// Cybersecurity · Glossary · 40 terms
The cybersecurity
glossary, decoded.
Definitions of cybersecurity and Symantec terminology - written from implementer perspective, not vendor marketing. 40 terms across endpoint, network, cloud, identity, data protection, email, and threat intel. Each term links to relevant product pages and deeper deep-dives where applicable.
// Foundational
03 termsSASE
SASEConvergence of WAN networking (SD-WAN) and cloud-delivered security services (SWG, CASB, ZTNA, FWaaS) into a single platform.
Define →SSE
SSEThe security half of SASE - cloud-delivered SWG, CASB, ZTNA, and DLP without the SD-WAN connectivity component.
Define →Zero Trust
A security model based on "never trust, always verify" - every access request is authenticated, authorized, and encrypted regardless of network location.
Define →// Endpoint
02 terms// Network
06 termsIDS
IDSNetwork monitoring system that detects attacks and generates alerts - does not block inline.
Define →IPS
IPSInline security control that detects and blocks network attacks based on signatures and behavioral analysis.
Define →NGFW
NFFirewall with application-aware inspection, integrated IPS, URL filtering, and SSL decryption - beyond stateful packet filtering.
Define →RBI
RBISecurity technique that renders web content in disposable cloud containers; malicious code never reaches the endpoint.
Define →SWG
SWGSecurity service that inspects web traffic for malware, enforces URL policy, and applies content controls - historically on-prem, now cloud-delivered.
Define →ZTNA
ZTNAIdentity-driven, application-level access to internal apps - the modern replacement for VPN.
Define →// Cloud
02 terms// Data Protection
06 termsCDR
CDaRThreat prevention technique that strips active content from files (macros, scripts, exploits) and rebuilds them as safe versions.
Define →DCM
DCMDLP detection technique using regex patterns, dictionaries, and keywords - fast but high false-positive rate.
Define →DLP
DLPSecurity capability that discovers, monitors, and protects sensitive data across endpoints, networks, storage, cloud, and email.
Define →EDM
EDMDLP detection technique that fingerprints structured data sources (databases, CSV exports) and detects exact matches in outbound content.
Define →IDM
IDMDLP detection technique that fingerprints unstructured documents and detects when copies or substantial portions appear elsewhere.
Define →VML
VMLDLP detection technique using trained ML classifiers for categories where rules and fingerprints don't scale.
Define →BEC
BECEmail fraud where attackers impersonate executives or trusted partners to authorize fraudulent wire transfers or data disclosure.
Define →DKIM
DIMEmail authentication using cryptographic signatures placed in headers by the sending mail server.
Define →DMARC
DMARaCEmail authentication standard that lets domain owners specify how receivers should treat mail that fails SPF or DKIM.
Define →Phishing
Social-engineering attacks that trick users into revealing credentials, clicking malicious links, or downloading malware.
Define →SPF
SPFEmail authentication standard that lists authorized sending IPs / domains for a given sender domain via DNS TXT records.
Define →// Identity
04 termsIAM
IaAMDiscipline for managing digital identities, authentication, authorization, and access control across enterprise systems.
Define →MFA
MAAuthentication requiring two or more independent factors (something you know, have, or are).
Define →PAM
PAMSpecialized identity and access controls for accounts with elevated privileges (admin, root, service accounts).
Define →SSO
SSAuthentication that lets a user log in once and access multiple applications without re-authenticating.
Define →// Threat Intel
06 termsMITRE ATT&CK
Open framework documenting adversary tactics and techniques observed in real-world attacks.
Define →MSSP
MSSPThird-party provider that runs security monitoring and operations on a customer's behalf.
Define →SIEM
SIaEMPlatform that aggregates security events from across the environment for correlation, search, and alerting.
Define →SOAR
SOAaRPlatform that automates security operations workflows: playbook execution, integrations, case management.
Define →SOC
SOCCentralized team responsible for monitoring, detecting, investigating, and responding to security incidents.
Define →UEBA
UaEBADetection technique that uses ML to baseline normal user/entity behavior and flag anomalies.
Define →// Symantec-specific
06 termsCloudSOC
Symantec's CASB product (formerly Elastica, acquired in 2015).
Define →ProxySG
On-prem web proxy appliance (originally Blue Coat, acquired by Symantec, now Broadcom); being retired in favor of Cloud SWG.
Define →SEP
SEPSymantec's historical endpoint protection product (now branded SES); also refers to the on-prem agent managed by SEPM.
Define →SEPM
SEPMThe on-prem management server for the legacy SEP product; in active retirement as customers migrate to cloud-managed SES Complete.
Define →SES
SESModern brand name for Symantec's endpoint security platform; SES Complete is the cloud-managed SKU including EDR.
Define →WSS
WSSSymantec's cloud-delivered SWG product (now also marketed as Cloud SWG).
Define →// Need someone who knows these terms in practice?
Glossary explains the term.
CyberKIS ships the deployment.
Every definition above corresponds to something we have actually built and deployed. Talk to an engineer about your specific environment.