2026 Q2 Threat Report: Track the Threats Shaping Enterprise Risk

Access the Exclusive Report
Get a Demo

Glossary

Clear Definitions for Complex Cybersecurity Concepts!

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

  • Active Defense Read More >
    Active defense is a proactive security strategy that is aimed at detecting, disrupting and identifying cyber threats before they cause significant damage...
  • Alert fatigue Read More >
    In the context of cybersecurity, alert fatigue means the diminished capacity of a security team to effectively distinguish, prioritise and act on meaningful security alerts because the volume, repetition or noise of alerts has desensitised the analysts.
  • Anomaly Read More >
    Anomaly is any data point or behaviour that deviates from the norm or usual pattern. Anomaly detection, or outlier detection, is a method to identify these abnormalities in an efficient way. This helps organizations and security team to catch errors, threats, or attack attempts at the earliest to enhance overall protection.
  • Apex Predator Read More >
    An apex predator is like a lion or shark—top of the food chain. In cybersecurity, it means the most powerful and dangerous attackers.
  • Attack Surface Read More >
    An organization’s attack surface is made up of different kinds of weaknesses. These are usually grouped into three main categories: Digital Attack Surface, Physical Attack Surface, and Social Engineering Attack Surface.

B

  • Behavioral Analytics Read More >
    Behavioral analytics studies normal user and system activity on a network, then spots any behavior that deviates from it.
  • Blindspot Read More >
    The blind spot definition encompasses network segments, endpoints, applications, and data flows that exist outside the reach of security monitoring tools.
  • Blue Team Read More >
    A blue team is made up of cybersecurity experts who protect an organization’s systems, networks, and data, focusing on constant defense against threats. Blue teams make sure security efforts are proactive and support the organization’s goals.
  • Breadcrumbs Read More >
    Breadcrumbs act as fake indicators such as credentials, files, URLs, database entries, network shares, or configuration artifacts that appear legitimate but are intentionally planted to detect unauthorized access attempts.

C

  • CIEM Read More >
    Cloud Infrastructure Entitlement Management, or CIEM, is a way to help you manage and control who has access to what in your cloud environments. It makes sure that the right people and services can reach the right resources — and nothing more.
  • Cloud Network Read More >
    Learn what a cloud network is, where it fits in security, key benefits, common drawbacks, and misconceptions in simple, practical terms.
  • Cloud Workload Security Read More >
    Cloud workload security refers to the technologies and security practices used to protect workloads running in cloud environments, including virtual machines (VMs), containers, Kubernetes clusters, serverless functions, and cloud-hosted applications.
  • Command and Control (C2) Read More >
    Command and Control, commonly known as C2, is the infrastructure and mechanisms used by attackers to remotely control compromised systems inside a target network.
  • CVE Read More >
    Common Vulnerabilities and Exposures is referred to as CVE. This open-access database lists known cybersecurity vulnerabilities in network, hardware, and software systems.
  • CWP Read More >
    Cloud Workload Protection (CWP) is a cybersecurity approach designed to secure workloads running in cloud environments such as virtual machines, containers, Kubernetes clusters, and serverless applications.
  • CWPP Read More >
    A workload refers to any application, service, virtual machine, container, or serverless function operating in public, private, or hybrid cloud infrastructure. A Cloud Workload Protection Platform (CWPP) is a cybersecurity solution designed to protect workloads running in cloud environments.
  • Cyber Extortion Read More >
    Cyber extortion is essentially online blackmail of businesses. Here, the attackers break into systems and gain access to data or accounts without permission.
  • Cyber Threats Read More >
    A cyber threat can be any malicious activity executed or initiated by criminals to: Damage data, Steal confidential information, or Disrupt digital operations.
  • Cyber Warfare Read More >
    Cyber warfare can affect government networks, power grids, financial systems, or military communications, and create effects similar to a situation that has devolved into armed conflict.
  • Cyberterrorism Read More >
    Cyberterrorism is when attackers use digital weapons to cause real-world chaos. We’re not talking about stealing credit cards or holding files for ransom – that’s regular cybercrime.
  • Cyberwarfare Read More >
    Cyberwarfare is when a country attacks another digitally to disrupt systems, steal data, or cause harm. Instead of soldiers, the fight uses malware, phishing, and hacking. It’s quiet but can be as damaging as regular war.

D

  • Data at Rest Read More >
    Data at rest sits idle in storage systems like hard drives, databases, backup tapes, cloud buckets, archived files.
  • Data Breach Read More >
    A data breach is a security incident in which unauthorized individuals or entities gain access to confidential or sensitive data held by your organization.
  • Data Compromise Read More >
    A data compromise occurs when sensitive, confidential, or protected information is accessed, exposed, stolen, altered, or destroyed by unauthorized individuals.
  • Data Exfiltration Read More >
    Learn what data exfiltration means in cybersecurity, the signs of data exfiltration, and the difference between data exfiltration and a data breach.
  • Data in Motion Read More >
    Data in motion is exactly what it sounds like information on the move. It’s those emails flying across the internet, files uploading to cloud drives, video calls streaming, databases syncing, apps talking to each other.
  • Data in Use Read More >
    Data in use is data that’s actively being worked on, whether it’s loaded into RAM, crunched by the CPU, pulled from a database, edited in a document, or used by an app.
  • Data Integrity Read More >
    Data integrity is maintained through a combination of technical controls, governance processes, and validation mechanisms that detect or prevent unauthorized modification, accidental corruption, or loss of data fidelity.
  • Data Leakage Read More >
    Data leakage is the unauthorized exposure, transmission, or accidental disclosure of sensitive information to individuals, systems, or locations that should not have access to it.
  • Data Masking Read More >
    Data Masking ensures that the original data, like personal details or financial records, stays safe while still allowing systems and applications to work normally.
  • Data Obfuscation Read More >
    The primary goal of data obfuscation is to prevent unauthorized users from understanding or exploiting the data while maintaining its usability for authorized purposes...
  • Data Protection Read More >
    Understand what data protection is, why it matters, key regulations, and best practices to safeguard personal and business data from misuse.
  • Data Security Read More >
    Learn what data security is, why it matters, key types, and how organizations protect sensitive data from breaches, loss, and cyber threats.
  • Data Theft Read More >
    Discover what data theft is, why it occurs, and how organizations can reduce the risk of sensitive data exposure and loss.
  • Deception Decoy Read More >
    Deception decoys are, by definition, a subset of deception technology. Decoys pretend to be any legitimate system, network, application, or data asset to attract cyber attackers.
  • DevSecOps Read More >
    DevSecOps is a software development methodology that incorporates security into every stage of the DevOps process – from planning and development, to deployment and maintenance.
  • DFIR (Digital Forensics and Incident Response) Read More >
    DFIR, short for Digital Forensics and Incident Response, is the process of investigating and responding to cybersecurity incidents. It helps you understand how an attack happened, what systems were affected, and how to recover safely.
  • Digital Footprint Read More >
    A digital footprint refers to the data trail you leave behind when using the internet—such as the websites you visit, emails you send, or information you submit online.
  • Digital Forensics Read More >
    Digital forensics is a dedicated branch of forensic science that focuses on finding, preserving, and presenting digital evidence. Digital forensics is important for solving cyber crimes such as hacking, data leaks, and identity theft.
  • DLP Read More >
    DLP systems detect policy violations by inspecting content (file types, keywords, metadata) and context (user behavior) across endpoints, networks, and cloud services.
  • Dwell time Read More >
    Learn what dwell time means in cybersecurity, why attackers stay hidden, and how reducing this risk window improves threat detection and response.

E

  • Endpoint Read More >
    An endpoint can be defined basically just as any device connected to a network, which also means that it functions as either an entry or exit point for the transfer of data.
  • EPP Read More >
    An Endpoint Protection Platform is an endpoint security capability designed to protect systems from compromise by preventing malicious software from executing.

F

  • False Negative Read More >
    A false negative occurs when a security control overlooks genuine malicious activity and labels it as benign. The threat slips through unchallenged, so no alert fires and no defensive action is taken.
  • False Positive Read More >
    A false positive arises when a security control mistakes normal, harmless activity for malicious behavior. The tool raises an alert, analysts investigate, yet no real threat exists.
  • File-Level Encryption (FLE) Read More >
    Encryption method that protects individual files rather than entire drives. Works by applying cryptographic algorithms to specific documents based on how sensitive they are.
  • Forensic Analysis Read More >
    Digital forensics involves examining electronic evidence after security breaches occur. Investigators look at compromised systems to understand what happened and which information attackers accessed.
  • Full-disk encryption (FDE) Read More >
    Full-Disk Encryption is a process that encrypts all data on your storage drive, not just selected files. This includes: Operating system files, Application data, User documents, and Temporary files and caches.

G

  • GDPR Read More >
    The acronym GDPR stands for General Data Protection Regulation and in its simplest terms the GDPR establishes standards for collecting, processing, keeping, and deleting personal information.

H

  • Hacker Read More >
    A hacker is a person skilled in computers and networks who uses their knowledge to access, test, or sometimes exploit systems. Hacking is not always illegal; it can be used to test systems and improve cybersecurity.
  • HIDS – Host-based Intrusion Detection System Read More >
    An HIDS or Host-based Intrusion Detection System is a tool that watches a device’s files, processes, and logs for suspicious activity.
  • Hybrid Cloud Read More >
    Hybrid cloud has evolved as organizations sought to balance the control and security of private clouds with the scalability and cost-effectiveness of public clouds.
  • Hybrid Network Read More >
    Hybrid network topology refers to the specific arrangement of various network topologies combined within a single hybrid network.

I

  • IaaS Read More >
    provides on-demand resources and lets businesses use infrastructure without owning data centers. IaaS is flexible and cheap, but weak settings or old systems can be risky.
  • IaC Security Read More >
    Think of infrastructure as code like a recipe for your cloud kitchen. Terraform files tell AWS to spin up three web servers behind a load balancer....
  • IDS (Intrusion Detection System) Read More >
    IDS works by continuously monitoring network events and analyzing them to detect suspicious activities like unauthorized access, policy breaks, or signs of security incidents, before they escalate.
  • Information Breach Read More >
    Breaches occur when unauthorized users access sensitive information. This includes: Personal details such as: Social Security numbers, Banking information, Medical records, and Corporate data, including Customer databases, Intellectual property, Financial documents.

J

  • Just-in-Time (JIT) Read More >
    Just-in-Time (JIT) access can help organizations with it! It’s a cutting-edge method of access management intended to reduce hazards without sacrificing efficiency or adaptability.

M

N

  • NDR Read More >
    NDR stands for Network Detection and Response. It means actively monitoring network traffic to detect threats and respond to them in real time or near real time.
  • Network Anomaly Read More >
    A network anomaly happens when something unusual occurs in your network that breaks away from typical patterns.
  • Network Forensics Read More >
    Learn the meaning of network forensics in cybersecurity, its role in detecting, analyzing, and responding to cyberattacks effectively.
  • Network Security Read More >
    Understand what network security is, how it protects systems from cyber threats, and the essential tools and strategies used to secure modern networks.
  • Network Segmentation Read More >
    Network segmentation is the practice of dividing a computer network into smaller, isolated segments to improve security, control traffic, and limit the spread of cyber threats.

O

  • Obfuscation Read More >
    Learn what malware obfuscation is, how attackers hide malicious code, and why understanding it is vital for stronger cybersecurity defenses.
  • OnPremise Read More >
    Learn about OnPremise, On-premise detection and response and On-premise differs from cloud detection and response.

P

  • PCAP Read More >
    PCAP stands for Packet Capture. Learn what it means, what a PCAP file is, and why it's important in network traffic analysis and cybersecurity.
  • Perimeter Defense Read More >
    Discover what perimeter defense means in cybersecurity, how it protects network boundaries, and why it remains vital in layered security.
  • Preemptive Cybersecurity Read More >
    Learn what preemptive cybersecurity means and how proactive defense strategies help detect, predict, and stop threats before they occur.
  • Public Cloud Read More >
    A public cloud is a type of cloud computing environment where computing resources such as servers, storage, and applications are hosted and managed by a third party provider and made available to multiple organizations or the general public over the internet.

R

  • RBAC Read More >
    Role-Based Access Control (RBAC) is a security framework that restricts access to systems, applications, and data based on a user's role within an organization.
  • RCE Read More >
    Remote Code Execution means an attacker can run malicious code on your device or server from a remote location, often without your permission or even your knowledge. Once they do, they can control your system, access files, steal data, or install more malware.
  • Reconnaissance Read More >
    Understand cyber reconnaissance — the intelligence-gathering phase of a cyberattack. Learn how attackers profile systems before launching threats.
  • Red Team Read More >
    Explore the definition of Red Team in cybersecurity. Learn how Red Team exercises test defenses, improve security, and identify vulnerabilities.
  • Risk Score Read More >
    Discover what a Risk Score means in cybersecurity. Learn how it measures potential threats and helps assess your organization’s security posture.

S

  • SCADA Read More >
    SCADA stands for Supervisory Control and Data Acquisition. Learn what it means and how it monitors and controls industrial processes.
  • Secure Web Gateway (SWG) Read More >
    A Secure Web Gateway (SWG) filters web traffic to block threats, enforce policies, and protect users. Learn its definition and how it works.
  • Sensitive Data Read More >
    In enterprise security, sensitive data encompasses a broad spectrum of information types, including sensitive personal data, personally identifiable information (PII), regulated data, and critical corporate data.
  • SIEM Read More >
    SIEM (Security Information and Event Management) is a system that collects, analyzes, and correlates security data from across networks to detect threats and respond faster.
  • Signatures Read More >
    A signature is a unique identifier derived from known malicious code or behavior—such as a specific sequence of bytes, file hash, or pattern of network activity.
  • SMTP Read More >
    Learn what SMTP is, how it works for email delivery, and why it’s essential for sending and receiving emails securely across the internet.
  • SOAR Read More >
    SOAR is a cybersecurity approach and technology platform designed to help security teams manage and respond to security incidents more efficiently.

T

  • TCP/IP Read More >
    Discover what TCP/IP means in cybersecurity, its role in secure data transfer, and why it’s vital for protecting networks from cyber threats.
  • TDIR Read More >
    Discover what TDIR means in cybersecurity. Learn its role in threat detection, investigation, and response to improve security operations.
  • Threat Containment Read More >
    It is one of the most critical phases of incident response, helping security teams limit damage while they investigate and eliminate the threat.
  • Threat Detection Read More >
    Threat Detection allows security teams to detect cyberattacks in a timely manner and prevents ransomware attacks from having long residence times, insider threats, and unauthorized access.
  • Threat Modeling Read More >
    Learn what threat modeling is in cybersecurity, its key steps, and how it helps identify and mitigate potential security risks effectively.
  • Triage Read More >
    Understand cybersecurity triage — the process of assessing and prioritizing security alerts to manage incidents efficiently.
  • TTP Read More >
    Learn what TTP (Tactics, Techniques, and Procedures) means in cybersecurity and how it helps identify, analyze, and defend against cyber threats.

U

  • UEBA Read More >
    Learn the meaning of UEBA in cybersecurity, how User and Entity Behavior Analytics works, and its role in detecting insider threats.

V

  • Vulnerability Read More >
    Discover the meaning of vulnerability in cybersecurity. Learn how system weaknesses are exploited and why managing them is critical for security.

X

  • XDR Read More >
    XDR (Extended Detection and Response) is a security approach that integrates multiple tools to detect, analyze, and respond to cyber threats.

Y

  • YARA Rules Read More >
    Learn what YARA rules are in cybersecurity, how they detect malware patterns, and why they’re vital for modern threat hunting and defense.

Z

  • Zero Trust Read More >
    Zero Trust is a cybersecurity framework that operates on the principle of "never trust, always verify."...