in a codebase |
| SCADA | Supervisory Control and Data Acquisition: a system for monitoring and controlling industrial processes remotely |
| SD-WAN | Software-Defined Wide Area Network: a virtual WAN architecture that simplifies branch networking and optimizes traffic |
| SEG | Secure Email Gateway: a solution that filters inbound and outbound email to block threats and enforce policies |
| SIEM | Security Information and Event Management: aggregating and analyzing log data for threat detection and compliance |
| SOAR | Security Orchestration, Automation, and Response: tools that automate and coordinate security operations workflows |
| SOC | Security Operations Center: a centralized team and facility for monitoring, detecting, and responding to security incidents |
| SOX | Sarbanes-Oxley Act: US law mandating financial reporting and internal control requirements for public companies |
| SSE | Security Service Edge: the security component of SASE, delivering SWG, CASB, and ZTNA as cloud services |
| SWG | Secure Web Gateway: a solution that filters web traffic to enforce security policies and block threats |
T
| Term | Definition |
| TAM | Total Addressable Market: the total revenue opportunity available for a product or service |
| TCO | Total Cost of Ownership: the complete cost of acquiring, deploying, and operating a solution over its lifetime |
| TIP | Threat Intelligence Platform: a system for aggregating, correlating, and operationalizing threat intelligence data |
| TLS | Transport Layer Security: a cryptographic protocol that provides secure communication over a network |
| TTP | Tactics, Techniques, and Procedures: the patterns of behavior and methods used by threat actors to conduct cyber operations |
V
| Term | Definition |
| VM | Vulnerability Management: the ongoing process of identifying, evaluating, treating, and reporting security vulnerabilities |
X
| Term | Definition |
| XDR | Extended Detection and Response: unified threat detection and response across endpoints, network, cloud, and email |
Z
| Term | Definition |
| ZTNA | Zero Trust Network Access: a security model that grants access based on identity verification and least-privilege principles |
Glossary
This glossary defines the acronyms and key terms used throughout the cybersecurity market research site. Use it as a quick reference when navigating segment analyses, pain-point discussions, and opportunity assessments.
A
| Term | Definition |
| ACL | Access Control List: rules determining which users/systems can access resources |
| APT | Advanced Persistent Threat: a prolonged, targeted cyberattack where an intruder gains and maintains unauthorized access |
| ASM | Attack Surface Management: continuous discovery, inventory, and risk assessment of an organization's external-facing assets |
| ASPM | Application Security Posture Management: unified visibility and risk management across the application lifecycle |
| AV | Antivirus: software designed to detect, prevent, and remove malware |
B
| Term | Definition |
| BAS | Breach and Attack Simulation: automated tools that simulate real-world attacks to test security controls |
| BEC | Business Email Compromise: a social-engineering attack targeting employees with access to company finances or data |
| BYOVD | Bring Your Own Vulnerable Driver: attack technique where adversaries load a legitimately signed but vulnerable kernel driver to disable security tools |
C
| Term | Definition |
| C2 | Command and Control: infrastructure used by attackers to communicate with compromised systems |
| CASB | Cloud Access Security Broker: a security policy enforcement point between cloud consumers and providers |
| CCPA | California Consumer Privacy Act: California state law granting consumers rights over their personal data |
| CIAM | Customer Identity and Access Management: managing and securing external customer identities and authentication |
| CIEM | Cloud Infrastructure Entitlement Management: managing identities and privileges in cloud environments |
| CTEM | Continuous Threat Exposure Management: a program for continuously assessing and prioritizing threat exposures |
| CNAPP | Cloud-Native Application Protection Platform: integrated security for cloud-native applications across the full lifecycle |
| CSPM | Cloud Security Posture Management: continuous monitoring of cloud infrastructure for misconfigurations and compliance risks |
| CWPP | Cloud Workload Protection Platform: security for workloads running in cloud environments (VMs, containers, serverless) |
| CVE | Common Vulnerabilities and Exposures: a standardized identifier for publicly known cybersecurity vulnerabilities |
D
| Term | Definition |
| DAST | Dynamic Application Security Testing: testing a running application for vulnerabilities by simulating attacks |
| DCS | Distributed Control System: a control system for managing industrial processes across multiple locations |
| DLP | Data Loss Prevention: tools and processes to prevent unauthorized data exfiltration or leakage |
| DORA | Digital Operational Resilience Act: EU regulation on ICT risk management for financial entities |
| DSPM | Data Security Posture Management: discovering, classifying, and protecting sensitive data across cloud environments |
E
| Term | Definition |
| EASM | External Attack Surface Management: discovering and monitoring internet-facing assets for exposures |
| EDR | Endpoint Detection and Response: tools that monitor endpoints for threats and provide investigation and response capabilities |
| EPP | Endpoint Protection Platform: integrated endpoint security combining prevention, detection, and response |
F/G
| Term | Definition |
| FAIR | Factor Analysis of Information Risk: a quantitative model for understanding, analyzing, and measuring information risk |
| GRC | Governance, Risk, and Compliance: integrated framework for aligning IT with business goals, managing risk, and meeting regulations |
| GDPR | General Data Protection Regulation: EU regulation on data protection and privacy for individuals |
H
| Term | Definition |
| HIPAA | Health Insurance Portability and Accountability Act: US law governing the privacy and security of health information |
I
| Term | Definition |
| IAB | Initial Access Broker: specialized cybercriminals who compromise networks and sell access to ransomware operators and other buyers |
| IAM | Identity and Access Management: framework for managing digital identities and controlling access to resources |
| ICS | Industrial Control System: control systems used in industrial production and critical infrastructure |
| IDS | Intrusion Detection System: a system that monitors network traffic for suspicious activity and alerts |
| ITDR | Identity Threat Detection and Response: detecting and responding to identity-based attacks and compromises |
| IoT | Internet of Things: network of physical devices embedded with sensors, software, and connectivity |
| IPS | Intrusion Prevention System: a system that monitors and actively blocks detected threats in network traffic |
L
| Term | Definition |
| LOLBin | Living Off the Land Binary: a legitimate system binary that can be abused by attackers for malicious purposes such as downloading payloads, executing code, or bypassing security controls |
| LOTL | Living Off the Land: attack technique using legitimate, pre-installed system tools and binaries rather than custom malware to evade detection |
M
| Term | Definition |
| MaaS | Malware-as-a-Service: cybercrime business model where malware developers sell or rent their tools to other criminals |
| MDR | Managed Detection and Response: outsourced security service providing 24/7 threat monitoring, detection, and response |
| MITRE ATT&CK | MITRE Adversarial Tactics, Techniques, and Common Knowledge: a knowledge base of adversary behaviors and techniques |
| MSSP | Managed Security Service Provider: a third-party provider offering outsourced monitoring and management of security devices |
| MFA | Multi-Factor Authentication: requiring two or more verification factors to gain access to a resource |
N
| Term | Definition |
| NDR | Network Detection and Response: detecting and responding to threats by analyzing network traffic patterns |
| NERC CIP | North American Electric Reliability Corporation Critical Infrastructure Protection: security standards for the electric grid |
| NGAV | Next-Generation Antivirus: advanced antivirus using behavioral analysis, AI, and machine learning beyond signature-based detection |
| NIS2 | Network and Information Systems Directive 2: updated EU directive on cybersecurity for essential and important entities |
| NIST CSF | National Institute of Standards and Technology Cybersecurity Framework: a voluntary framework for managing cybersecurity risk |
O
| Term | Definition |
| ORB | Operational Relay Box: compromised network devices (typically SOHO routers or IoT devices) used by threat actors as proxy infrastructure for command and control traffic |
| OT | Operational Technology: hardware and software that monitors and controls physical devices and processes |
| OWASP | Open Worldwide Application Security Project: a nonprofit focused on improving software security through open-source projects and guidance |
P
| Term | Definition |
| PAM | Privileged Access Management: securing, managing, and monitoring privileged accounts and access |
| PCI DSS | Payment Card Industry Data Security Standard: security standards for organizations that handle credit card data |
| PII | Personally Identifiable Information: any data that could identify a specific individual |
| PLC | Programmable Logic Controller: an industrial computer used to control manufacturing processes |
R
| Term | Definition |
| RaaS | Ransomware-as-a-Service: cybercrime business model where ransomware operators provide malware and infrastructure to affiliates who conduct attacks, splitting profits |
| RGB | Reconnaissance General Bureau: North Korea's primary intelligence agency responsible for clandestine operations including cyber operations |
S
| Term | Definition |
| SASE | Secure Access Service Edge: converged network and security-as-a-service architecture delivered from the cloud |
| SAST | Static Application Security Testing: analyzing source code for vulnerabilities without executing the application |
| SBOM | Software Bill of Materials: a formal inventory of components, libraries, and dependencies in a software product |
| SCA | Software Composition Analysis: identifying open-source components and known vulnerabilities in a codebase |
| SCADA | Supervisory Control and Data Acquisition: a system for monitoring and controlling industrial processes remotely |
| SD-WAN | Software-Defined Wide Area Network: a virtual WAN architecture that simplifies branch networking and optimizes traffic |
| SEG | Secure Email Gateway: a solution that filters inbound and outbound email to block threats and enforce policies |
| SIEM | Security Information and Event Management: aggregating and analyzing log data for threat detection and compliance |
| SOAR | Security Orchestration, Automation, and Response: tools that automate and coordinate security operations workflows |
| SOC | Security Operations Center: a centralized team and facility for monitoring, detecting, and responding to security incidents |
| SOX | Sarbanes-Oxley Act: US law mandating financial reporting and internal control requirements for public companies |
| SSE | Security Service Edge: the security component of SASE, delivering SWG, CASB, and ZTNA as cloud services |
| SWG | Secure Web Gateway: a solution that filters web traffic to enforce security policies and block threats |
T
| Term | Definition |
| TAM | Total Addressable Market: the total revenue opportunity available for a product or service |
| TCO | Total Cost of Ownership: the complete cost of acquiring, deploying, and operating a solution over its lifetime |
| TIP | Threat Intelligence Platform: a system for aggregating, correlating, and operationalizing threat intelligence data |
| TLS | Transport Layer Security: a cryptographic protocol that provides secure communication over a network |
| TTP | Tactics, Techniques, and Procedures: the patterns of behavior and methods used by threat actors to conduct cyber operations |
V
| Term | Definition |
| VM | Vulnerability Management: the ongoing process of identifying, evaluating, treating, and reporting security vulnerabilities |
X
| Term | Definition |
| XDR | Extended Detection and Response: unified threat detection and response across endpoints, network, cloud, and email |
Z
| Term | Definition |
| ZTNA | Zero Trust Network Access: a security model that grants access based on identity verification and least-privilege principles |