ACL

CERT

CISSP

CNAPP  

Access Control List

Advanced Persistent Threat

Computer Emergency Response Team

Certified Information Systems Security Professional

Cloud Native Protection Platforms

Dynamic Application Security Testing

Endpoint Protection Scoring System

Human Intelligence

MDR

NAC                                

A formal and approved list of users who have defined access rights to an asset. Access control lists are also installed in routers or switches, where they act as filters, managing which traffic can access the network.

APT

CND

Computer network defense

DAST

A bad actor, usually state-sponsored or nation-state group, which uses sophisticated techniques for their criminality. APTs can remain undetected for some time.

Cloud Security Posture Management

A group of security experts within a company responsible for incidents and reporting.

CSPM            

This certification covers the fundamentals of cybersecurity. Individuals that are CISSPs are considered extremely knowledgeable in the cybersecurity field. This certification is offered by ISC.

A cloud-based software platform that simplifies monitoring, detecting, and dealing with cloud security threats and vulnerabilities. CNAPP takes an integrated, lifecycle approach to protecting both hosts and workloads for cloud application development environments.

Actions taken to defend against unauthorized activity within computer networks. CND includes monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities.

Concentrates on security assessment and compliance monitoring for workloads in public cloud environments. It can be used to provide a unified view across disparate cloud environments.

Is the process of analysing a web application through the front-end to find vulnerabilities through simulated attacks.

EPSS

An open, data-driven effort for predicting when software vulnerabilities will be exploited.

HUMINT

This abbreviation refers to information collected by threat researchers from sources across the dark web. These teams are out there hunting down potential threats and stopping them before they occur.

IAM

Identity Access Management

A framework of policies and technologies to ensure that the right users have the appropriate access to technology resources.

Managed Detection and Response

Providers deliver technology and human expertise to perform threat hunting, monitoring, and response.

Network Access Control  

SSL      

Secure Sockets Layer

TLS    

Transport Layer Security

A widely adopted cryptographic protocol designed to provide privacy and data security for communications over the Internet. TLS is designed to prevent data from being eavesdropped on or tampered with. It protects the integrity of private communications and sensitive information.

WAF

Web Application Firewall

An approach to computer security that attempts to unify endpoint security technology, user or system authentication and network security enforcement, providing visibility and control of devices accessing a corporate network.

The standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.

A Web Application Firewall is a type of firewall that filters, monitors, and blocks HTTP traffic to and from a web service. It is designed to prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting, file inclusion, and improper system configuration.

XDR

Extended Detection and Response

is about taking multiple security products into a cohesive security operations system. Essentially, XDR is about taking a holistic approach to more efficient, effective detection and response.