Skip to content

Market Map

The cybersecurity market is a sprawling, interconnected ecosystem of 14 segments spanning prevention, detection, response, and governance. This page provides a comprehensive visual overview of the entire landscape --- segment sizing, relationships, maturity, and investment dynamics.

Overview

The Cybersecurity Market at a Glance

Total estimated market size (2025): ~$290--310 billion across all 14 segments analyzed Projected size (2030): ~$550--600 billion Overall CAGR: ~12--14% Total M&A activity (2025): 426 deals totaling $92.5B in disclosed value Total VC funding (2025): $14B, up 47% from $9.5B in 2024

The cybersecurity market is shaped by three structural forces:

  1. Platformization --- enterprises running an average of 45 security tools are actively consolidating. Gartner reports 62% of organizations are reducing vendor count, rewarding vendors that absorb adjacent capabilities.
  2. AI transformation --- both attackers and defenders are adopting AI at scale. AI-generated phishing surged 1,265%+ in 2025, while vendors embed LLMs for autonomous triage, detection, and response.
  3. Regulatory acceleration --- NIS2, DORA, the EU AI Act, SEC cyber disclosure rules, and CMMC 2.0 are layering new compliance obligations globally, creating non-discretionary demand across GRC, identity, and data security.

For detailed methodology, see Methodology. For key findings, see Key Takeaways.

Market Landscape Diagram

The following diagram maps all 14 segments into three tiers --- Core Security Stack, Operational Security, and Specialized Segments --- with data flows showing how telemetry and context move between them.

Core Security Stack (~$164B)Operational Security (~$80B)Specialized Segments (~$56B)Endpoint Security\nEDR / XDR / EPP\n~$21B, 7% CAGR Network Security\nNGFW / SASE / NDR\n~$85B, 7.2% CAGR Cloud Security\nCNAPP / CSPM / CWPP\n~$36B, 13.3% CAGR Identity & Access\nIAM / PAM / ZTNA\n~$22B, 14% CAGR SIEM & SOAR\nLog Mgmt / Automation\n~$8B, 14% CAGR MDR & MSSP\nManaged Services\n~$41B, 14--24% CAGR GRC\nCompliance / Risk\n~$55B, 13% CAGR Vulnerability & ASM\nVM / EASM / CTEM\n~$18B, 8--30% CAGR Application Security\nSAST / DAST / SCA\n~$14B, 17% CAGR Data Security\nDLP / DSPM\n~$15B, 17.5% CAGR Email Security\nSEG / ICES\n~$5B, 12.5% CAGR OT/IoT Security\nICS / SCADA / CPS\n~$1B OT + $45B IoT Threat Intelligence\nTIP / Dark Web\n~$12B, 14.7% CAGR Security Awareness\nTraining / HRM\n~$5B, 16.8% CAGR TelemetryLogs & AlertsPosture DataConfig FindingsAuth EventsIdentity ContextAccess PoliciesEntitlementsRisk FindingsExposure DataCorrelated AlertsIOCs & ContextThreat ContextExploit IntelPhishing TelemetryUser ReportsVuln FindingsDLP AlertsClassificationOT AlertsAsset Data

Sizing Methodology

Market sizes are 2025 estimates drawn from each segment's primary analyst sources (MarketsandMarkets, Mordor Intelligence, Grand View Research, Frost & Sullivan). Some segments have wide estimate ranges due to definitional overlap --- particularly Network Security and GRC, which encompass broad sub-categories. See individual segment pages for detailed sourcing.

Market Size Comparison

The table below ranks all 14 segments by estimated 2025 market size, with growth rate and projected 2030 size.

Rank Segment 2025 Size (est.) CAGR 2030 Projection Tier Fastest Sub-Segment
1 Network Security ~$85B 7.2% ~$120B Core SASE (~25--29%)
2 GRC ~$55B 13% ~$128--152B Ops Compliance Automation (16.4%)
3 OT/IoT Security ~$46B 24--27% ~$148B Specialized OT Security (23.9%)
4 MDR & MSSP ~$41B 14--24% ~$79B Ops MDR (23.5%)
5 Cloud Security ~$36B 13.3% ~$75B Core CNAPP (28%)
6 Identity & Access ~$22B 14% ~$42B Core ITDR (22.6%)
7 Endpoint Security ~$21B 7% ~$38B Core XDR transition
8 Vulnerability & ASM ~$18B 8--30% ~$30B Ops EASM (28--34%)
9 Data Security ~$15B 17.5% ~$33B Specialized DSPM (fastest, consolidated)
10 Application Security ~$14B 17% ~$35B Specialized ASPM (27.2%)
11 Threat Intelligence ~$12B 14.7% ~$23B Specialized Agentic AI TI
12 SIEM & SOAR ~$8B 14% ~$19--31B Ops Security Data Lake
13 Email Security ~$5B 12.5% ~$11B Specialized ICES (21%)
14 Security Awareness ~$5B 16.8% ~$15B Specialized HRM platforms

Key Insight: Growth vs. Size

The largest segments (Network Security, GRC) grow at moderate rates (7--13%), while the fastest-growing segments (OT/IoT, CNAPP, EASM, MDR) are smaller but expanding at 20--30%+ CAGR. The highest-growth opportunities cluster in emerging categories within mature segments --- SASE within Network, CNAPP within Cloud, ITDR within Identity, and EASM within Vulnerability Management.

Segment Relationship Map

This diagram shows how segments feed into each other functionally --- where data flows, which segments depend on others, and where convergence is occurring.

Data ProducersIntelligence & ContextCorrelation & ResponseGovernance & IdentityEndpoint\nSecurity Network\nSecurity Cloud\nSecurity OT/IoT\nSecurity Email\nSecurity AppSecThreat\nIntelligence Vulnerability\n& ASM Data\nSecurity SIEM &\nSOAR MDR &\nMSSP Identity &\nAccess GRCSecurity\nAwareness Endpoint telemetryNetwork logsCloud audit logsOT alertsPhishing eventsVuln findingsIOC feedsExploit dataAdversary contextAdversary contextRisk scoresExposure dataDLP alertsData classificationsCorrelated incidentsResponse actionsResponse actionsResponse actionsAuth contextAccess policiesEntitlementsIdentity eventsCompliance evidenceRisk scoresUser reports

Convergence Hotspots

The most significant convergence zones in 2025--2026:

  • Identity feeds everything --- identity signals flow to endpoint, network, cloud, and SIEM. The Palo Alto/CyberArk deal ($25B) cements identity as a platform pillar.
  • SIEM is the analytical hub --- every "producer" segment sends telemetry to SIEM, but XDR platforms are challenging SIEM's central role.
  • CNAPP absorbs adjacent categories --- cloud security is consuming CSPM, CWPP, CIEM, DSPM, and pipeline security into unified platforms.
  • MDR orchestrates response --- managed detection providers sit downstream of SIEM and execute response across endpoint, network, and identity.

Market Maturity Matrix

This quadrant chart plots each segment by market maturity versus growth rate, revealing where the action is.

{
  "$schema": "https://vega.github.io/schema/vega-lite/v5.json",
  "description": "Market Maturity vs. Growth Rate",
  "width": 500,
  "height": 400,
  "title": {
    "text": "Market Maturity vs. Growth Rate",
    "fontSize": 16,
    "color": "#1B1F3B"
  },
  "config": {
    "background": "transparent",
    "axis": {
      "labelColor": "#3D4166",
      "titleColor": "#1B1F3B",
      "gridColor": "#e5e8ee"
    },
    "text": {
      "color": "#1B1F3B"
    }
  },
  "layer": [
    {
      "mark": {
        "type": "text",
        "fontSize": 13,
        "fontWeight": "bold",
        "opacity": 0.15
      },
      "data": {
        "values": [
          {
            "x": 0.75,
            "y": 0.75,
            "label": "Mature & Fast-Growing"
          },
          {
            "x": 0.25,
            "y": 0.75,
            "label": "Emerging & Fast-Growing"
          },
          {
            "x": 0.25,
            "y": 0.25,
            "label": "Emerging & Slow-Growing"
          },
          {
            "x": 0.75,
            "y": 0.25,
            "label": "Mature & Slow-Growing"
          }
        ]
      },
      "encoding": {
        "x": {
          "field": "x",
          "type": "quantitative"
        },
        "y": {
          "field": "y",
          "type": "quantitative"
        },
        "text": {
          "field": "label",
          "type": "nominal"
        },
        "color": {
          "value": "#1B1F3B"
        }
      }
    },
    {
      "mark": {
        "type": "point",
        "size": 150,
        "filled": true
      },
      "data": {
        "values": [
          {
            "x": 0.3,
            "y": 0.95,
            "label": "OT/IoT Security"
          },
          {
            "x": 0.45,
            "y": 0.8,
            "label": "Cloud Security (CNAPP)"
          },
          {
            "x": 0.4,
            "y": 0.85,
            "label": "MDR"
          },
          {
            "x": 0.42,
            "y": 0.75,
            "label": "Data Security"
          },
          {
            "x": 0.48,
            "y": 0.72,
            "label": "AppSec"
          },
          {
            "x": 0.55,
            "y": 0.7,
            "label": "Vulnerability/ASM"
          },
          {
            "x": 0.62,
            "y": 0.72,
            "label": "Identity & Access"
          },
          {
            "x": 0.55,
            "y": 0.68,
            "label": "Threat Intelligence"
          },
          {
            "x": 0.6,
            "y": 0.65,
            "label": "Security Awareness"
          },
          {
            "x": 0.65,
            "y": 0.6,
            "label": "GRC"
          },
          {
            "x": 0.72,
            "y": 0.62,
            "label": "SIEM & SOAR"
          },
          {
            "x": 0.78,
            "y": 0.55,
            "label": "Email Security"
          },
          {
            "x": 0.82,
            "y": 0.4,
            "label": "Endpoint Security"
          },
          {
            "x": 0.85,
            "y": 0.38,
            "label": "Network Security"
          }
        ]
      },
      "encoding": {
        "x": {
          "field": "x",
          "type": "quantitative",
          "scale": {
            "domain": [
              0,
              1
            ]
          },
          "axis": {
            "title": "Emerging \u2192 Mature",
            "format": ".0%"
          }
        },
        "y": {
          "field": "y",
          "type": "quantitative",
          "scale": {
            "domain": [
              0,
              1
            ]
          },
          "axis": {
            "title": "Low Growth \u2192 High Growth",
            "format": ".0%"
          }
        },
        "color": {
          "value": "#00C9A0"
        },
        "tooltip": [
          {
            "field": "label",
            "type": "nominal",
            "title": "Segment"
          },
          {
            "field": "x",
            "type": "quantitative",
            "title": "Maturity"
          },
          {
            "field": "y",
            "type": "quantitative",
            "title": "Growth"
          }
        ]
      }
    },
    {
      "mark": {
        "type": "text",
        "dy": -12,
        "fontSize": 11
      },
      "data": {
        "values": [
          {
            "x": 0.3,
            "y": 0.95,
            "label": "OT/IoT Security"
          },
          {
            "x": 0.45,
            "y": 0.8,
            "label": "Cloud Security (CNAPP)"
          },
          {
            "x": 0.4,
            "y": 0.85,
            "label": "MDR"
          },
          {
            "x": 0.42,
            "y": 0.75,
            "label": "Data Security"
          },
          {
            "x": 0.48,
            "y": 0.72,
            "label": "AppSec"
          },
          {
            "x": 0.55,
            "y": 0.7,
            "label": "Vulnerability/ASM"
          },
          {
            "x": 0.62,
            "y": 0.72,
            "label": "Identity & Access"
          },
          {
            "x": 0.55,
            "y": 0.68,
            "label": "Threat Intelligence"
          },
          {
            "x": 0.6,
            "y": 0.65,
            "label": "Security Awareness"
          },
          {
            "x": 0.65,
            "y": 0.6,
            "label": "GRC"
          },
          {
            "x": 0.72,
            "y": 0.62,
            "label": "SIEM & SOAR"
          },
          {
            "x": 0.78,
            "y": 0.55,
            "label": "Email Security"
          },
          {
            "x": 0.82,
            "y": 0.4,
            "label": "Endpoint Security"
          },
          {
            "x": 0.85,
            "y": 0.38,
            "label": "Network Security"
          }
        ]
      },
      "encoding": {
        "x": {
          "field": "x",
          "type": "quantitative"
        },
        "y": {
          "field": "y",
          "type": "quantitative"
        },
        "text": {
          "field": "label",
          "type": "nominal"
        },
        "color": {
          "value": "#3D4166"
        }
      }
    },
    {
      "mark": {
        "type": "rule",
        "strokeDash": [
          4,
          4
        ],
        "color": "#6B6F8D"
      },
      "data": {
        "values": [
          {
            "x": 0.5
          }
        ]
      },
      "encoding": {
        "x": {
          "field": "x",
          "type": "quantitative"
        }
      }
    },
    {
      "mark": {
        "type": "rule",
        "strokeDash": [
          4,
          4
        ],
        "color": "#6B6F8D"
      },
      "data": {
        "values": [
          {
            "y": 0.5
          }
        ]
      },
      "encoding": {
        "y": {
          "field": "y",
          "type": "quantitative"
        }
      }
    }
  ]
}

Reading the Matrix

  • Upper-left (Emerging & Fast-Growing): OT/IoT, MDR, CNAPP, Data Security --- these are the highest-growth investment targets with the most greenfield opportunity.
  • Upper-right (Mature & Fast-Growing): Identity, GRC, SIEM --- large markets still growing at 12--14% CAGR due to regulatory tailwinds and platform expansion.
  • Lower-right (Mature & Slow-Growing): Endpoint and Network Security --- foundational markets where innovation happens in sub-segments (XDR, SASE) rather than the category overall.
  • Lower-left: No segment falls here --- cybersecurity has no low-growth emerging categories in 2025.

Consolidation Indicators

Each segment exhibits distinct consolidation dynamics. For the full M&A analysis, see Market Consolidation & M&A Trends.

Segment Consolidation Status Key Signal Outlook
Endpoint Consolidating XDR convergence; mid-tier squeeze (Cybereason, Trellix) Platform wars between CrowdStrike, Microsoft, Palo Alto
Network Consolidating Cisco/Splunk ($28B), HPE/Juniper ($14B), Darktrace take-private ($5.3B) NDR being absorbed into XDR/platform; SASE vendor shakeout
Cloud Rapidly consolidating Google/Wiz ($32B); top 5 CNAPP vendors hold 62% revenue CNAPP is the default model; standalone CSPM/CWPP disappearing
Identity Rapidly consolidating Palo Alto/CyberArk ($25B); SailPoint IPO ($12.8B) Identity becoming a platform pillar, not a standalone category
AppSec Mixed PE dominates (Black Duck, Checkmarx, Veracode all PE-owned); ASPM emerging Roll-up likely; Opengrep fork signals OSS tension
Data Rapidly consolidating 7 DSPM startups acquired in 18 months; Cyera ($9B) last major independent DSPM becoming a platform feature; DLP being reinvented
Email Consolidating Proofpoint/Hornetsecurity ($1.8B); SEG-to-ICES architectural shift SAT converging with email security
SIEM & SOAR Consolidating Cisco/Splunk ($28B); Big Three pulling away; SOAR absorbed into SIEM Security data lake may disintermediate SIEM storage role
GRC Fragmenting/rolling up 68 M&A deals in 2024 (highest of any segment); compliance automation boom Three-tier market: enterprise IRM, mid-market GRC, SMB compliance
OT/IoT Rapidly consolidating Armis/ServiceNow ($7.75B), Nozomi/Mitsubishi ($1B), Claroty IPO prep 3 of top 5 vendors in major M&A; IT vendors entering OT
Threat Intel Consolidating Mastercard/Recorded Future ($2.65B); Dataminr/ThreatConnect ($290M) Standalone TI being absorbed into platforms; TI becoming a feature
MDR & MSSP Consolidating Sophos/Secureworks ($859M); Zscaler/Red Canary ($675M); 600+ providers Vendor-led MDR growing fastest; massive shakeout expected by 2027
Vulnerability & ASM Mixed Tenable/Vulcan Cyber ($147M); Big Three VM vendors hold ~60% share CTEM framework driving platform expansion; EASM being absorbed
Security Awareness Stable Vista Equity/KnowBe4 ($4.6B); PE ownership at top of market Converging with email security; HRM replacing pure SAT

Consolidation Concentration

Four segments are consolidating so rapidly that the standalone vendor landscape may be unrecognizable by 2028: Cloud Security (CNAPP absorbing everything), Identity (Palo Alto platformization), Data Security (DSPM acquired en masse), and OT/IoT (3 of 5 leaders in M&A). See consolidation analysis for detailed deal tracking.

Investment Heat Map

This table ranks segments by investment attractiveness, combining growth rate, market gap density, regulatory tailwinds, and consolidation dynamics.

Rank Segment Growth Gap Density Regulatory Tailwind Consolidation Stage Investment Signal
1 OT/IoT Security Very High (24%+) Very High Strong (NIS2, NERC CIP, TSA) Active M&A Hottest
2 Cloud Security High (13--28%) High Strong (SOC 2, FedRAMP) Rapid consolidation Hottest
3 Identity & Access High (14--23%) High Very Strong (Zero Trust mandates, DORA) Rapid consolidation Hottest
4 Data Security High (17.5%) Very High Very Strong (GDPR, AI Act, CCPA) DSPM consolidated; AI governance greenfield Very Attractive
5 MDR & MSSP High (14--24%) High Moderate (insurance mandates) 600+ vendors, massive shakeout coming Very Attractive
6 Application Security High (17%) High Strong (EU CRA, SBOM mandates) PE-dominated; ASPM emerging Very Attractive
7 Vulnerability & ASM Moderate-High (8--30%) Moderate Strong (CISA KEV, PCI DSS 4.0) CTEM driving platform expansion Attractive
8 GRC Moderate-High (13%) Moderate Very Strong (NIS2, DORA, SEC rules) Highest M&A volume (68 deals in 2024) Attractive
9 Security Awareness High (16.8%) Moderate Strong (HIPAA, PCI, CMMC, DORA) Stable; HRM evolution Moderate
10 Threat Intelligence Moderate-High (14.7%) Moderate Moderate Standalone TI declining Moderate
11 SIEM & SOAR Moderate-High (14%) Moderate Strong (SOX, HIPAA log mandates) Big Three dominance; data lake disruption risk Moderate
12 Email Security Moderate (12.5%) Low-Moderate Moderate SEG-to-ICES transition Moderate
13 Endpoint Security Moderate (7%) Low-Moderate Moderate Microsoft bundling compresses margins Mature
14 Network Security Moderate (7.2%) Low Moderate Appliance refresh cycles Mature

Investment Signal Key

  • Hottest --- high growth, significant gaps, strong regulatory pull, and active M&A creating both opportunities and exit paths
  • Very Attractive / Attractive --- strong fundamentals with clear growth vectors
  • Moderate --- stable demand but either mature or facing consolidation pressure
  • Mature --- large markets but growth comes from sub-segments (SASE, XDR) rather than the category overall

Where the Gaps Are

The highest-density market gaps cluster around three themes, each cutting across multiple segments:

  1. AI security --- protecting AI agents, governing training data, securing LLM outputs (spans Identity, Data, AppSec, Endpoint)
  2. SMB underservice --- most segments price out organizations under 500 employees (spans MDR, Cloud, Data, GRC)
  3. OT/IoT depth --- Purdue Level 1/0 monitoring, IoMT, small utility security (concentrated in OT/IoT but touching SIEM, Vulnerability)

For the full gap analysis, see Underserved Areas.

Cross-References

Glossary

This glossary defines the acronyms and key terms used throughout the cybersecurity market research site. Use it as a quick reference when navigating segment analyses, pain-point discussions, and opportunity assessments.

A

Term Definition
ACL Access Control List — rules determining which users/systems can access resources
APT Advanced Persistent Threat — a prolonged, targeted cyberattack where an intruder gains and maintains unauthorized access
ASM Attack Surface Management — continuous discovery, inventory, and risk assessment of an organization's external-facing assets
ASPM Application Security Posture Management — unified visibility and risk management across the application lifecycle
AV Antivirus — software designed to detect, prevent, and remove malware

B

Term Definition
BAS Breach and Attack Simulation — automated tools that simulate real-world attacks to test security controls
BEC Business Email Compromise — a social-engineering attack targeting employees with access to company finances or data

C

Term Definition
C2 Command and Control — infrastructure used by attackers to communicate with compromised systems
CASB Cloud Access Security Broker — a security policy enforcement point between cloud consumers and providers
CCPA California Consumer Privacy Act — California state law granting consumers rights over their personal data
CIAM Customer Identity and Access Management — managing and securing external customer identities and authentication
CIEM Cloud Infrastructure Entitlement Management — managing identities and privileges in cloud environments
CTEM Continuous Threat Exposure Management — a program for continuously assessing and prioritizing threat exposures
CNAPP Cloud-Native Application Protection Platform — integrated security for cloud-native applications across the full lifecycle
CSPM Cloud Security Posture Management — continuous monitoring of cloud infrastructure for misconfigurations and compliance risks
CWPP Cloud Workload Protection Platform — security for workloads running in cloud environments (VMs, containers, serverless)
CVE Common Vulnerabilities and Exposures — a standardized identifier for publicly known cybersecurity vulnerabilities

D

Term Definition
DAST Dynamic Application Security Testing — testing a running application for vulnerabilities by simulating attacks
DCS Distributed Control System — a control system for managing industrial processes across multiple locations
DLP Data Loss Prevention — tools and processes to prevent unauthorized data exfiltration or leakage
DORA Digital Operational Resilience Act — EU regulation on ICT risk management for financial entities
DSPM Data Security Posture Management — discovering, classifying, and protecting sensitive data across cloud environments

E

Term Definition
EASM External Attack Surface Management — discovering and monitoring internet-facing assets for exposures
EDR Endpoint Detection and Response — tools that monitor endpoints for threats and provide investigation and response capabilities
EPP Endpoint Protection Platform — integrated endpoint security combining prevention, detection, and response

F/G

Term Definition
FAIR Factor Analysis of Information Risk — a quantitative model for understanding, analyzing, and measuring information risk
GRC Governance, Risk, and Compliance — integrated framework for aligning IT with business goals, managing risk, and meeting regulations
GDPR General Data Protection Regulation — EU regulation on data protection and privacy for individuals

H

Term Definition
HIPAA Health Insurance Portability and Accountability Act — US law governing the privacy and security of health information

I

Term Definition
IAB Initial Access Broker — specialized cybercriminals who compromise networks and sell access to ransomware operators and other buyers
IAM Identity and Access Management — framework for managing digital identities and controlling access to resources
ICS Industrial Control System — control systems used in industrial production and critical infrastructure
IDS Intrusion Detection System — a system that monitors network traffic for suspicious activity and alerts
ITDR Identity Threat Detection and Response — detecting and responding to identity-based attacks and compromises
IoT Internet of Things — network of physical devices embedded with sensors, software, and connectivity
IPS Intrusion Prevention System — a system that monitors and actively blocks detected threats in network traffic

L

Term Definition
LOTL Living Off the Land — attack technique using legitimate, pre-installed system tools and binaries rather than custom malware to evade detection

M

Term Definition
MaaS Malware-as-a-Service — cybercrime business model where malware developers sell or rent their tools to other criminals
MDR Managed Detection and Response — outsourced security service providing 24/7 threat monitoring, detection, and response
MITRE ATT&CK MITRE Adversarial Tactics, Techniques, and Common Knowledge — a knowledge base of adversary behaviors and techniques
MSSP Managed Security Service Provider — a third-party provider offering outsourced monitoring and management of security devices
MFA Multi-Factor Authentication — requiring two or more verification factors to gain access to a resource

N

Term Definition
NDR Network Detection and Response — detecting and responding to threats by analyzing network traffic patterns
NERC CIP North American Electric Reliability Corporation Critical Infrastructure Protection — security standards for the electric grid
NGAV Next-Generation Antivirus — advanced antivirus using behavioral analysis, AI, and machine learning beyond signature-based detection
NIS2 Network and Information Systems Directive 2 — updated EU directive on cybersecurity for essential and important entities
NIST CSF National Institute of Standards and Technology Cybersecurity Framework — a voluntary framework for managing cybersecurity risk

O

Term Definition
OT Operational Technology — hardware and software that monitors and controls physical devices and processes
OWASP Open Worldwide Application Security Project — a nonprofit focused on improving software security through open-source projects and guidance

P

Term Definition
PAM Privileged Access Management — securing, managing, and monitoring privileged accounts and access
PCI DSS Payment Card Industry Data Security Standard — security standards for organizations that handle credit card data
PII Personally Identifiable Information — any data that could identify a specific individual
PLC Programmable Logic Controller — an industrial computer used to control manufacturing processes

R

Term Definition
RaaS Ransomware-as-a-Service — cybercrime business model where ransomware operators provide malware and infrastructure to affiliates who conduct attacks, splitting profits
RGB Reconnaissance General Bureau — North Korea's primary intelligence agency responsible for clandestine operations including cyber operations

S

Term Definition
SASE Secure Access Service Edge — converged network and security-as-a-service architecture delivered from the cloud
SAST Static Application Security Testing — analyzing source code for vulnerabilities without executing the application
SBOM Software Bill of Materials — a formal inventory of components, libraries, and dependencies in a software product
SCA Software Composition Analysis — identifying open-source components and known vulnerabilities in a codebase
SCADA Supervisory Control and Data Acquisition — a system for monitoring and controlling industrial processes remotely
SD-WAN Software-Defined Wide Area Network — a virtual WAN architecture that simplifies branch networking and optimizes traffic
SEG Secure Email Gateway — a solution that filters inbound and outbound email to block threats and enforce policies
SIEM Security Information and Event Management — aggregating and analyzing log data for threat detection and compliance
SOAR Security Orchestration, Automation, and Response — tools that automate and coordinate security operations workflows
SOC Security Operations Center — a centralized team and facility for monitoring, detecting, and responding to security incidents
SOX Sarbanes-Oxley Act — US law mandating financial reporting and internal control requirements for public companies
SSE Security Service Edge — the security component of SASE, delivering SWG, CASB, and ZTNA as cloud services
SWG Secure Web Gateway — a solution that filters web traffic to enforce security policies and block threats

T

Term Definition
TAM Total Addressable Market — the total revenue opportunity available for a product or service
TCO Total Cost of Ownership — the complete cost of acquiring, deploying, and operating a solution over its lifetime
TIP Threat Intelligence Platform — a system for aggregating, correlating, and operationalizing threat intelligence data
TLS Transport Layer Security — a cryptographic protocol that provides secure communication over a network
TTP Tactics, Techniques, and Procedures — the patterns of behavior and methods used by threat actors to conduct cyber operations

V

Term Definition
VM Vulnerability Management — the ongoing process of identifying, evaluating, treating, and reporting security vulnerabilities

X

Term Definition
XDR Extended Detection and Response — unified threat detection and response across endpoints, network, cloud, and email

Z

Term Definition
ZTNA Zero Trust Network Access — a security model that grants access based on identity verification and least-privilege principles