segments The cybersecurity market analyzed across 14 segments , organized into three tiers by how foundational they are to enterprise security.
Segment Map Core Security Stack Operational Security Specialized Segments Endpoint Security \nEDR/XDR/EPPNetwork Security \nNDR/SASE/FirewallCloud Security \nCSPM/CWPP/CNAPPIdentity & Access \nIAM/PAM/ZTNASIEM & SOAR \nLog ManagementMDR & MSSP \nManaged ServicesGRC \nCompliance/RiskVulnerability & ASM \nVM/EASMApplication Security \nSAST/DAST/SCAData Security \nDLP/DSPMEmail Security \nSEG/Anti-PhishingOT/IoT Security \nICS/SCADAThreat Intelligence \nTIP/Dark WebSecurity Awareness \nTraining/HRM Core Security Stack Endpoint Security EDR , XDR , EPP --- detecting and responding to threats on devicesMature Moderate growth
Deep Dive
Network Security NDR , SASE , firewalls --- securing network infrastructure and trafficMature Moderate growth
Deep Dive
Cloud Security CSPM , CWPP , CNAPP --- protecting cloud workloads and configurationsGrowing High growth
Deep Dive
Identity & Access IAM , PAM , ZTNA --- managing identity and Zero Trust accessMature High growth
Deep Dive
Operational Security SIEM & SOAR Log management, security orchestration, and automated response Mature Moderate growth
Deep Dive
MDR & MSSP Managed detection, response, and outsourced security services Growing High growth
Deep Dive
GRC Governance, risk management, and compliance automation Mature Moderate growth
Deep Dive
Vulnerability & ASM Vulnerability management, attack surface management, exposure assessment Growing High growth
Deep Dive
Specialized Segments Application Security SAST , DAST , SCA --- securing the software supply chainGrowing High growth
Deep Dive
Data Security DLP , DSPM --- protecting sensitive data across environmentsGrowing High growth
Deep Dive
Email Security Secure email gateways, anti-phishing, BEC protection Mature Low-moderate growth
Deep Dive
OT /IoT SecurityICS /SCADA protection, IoT device security, IT/OT convergenceEmerging High growth
Deep Dive
Threat Intelligence Threat intelligence platforms, dark web monitoring, AI-driven analysis Growing Moderate growth
Deep Dive
Security Awareness Security training, phishing simulation, human risk management Mature Moderate growth
Deep Dive
Segment Comparison Glossary This glossary defines the acronyms and key terms used throughout the cybersecurity market research site. Use it as a quick reference when navigating segment analyses, pain-point discussions, and opportunity assessments.
A Term Definition ACL Access Control List — rules determining which users/systems can access resources APT Advanced Persistent Threat — a prolonged, targeted cyberattack where an intruder gains and maintains unauthorized access ASM Attack Surface Management — continuous discovery, inventory, and risk assessment of an organization's external-facing assets ASPM Application Security Posture Management — unified visibility and risk management across the application lifecycle AV Antivirus — software designed to detect, prevent, and remove malware
B Term Definition BAS Breach and Attack Simulation — automated tools that simulate real-world attacks to test security controls BEC Business Email Compromise — a social-engineering attack targeting employees with access to company finances or data
C Term Definition C2 Command and Control — infrastructure used by attackers to communicate with compromised systems CASB Cloud Access Security Broker — a security policy enforcement point between cloud consumers and providers CCPA California Consumer Privacy Act — California state law granting consumers rights over their personal data CIAM Customer Identity and Access Management — managing and securing external customer identities and authentication CIEM Cloud Infrastructure Entitlement Management — managing identities and privileges in cloud environments CTEM Continuous Threat Exposure Management — a program for continuously assessing and prioritizing threat exposures CNAPP Cloud-Native Application Protection Platform — integrated security for cloud-native applications across the full lifecycle CSPM Cloud Security Posture Management — continuous monitoring of cloud infrastructure for misconfigurations and compliance risks CWPP Cloud Workload Protection Platform — security for workloads running in cloud environments (VMs, containers, serverless) CVE Common Vulnerabilities and Exposures — a standardized identifier for publicly known cybersecurity vulnerabilities
D Term Definition DAST Dynamic Application Security Testing — testing a running application for vulnerabilities by simulating attacks DCS Distributed Control System — a control system for managing industrial processes across multiple locations DLP Data Loss Prevention — tools and processes to prevent unauthorized data exfiltration or leakage DORA Digital Operational Resilience Act — EU regulation on ICT risk management for financial entities DSPM Data Security Posture Management — discovering, classifying, and protecting sensitive data across cloud environments
E Term Definition EASM External Attack Surface Management — discovering and monitoring internet-facing assets for exposures EDR Endpoint Detection and Response — tools that monitor endpoints for threats and provide investigation and response capabilities EPP Endpoint Protection Platform — integrated endpoint security combining prevention, detection, and response
F/G Term Definition FAIR Factor Analysis of Information Risk — a quantitative model for understanding, analyzing, and measuring information risk GRC Governance, Risk, and Compliance — integrated framework for aligning IT with business goals, managing risk, and meeting regulations GDPR General Data Protection Regulation — EU regulation on data protection and privacy for individuals
H Term Definition HIPAA Health Insurance Portability and Accountability Act — US law governing the privacy and security of health information
I Term Definition IAB Initial Access Broker — specialized cybercriminals who compromise networks and sell access to ransomware operators and other buyers IAM Identity and Access Management — framework for managing digital identities and controlling access to resources ICS Industrial Control System — control systems used in industrial production and critical infrastructure IDS Intrusion Detection System — a system that monitors network traffic for suspicious activity and alerts ITDR Identity Threat Detection and Response — detecting and responding to identity-based attacks and compromises IoT Internet of Things — network of physical devices embedded with sensors, software, and connectivity IPS Intrusion Prevention System — a system that monitors and actively blocks detected threats in network traffic
L Term Definition LOTL Living Off the Land — attack technique using legitimate, pre-installed system tools and binaries rather than custom malware to evade detection
M Term Definition MaaS Malware-as-a-Service — cybercrime business model where malware developers sell or rent their tools to other criminals MDR Managed Detection and Response — outsourced security service providing 24/7 threat monitoring, detection, and response MITRE ATT&CK MITRE Adversarial Tactics, Techniques, and Common Knowledge — a knowledge base of adversary behaviors and techniques MSSP Managed Security Service Provider — a third-party provider offering outsourced monitoring and management of security devices MFA Multi-Factor Authentication — requiring two or more verification factors to gain access to a resource
N Term Definition NDR Network Detection and Response — detecting and responding to threats by analyzing network traffic patterns NERC CIP North American Electric Reliability Corporation Critical Infrastructure Protection — security standards for the electric grid NGAV Next-Generation Antivirus — advanced antivirus using behavioral analysis, AI, and machine learning beyond signature-based detection NIS2 Network and Information Systems Directive 2 — updated EU directive on cybersecurity for essential and important entities NIST CSF National Institute of Standards and Technology Cybersecurity Framework — a voluntary framework for managing cybersecurity risk
O Term Definition OT Operational Technology — hardware and software that monitors and controls physical devices and processes OWASP Open Worldwide Application Security Project — a nonprofit focused on improving software security through open-source projects and guidance
P Term Definition PAM Privileged Access Management — securing, managing, and monitoring privileged accounts and access PCI DSS Payment Card Industry Data Security Standard — security standards for organizations that handle credit card data PII Personally Identifiable Information — any data that could identify a specific individual PLC Programmable Logic Controller — an industrial computer used to control manufacturing processes
R Term Definition RaaS Ransomware-as-a-Service — cybercrime business model where ransomware operators provide malware and infrastructure to affiliates who conduct attacks, splitting profits RGB Reconnaissance General Bureau — North Korea's primary intelligence agency responsible for clandestine operations including cyber operations
S Term Definition SASE Secure Access Service Edge — converged network and security-as-a-service architecture delivered from the cloud SAST Static Application Security Testing — analyzing source code for vulnerabilities without executing the application SBOM Software Bill of Materials — a formal inventory of components, libraries, and dependencies in a software product SCA Software Composition Analysis — identifying open-source components and known vulnerabilities in a codebase SCADA Supervisory Control and Data Acquisition — a system for monitoring and controlling industrial processes remotely SD-WAN Software-Defined Wide Area Network — a virtual WAN architecture that simplifies branch networking and optimizes traffic SEG Secure Email Gateway — a solution that filters inbound and outbound email to block threats and enforce policies SIEM Security Information and Event Management — aggregating and analyzing log data for threat detection and compliance SOAR Security Orchestration, Automation, and Response — tools that automate and coordinate security operations workflows SOC Security Operations Center — a centralized team and facility for monitoring, detecting, and responding to security incidents SOX Sarbanes-Oxley Act — US law mandating financial reporting and internal control requirements for public companies SSE Security Service Edge — the security component of SASE , delivering SWG , CASB , and ZTNA as cloud services SWG Secure Web Gateway — a solution that filters web traffic to enforce security policies and block threats
T Term Definition TAM Total Addressable Market — the total revenue opportunity available for a product or service TCO Total Cost of Ownership — the complete cost of acquiring, deploying, and operating a solution over its lifetime TIP Threat Intelligence Platform — a system for aggregating, correlating, and operationalizing threat intelligence data TLS Transport Layer Security — a cryptographic protocol that provides secure communication over a network TTP Tactics, Techniques, and Procedures — the patterns of behavior and methods used by threat actors to conduct cyber operations
V Term Definition VM Vulnerability Management — the ongoing process of identifying, evaluating, treating, and reporting security vulnerabilities
X Term Definition XDR Extended Detection and Response — unified threat detection and response across endpoints, network, cloud, and email
Z Term Definition ZTNA Zero Trust Network Access — a security model that grants access based on identity verification and least-privilege principles