Cybersecurity Glossary

Advanced Persistent Threat – An advanced persistent threat is an attack in which an unauthorized user gains access to a system or network without detection.

Anomali Security Operations Platform – A fully integrated security operations platform that combines ETL, SIEM, XDR, SOAR, and TIP to deliver security analysis, enabling customers to detect, investigate, respond to, and remediate threats in minutes. 

Anomali Copilot – Generative AI solution based on LLMs using the industry’s largest threat repository to mitigate hallucination. Anomali Copilot makes our platform the fastest and most comprehensive solution.

Anomali ThreatStream – The largest, most comprehensive threat intelligence database that powers the LLM and AI. Correlate infinite IOCs and IOAs with relevant telemetry to drive meaningful insights.

Anomali Security Analytics – Best-in-class, cloud-native security big data solution that consolidates ETL, SIEM, XDR, SOAR, and TIP capabilities into one AI-powered integrated solution at a fraction of the cost of competing offers. 

Authentication – The process of identifying a user’s identity and ensuring they can access the system and/or files. This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination of the above.

AV (Anti-virus) – Software that stops known malware. Critical to stop viruses before they become active

Backdoor – A backdoor is a hidden method of bypassing security to gain access to a restricted part of a computer system.

Botnet – A botnet is a collection of malware-infected computers that threat actors can control to perform some action simultaneously.

Brute Force Attack – A brute force attack is an activity that involves repetitive, successive attempts to break into any website using various password combinations.

BYOD (Bring Your Own Device) – A policy that allows users to access company systems and data from their personal devices.

CASB (Cloud Access Security Broker) – Service that ensures access to cloud apps and monitors unsanctioned activities.

CSP (Content Security Policy) – Policy framework that protects against code injection attacks and other malicious content on trusted web pages.

Data Breach – The result of a hacker successfully breaking into a system, gaining control of its network, and exposing its data, usually personal data covering items such as credit card numbers, bank account numbers, Social Security numbers, and more.

Data Lake – A centralized repository that stores, processes, and secures large amounts of data in its original form. Data lakes can store any type of data, including structured, semi-structured, and unstructured, from any source without sacrificing fidelity.

DDoS (Distributed Denial of Service) – A denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to a network.

Deepfake – Deepfake refers to any video in which faces have been either swapped or digitally altered, with the help of AI.

DLP (Data Loss Prevention) – An application that monitors and restricts the sharing of sensitive information to prevent data breaches. 

Encryption – Encryption is the method by which information is converted into secret code that hides the information's true meaning.

EDR (Endpoint Detection and Response) – This is an application or service that continuously monitors device health and responds to cyber threats on distributed devices. 

Exploit – A means of attack on a computer system, either a series of commands, malicious software, or a piece of infected data. Note that in this context, “exploit” is a noun, not a verb, as in “The hacker used a malware exploit to gain access to the credit card’s server.”

FedRAMP (Federal Risk and Authorization Management Program) – Federal mandate that provides a standardized approach to security assessment and authorization for cloud products and services.

Firewall – A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. 

FWaaS (Firewall as a Service) – Firewall capabilities as a cloud service to monitor and block malicious traffic.

Hacker/Black Hat – Any hacker who attempts to gain unauthorized access to a system with the intent to cause mischief, damage, or theft. They can be motivated by greed, a political agenda, or simply boredom.

Hacker/White Hat – A hacker invited to test out computer systems and servers, looking for vulnerabilities, to inform the host of where security needs to be buffed up. 

HEAT (Highly Evasive Adaptive Threats) – Threats that use sophisticated techniques to evade multiple detection layers.

Honeypot – A decoy system or network that serves to attract potential attackers.

HTML Smuggling – Uses legitimate browser features to sneak malicious content past traditional security measures.

LURE (Legacy URL Protection Evasion) – Attacks that exploit previously safe websites that have been compromised.

Malware – Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or unknowingly interfere with the user's computer security and privacy.

Man-in-the-browser – A form of Internet threat related to man-in-the-middle (MITM), is a proxy trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web applications.

Man-in-the-middle – An attack on the “middleman”, in this case, is defined as the Wi-Fi system that connects users to the Internet. Hackers who commit Man in the Middle Attacks can break the Wi-Fi’s encryption and use this as a means of stealing your personal data because they’re now in the system.

MFA (Multi-factor Authentication) – A technique that uses multiple methods to verify the identity of someone trying to access the network.

Pentesting – An approach to security evaluation where manual exploitations and automated techniques are used by attack and security professionals. Only environments with a solid security infrastructure should employ this advanced kind of security evaluation with a mature security infrastructure. Penetration tests can disrupt operations and harm systems because they employ the same equipment, procedures, and methodology as malicious hackers.

Phishing – Attacks that trick victims into revealing sensitive information by pretending to be trustworthy entities.

Ransomware – Malware that locks access to files and is followed by a ransom demand to release them.

RBI (Remote Browser Isolation) – An application that runs dynamic content in a remote browser in the cloud to protect the user's device.

SASE (Secure Access Service Edge) – A service that delivers security and network services through the cloud for secure, continuous access.

SD-WAN (Software defined wide area network) – A service that optimizes traffic routes between locations across any network architecture.

SIEM (Security Information and Event Management) – An application that correlates reporting data for threat investigation and root cause analysis.

SOAR (Security Orchestration, Automation, and Response) – SOAR refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies—where incident analysis and triage can be performed by leveraging a combination of human and machine power—help define, prioritize, and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.

SOC (Security Operations Center) – Teams (departments) that investigate potential breaches using forensic and threat intelligence tools.

Spoofing – Attacks where the attacker disguises as a trustworthy entity to steal money, data, or network access.

Social Engineering – This strategy relies on user manipulation and human psychology. An employee might receive an email from a social engineer purporting to be from the IT department to deceive him into disclosing private information rather than trying to uncover a software weakness in a company system. Spear phishing assaults are built on a foundation of social engineering.

Spoofing – when a hacker changes the IP address of an email so that it seems to come from a trusted source.

Spyware – Software that collects user data without consent and sends it to third parties. 

SWG (Secure Web Gateway) – Protects users from web-based threats by blocking malicious content before it reaches the device. 

TIP (Threat Intelligence Platform) – Threat Intelligence Platform is a technology discipline that helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions.

Trojan Horse – Malware disguised as harmless software to gain access to a system.

Qakbot – An example of a banking trojan that steals banking credentials and financial data.

UEBA (User Entity and Behavoid Analytics) – UEBA uses machine learning to detect anomalies in the behavior of users and devices connected to a corporate network.

VPN (Virtual Private Network) – Allows remote users to connect securely to the corporate network as if they were in the office. 

WAAPaaS (Web Application and API Protection as a Service) – A service that protects against malicious activities originating from web applications by monitoring web traffic.

WAF (Web Application Firewall) – A service that filters, monitors, and blocks HTTP traffic to and from a web service to prevent attacks like DDoS.

Worm – Malware that can reproduce itself for the purpose of spreading itself to other computers in the network. Worms can either simply slow down a system by eating up resources or by committing exploits such as installing back doors or stealing data.

Zero Trust – An approach that eliminates implicit trust, continuously validating every transaction.

ZTNA (Zero Trust Network Architecture) – Grants access only to necessary applications for a specific role, operating under the Zero Trust approach.