Glossary of Terms

Attack Surface

Attack surfaces are all of the entry points where an unauthorized bad actor can potentially access and exploit flaws and weaknesses.
More

Automated Penetration Testing

Automated penetration testing tools systematize the process of detecting and validating vulnerabilities.
More

Breach and Attack Simulation

Breach and attack simulation (BAS) technologies enable improved visibility into enterprise security weak spots by automating testing of threat vectors such as external and insider, lateral movement, and data exfiltration.
More

Continuous Threat Exposure Management (CTEM)

Traditional vulnerability management programs can no longer keep up with rapidly expanding attack surfaces.
More

Cyberasset attack surface management

Cyberasset attack surface management (CAASM) enables security teams to overcome challenges associated with asset visibility and exposure.
More

Cybersecurity mesh architecture

A cybersecurity mesh architecture (CSMA) is a security operations approach for architecting composable, distributed security controls that improve cybersecurity effectiveness.
More

Digital risk protection services

Digital risk protection services (DRPS) are technology and services that protect digital resources and data from external threats, while reducing enterprise attack surfaces.
More

Ethical Hacking

Ethical hacking can be conducted by skilled security personnel or by automated penetration testing platforms.
More

Exposure management

Exposure management (EM) is a program based upon a set of processes and capabilities that allow enterprises to evaluate the visibility, accessibility, and vulnerability of their digital assets continually and consistently.
More

External Attack Surface Management

Cloud, mobility, IoT, and remote workforces have expanded enterprise attack surfaces, exposing potentially exposing enterprise assets to external threats.
More

MITRE ATT&CK Framework

The adversarial tactics, techniques, and common knowledge (MITRE ATT&CK) is a guideline for classifying and describing cyberattacks and intrusions.
More

Pentesting as a Service

Pentesting as a service (PTaaS) provides point-in-time and continuous application and infrastructure penetration testing services, which traditionally relied heavily on human pentesters using commercial/proprietary tools.
More

Red Team and Blue Team

A red team plays the role of an enemy or competitor to provide threat intelligence from the adversarial perspective.
More

Risk Validation

Risk validation is the process of determining how well a product or solution performs based upon predicted risk.
More

Threat intelligence

Increasing awareness of the threat landscape is an increasing demand by organizations to help identify risk and reduce their exposure.
More

Vulnerability assessment

Vulnerability assessment (VA) solutions operate across on-premises, cloud, and virtual environments to help reduce risk exposure.
More

Vulnerability prioritization technology

Vulnerability prioritization technology (VPT) streamlines the vulnerability analysis and mitigation process by identifying and prioritizing the vulnerabilities that pose the greatest organizational risks.
More