The cybersecurity
glossary, decoded.

Convergence of WAN networking (SD-WAN) and cloud-delivered security services (SWG, CASB, ZTNA, FWaaS) into a single platform.

The security half of SASE - cloud-delivered SWG, CASB, ZTNA, and DLP without the SD-WAN connectivity component.

A security model based on "never trust, always verify" - every access request is authenticated, authorized, and encrypted regardless of network location.

Endpoint security capability focused on detection, investigation, and response to threats that have evaded prevention.

Detection and response that correlates telemetry across endpoint, network, email, identity, and cloud - beyond EDR's endpoint-only scope.

Network monitoring system that detects attacks and generates alerts - does not block inline.

Inline security control that detects and blocks network attacks based on signatures and behavioral analysis.

Firewall with application-aware inspection, integrated IPS, URL filtering, and SSL decryption - beyond stateful packet filtering.

Security technique that renders web content in disposable cloud containers; malicious code never reaches the endpoint.

Security service that inspects web traffic for malware, enforces URL policy, and applies content controls - historically on-prem, now cloud-delivered.

Identity-driven, application-level access to internal apps - the modern replacement for VPN.

Security layer between users and cloud apps; provides visibility, governance, and DLP for SaaS.

Use of IT resources (typically SaaS apps) without IT department approval or governance.

Threat prevention technique that strips active content from files (macros, scripts, exploits) and rebuilds them as safe versions.

DLP detection technique using regex patterns, dictionaries, and keywords - fast but high false-positive rate.

Security capability that discovers, monitors, and protects sensitive data across endpoints, networks, storage, cloud, and email.

DLP detection technique that fingerprints structured data sources (databases, CSV exports) and detects exact matches in outbound content.

DLP detection technique that fingerprints unstructured documents and detects when copies or substantial portions appear elsewhere.

DLP detection technique using trained ML classifiers for categories where rules and fingerprints don't scale.

Email fraud where attackers impersonate executives or trusted partners to authorize fraudulent wire transfers or data disclosure.

Email authentication using cryptographic signatures placed in headers by the sending mail server.

Email authentication standard that lets domain owners specify how receivers should treat mail that fails SPF or DKIM.

Social-engineering attacks that trick users into revealing credentials, clicking malicious links, or downloading malware.

Email authentication standard that lists authorized sending IPs / domains for a given sender domain via DNS TXT records.

Discipline for managing digital identities, authentication, authorization, and access control across enterprise systems.

Authentication requiring two or more independent factors (something you know, have, or are).

Specialized identity and access controls for accounts with elevated privileges (admin, root, service accounts).

Authentication that lets a user log in once and access multiple applications without re-authenticating.

Open framework documenting adversary tactics and techniques observed in real-world attacks.

Third-party provider that runs security monitoring and operations on a customer's behalf.

Platform that aggregates security events from across the environment for correlation, search, and alerting.

Platform that automates security operations workflows: playbook execution, integrations, case management.

Centralized team responsible for monitoring, detecting, investigating, and responding to security incidents.

Detection technique that uses ML to baseline normal user/entity behavior and flag anomalies.

Symantec's CASB product (formerly Elastica, acquired in 2015).

On-prem web proxy appliance (originally Blue Coat, acquired by Symantec, now Broadcom); being retired in favor of Cloud SWG.

Symantec's historical endpoint protection product (now branded SES); also refers to the on-prem agent managed by SEPM.

The on-prem management server for the legacy SEP product; in active retirement as customers migrate to cloud-managed SES Complete.

Modern brand name for Symantec's endpoint security platform; SES Complete is the cloud-managed SKU including EDR.

Symantec's cloud-delivered SWG product (now also marketed as Cloud SWG).