Attack Surface
The total set of points where an attacker could attempt to enter or extract data from a system — every device, account, API, and exposed service. Shrinking it is one of the highest-leverage defensive moves you can make.
Cybersecurity Glossary
The language of defense, decoded.
Security is full of jargon — and confusion is the attacker's friend. This A–Z explains the terms, acronyms, and concepts every defender, executive, and IT team should understand, in plain English with no hand-waving.
A
APT (Advanced Persistent Threat)
A well-resourced, often state-sponsored adversary that gains long-term, stealthy access to a network. APTs prioritize patience and persistence over quick payouts.
B
Botnet
A network of compromised devices controlled remotely by an attacker, used to send spam, mine cryptocurrency, or launch large-scale DDoS attacks.
BEC (Business Email Compromise)
A fraud technique where attackers impersonate executives or vendors over email to trick employees into wiring money or sharing sensitive data. Low-tech, high-payout.
C
C2 (Command & Control)
The infrastructure attackers use to communicate with and direct malware on compromised machines. Detecting C2 traffic is often the first sign of an active intrusion.
CVE
Common Vulnerabilities and Exposures — a standardized identifier (e.g. CVE-2026-3187) assigned to a publicly known security flaw, making it easy to track and prioritize patching.
D
DLP (Data Loss Prevention)
Technology and policies that detect and block sensitive data — like customer records or source code — from leaving an organization improperly.
DDoS
A Distributed Denial of Service attack overwhelms a target with traffic from many sources at once, knocking services offline. Often used to extort or to distract from a quieter intrusion.
E
EDR (Endpoint Detection & Response)
Software that continuously monitors laptops, servers, and other endpoints for malicious behavior, enabling rapid investigation and containment.
Encryption
The process of scrambling data so only someone with the right key can read it. Essential for protecting data at rest and in transit — and, ironically, the core weapon of ransomware.
F
Firewall
A barrier that filters network traffic against a set of rules, allowing legitimate connections and blocking unauthorized ones. The classic first line of network defense.
False Positive
A security alert that flags benign activity as malicious. Too many false positives cause alert fatigue, the condition in which real threats get missed in the noise.
I
IOC (Indicator of Compromise)
A piece of forensic evidence — a malicious hash, IP address, or domain — that signals a system may have been breached. The raw material of threat intelligence.
IAM (Identity & Access Management)
The framework of policies and tools that ensures the right people have the right access to the right resources — and nothing more.
M
MFA (Multi-Factor Authentication)
Requiring two or more proofs of identity — something you know, have, or are — before granting access. One of the single most effective controls against account takeover.
Malware
Any software written to harm, exploit, or gain unauthorized access to a system — including viruses, worms, trojans, ransomware, and spyware.
MDR (Managed Detection & Response)
A service that combines security tooling with a human team to detect, investigate, and respond to threats on a customer's behalf, 24/7.
MITRE ATT&CK
A globally adopted knowledge base of real-world adversary tactics and techniques, used to map detections and measure defensive coverage.
P
Phishing
A social-engineering attack that uses deceptive messages — usually email — to trick people into revealing credentials or running malware. Still the most common breach entry point.
Penetration Testing
An authorized, simulated attack against your systems to find and fix exploitable weaknesses before a real adversary does.
Passkey
A phishing-resistant credential that replaces passwords with cryptographic keys tied to your device, eliminating the most-attacked link in authentication.
Privilege Escalation
The act of gaining higher access rights than originally granted — for example, turning a standard user account into an administrator. A key step in most intrusions.
R
Ransomware
Malware that encrypts a victim's data and demands payment for its return. Modern variants also steal data first, threatening to leak it — known as double extortion.
Red Team
A group that emulates real adversaries to test an organization's defenses end to end — people, process, and technology — under realistic conditions.
S
SIEM
Security Information and Event Management — a platform that aggregates and correlates logs from across an environment to surface suspicious activity.
SOC (Security Operations Center)
The team and facility responsible for continuously monitoring, detecting, and responding to security threats — the nerve center of an active defense.
SOAR
Security Orchestration, Automation, and Response — tooling that automates repetitive response actions so analysts can focus on the threats that need human judgment.
Social Engineering
Manipulating people rather than machines to gain access — through deception, urgency, or impersonation. The human layer is often the easiest to breach.
T
Threat Intelligence
Evidence-based knowledge about existing and emerging threats — actors, tactics, and indicators — used to inform faster, smarter defensive decisions.
Threat Hunting
Proactively searching through systems for hidden threats that evaded automated detection, rather than waiting for an alert to fire.
V
Vulnerability
A weakness in software, hardware, or process that an attacker can exploit to compromise a system. Managing them is a continuous, prioritized effort.
VPN
A Virtual Private Network creates an encrypted tunnel between a user and a network. Powerful when secured — and a prime target when not.
X
XDR (Extended Detection & Response)
An evolution of EDR that unifies detection and response across endpoints, identity, email, cloud, and network into a single, correlated view.
XSS (Cross-Site Scripting)
A web vulnerability that lets an attacker inject malicious scripts into pages viewed by other users, hijacking sessions or stealing data.
Z
Zero Trust
A security model that assumes no user or device is trustworthy by default — every access request is continuously verified. "Never trust, always verify."
Zero-Day
A vulnerability unknown to the vendor and unpatched at the time it's exploited, giving defenders "zero days" to prepare. Among the most dangerous threats.
Knowledge is defense
Understanding the threat is the first step to stopping it
Now put it into practice. See how S-Security turns these concepts into round-the-clock protection with a tailored demo and a free risk assessment.