Defense & Operations terms

50 terms

Security Operations Center (SOC)
A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate.
SIEM
A platform that aggregates, normalizes and correlates security telemetry from across the enterprise to enable detection, investigation, compliance and reporting.
SOAR
A platform that automates and orchestrates SOC workflows by chaining detections, enrichments and response actions into playbooks executed across security tools.
XDR (Extended Detection and Response)
A security platform that unifies telemetry from endpoint, network, identity, email and cloud sensors to deliver correlated detections and integrated response actions.
MDR (Managed Detection and Response)
A managed service in which an external provider operates detection, threat hunting and incident response on behalf of a customer, typically using EDR/XDR and SIEM telemetry.
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
EPP (Endpoint Protection Platform)
A preventive endpoint security suite that combines antivirus, anti-malware, host firewall and exploit protection to block threats before they execute on a device.
NDR (Network Detection and Response)
A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response.
UTM (Unified Threat Management)
An all-in-one network security appliance that combines firewall, IPS, web filtering, antivirus and VPN in a single device, primarily targeted at SMBs and branch offices.
UBA (User Behavior Analytics)
An analytics technology that establishes baselines of normal user activity and flags anomalies to detect account misuse, insider threats and compromised credentials.
UEBA (User and Entity Behavior Analytics)
A security analytics approach that profiles normal behaviour of users and entities, then flags statistical deviations that may indicate compromise or insider misuse.
Threat Intelligence
Evidence-based knowledge about threats and threat actors — including indicators, TTPs and context — used to guide security decisions and detection.
Cyber Threat Intelligence (CTI)
Evidence-based, contextualised knowledge about cyber threats that helps defenders make faster, better-informed security decisions.
Tactical Threat Intelligence
Tactical Threat Intelligence — definition coming soon.
Strategic Threat Intelligence
Strategic Threat Intelligence — definition coming soon.
Operational Threat Intelligence
Operational Threat Intelligence — definition coming soon.
Indicator of Compromise (IoC)
Indicator of Compromise (IoC) — definition coming soon.
Indicator of Attack (IoA)
Indicator of Attack (IoA) — definition coming soon.
Tactics, Techniques and Procedures (TTPs)
Tactics, Techniques and Procedures (TTPs) — definition coming soon.
Threat Hunting
Threat Hunting — definition coming soon.
Red Team
Red Team — definition coming soon.
Blue Team
Blue Team — definition coming soon.
Purple Team
Purple Team — definition coming soon.
Yellow Team
Yellow Team — definition coming soon.
White Team
White Team — definition coming soon.
Penetration Testing
An authorized, simulated cyberattack against systems, applications, or people to identify exploitable weaknesses before real adversaries do.
Vulnerability Assessment
A systematic review of an environment to identify, classify, and prioritize security weaknesses, typically without active exploitation.
Vulnerability Scanning
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.
Attack Surface Management (ASM)
Continuous discovery, inventory, classification, and monitoring of all assets that expose an organization to potential cyberattack.
External Attack Surface Management (EASM)
Continuous discovery and monitoring of all internet-facing assets that belong to an organization, viewed from an outside-in attacker perspective.
Asset Management
Asset Management — definition coming soon.
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.
Configuration Management
The discipline of establishing, recording, and enforcing the desired state of systems and applications so configurations remain known, consistent, and secure.
Change Management
Structured process to propose, review, approve, schedule, implement, and review changes to IT systems with controlled risk and clear traceability.
Security Baseline
A documented, minimum-acceptable security configuration that all systems of a given type must meet before being placed into production.
System Hardening
Reducing the attack surface of a system by removing unnecessary features, tightening configurations, and enforcing secure defaults.
Security Controls
Safeguards or countermeasures — technical, administrative, or physical — used to prevent, detect, or respond to threats against information assets.
Preventive Controls
Controls designed to stop a security event from occurring in the first place by removing the opportunity or capability to act.
Detective Controls
Security measures designed to identify and alert on malicious activity, policy violations, or anomalies after they occur in an environment.
Corrective Controls
Security measures that act after an incident to limit damage, eradicate threats, and restore systems to a known-good state.
Compensating Controls
Compensating Controls — definition coming soon.
Security Posture
Security Posture — definition coming soon.
Mean Time to Detect (MTTD)
Mean Time to Detect (MTTD) — definition coming soon.
Mean Time to Respond (MTTR)
Mean Time to Respond (MTTR) — definition coming soon.
Mean Time to Contain (MTTC)
Mean Time to Contain (MTTC) — definition coming soon.
Mean Time to Recover (MTTR)
Mean Time to Recover (MTTR) — definition coming soon.
Service Level Agreement (SLA)
Service Level Agreement (SLA) — definition coming soon.
Recovery Time Objective (RTO)
Recovery Time Objective (RTO) — definition coming soon.
Recovery Point Objective (RPO)
Recovery Point Objective (RPO) — definition coming soon.
Business Impact Analysis (BIA)
Business Impact Analysis (BIA) — definition coming soon.

Defense & Operations terms

Security Operations Center (SOC)

SIEM

SOAR

XDR (Extended Detection and Response)

MDR (Managed Detection and Response)

EDR (Endpoint Detection and Response)

EPP (Endpoint Protection Platform)

NDR (Network Detection and Response)

UTM (Unified Threat Management)

UBA (User Behavior Analytics)

UEBA (User and Entity Behavior Analytics)

Threat Intelligence

Cyber Threat Intelligence (CTI)

Tactical Threat Intelligence

Strategic Threat Intelligence

Operational Threat Intelligence

Indicator of Compromise (IoC)

Indicator of Attack (IoA)

Tactics, Techniques and Procedures (TTPs)

Threat Hunting

Red Team

Blue Team

Purple Team

Yellow Team

White Team

Penetration Testing

Vulnerability Assessment

Vulnerability Scanning

Attack Surface Management (ASM)

External Attack Surface Management (EASM)

Asset Management

Patch Management

Configuration Management

Change Management

Security Baseline

System Hardening

Security Controls

Preventive Controls

Detective Controls

Corrective Controls

Compensating Controls

Security Posture

Mean Time to Detect (MTTD)

Mean Time to Respond (MTTR)

Mean Time to Contain (MTTC)

Mean Time to Recover (MTTR)

Service Level Agreement (SLA)

Recovery Time Objective (RTO)

Recovery Point Objective (RPO)

Business Impact Analysis (BIA)