Ad Image

Endpoint Security Glossary of Terms—InfoSec Acronyms Defined

Having a hard time keeping up with InfoSec jargon? We’ve got you covered. Solutions Review’s A to Z Endpoint Security glossary has definitions for over 60 of the most popular security terms and acronyms. Be sure to bookmark this page and check back on a regular basis as we expand this endpoint security glossary. And don’t forget to check out our 2017 SIEM and Security Analytics Buyer’s Guide for a complete market overview of the top 24 SIEM vendors, available here.


Advanced Persistent Threat (APT)

An advanced persistent threat (APT) is a type of network attack in which an unauthorized entity gains access to a network and stays there, undetected, for an extended amount of time. Usually, the perpetrator of an APT wants to escalate their own privileges in order to steal data, rather than damaging the network, which would likely blow their cover.

The discovery of meaningful patterns in data, usually revealed by an analytics software solution.

Antivirus is software that detects, blocks, and remediates malware., such as worms, trojans, spyware, ransomware, and viruses.

A security audit is a systematic evaluation of a company’s network and information security practices and policies.


A hacker with malicious intent.

A bot is a computer that is being controlled by a remote attacker.

A botnet is a network of infected computers controlled by a remote attacker.

An incident that results in the disclosure of potential exposure of data


The Information System Security Professional Certification is a vendor-neutral independent certification, offered by the International Information System Security Certification Consortium (ISC2). A CISSP is a security professional who has attained that certification.

A senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals.

A senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure that information assets and technology are protected.

In IT and data storage terminology, compliance refers to organizational compliance with government regulations regarding data storage and management and other IT processes.

The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.

An illegal activity involving a computer or network-connected device.


A tool that is used to create, deploy and analyze information. Typically, a dashboard will consist of a single screen and show various reports and other metrics that the organization is studying.

DLP products are tools that help network administrators prevent data loss (duh) by controlling which data end users may transfer.

In a distributed denial-of-service (DDoS) attack, a large number of compromised systems target a single system and overload its servers, causing a denial of service for legitimate users of the targeted system.


The process of transforming data into an unintelligible form so the original data either cannot be obtained or can be obtained only by using a decryption process.

An endpoint is any internet-connected device on a network.

According to Gartner, an endpoint protection platform (EPP) is a solution that combines multiple endpoint security functionalities into a single platform that delivers antivirus, anti-spyware, personal firewall, application control and other styles of host intrusion prevention (for example, behavioral blocking) capabilities into a single solution.

Endpoint security is any process aimed at protecting a network from elicit access via connected endpoints.

Endpoint Detection and Response (EDR) is a term referring to a class of endpoint security solutions focused on detecting, investigating, and mitigating illicit activities and problems on hosts and endpoints.

An action or the result of an action. Events are often logged and monitored for security purposes.

Event correlation is a technique for making sense of a large number of events and pinpointing the few events that are really important in that mass of information. In a security context, correlation is the act of linking multiple events together to detect strange behaviors.

A term for any method used by hackers to gain unauthorized access to a network.


A false positive is normal behavior on a network that is identified as malicious. Too many false positives can drown out true alerts.

A process that validates the integrity of operating systems and application software files using a verification method between the current file state and a known baseline state.

A firewall is a network device used to control network access based on set rules and policies.

The Federal Information Security Management Act (FISMA) is a United States Law, signed into law in 2002, that defines a framework to protect US government digital information, operations, and assets against threats.


A device or program used to connect networks or systems with different network architectures.

The Gramm-Leach-Bliley Act (GLBA) is an act of US Congress that repealed part of the Glass-Steagall Act, and which regulates the collection and disclosure of private financial information.

The Good Practices Guide 13 is a UK regulation that stipulates that HMG organizations must follow protective monitoring processes for their HMG ICT systems in order to gain access to the UK Government Connect Secure Extranet (GCSX).

Governance, Risk and Compliance.


A hacker is an individual that uses illicit system access methods and exploits to gain access to computer systems and networks, often for the purpose of sabotage and theft.

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.

A trap set to detect, deflect or in some manner, counteract attempts at unauthorized use of information systems. Consists of computer data or a network site that appears to be part of a network but is actually isolated and monitored.


Identification is the process by which an entity’s information is gathered and verified for accuracy.

An organizational approach to addressing and managing the aftermath of a breach or attack (AKA an incident). An Incident Response Plan aims to limit damages incurred by an incident and bring down recovery time and costs.

Defined by the SANS Institute as ” the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.”

Information technology (IT) infrastructure is a combined set of hardware and virtual resources that support an overall IT environment.

Intrusion Detection and Prevention Systems are network security appliances that monitor network and/or system activities for malicious activity.


An old or outdated software tool.


A type of artificial intelligence that provides computers with the ability to learn without being specifically programmed to do so, focusing on the development of computer applications that can teach themselves to change when exposed to new data.

Any software that is intended to damage or disable computers and computer systems.


The North American Electric Reliability Corporation Critical Infrastructure Protection plan (NERC CIP) is a set of requirements designed to secure North America’s bulk electric system.

A term that describes the policies and procedures implemented to avoid the hacking and exploitation of a network and its resources.

A Next Generation Firewall is an integrated network platform that combines traditional firewall capabilities with other filtering functionalities such as deep packet inspection (DPI), intrusion prevention, and other techniques.


A process that involves the identification and protection of generally unclassified critical information or processes that can be used by a competitor or adversary to gain real information when pieced together.


The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

Penetration testing, or pentesting is the act of testing a system, network, or applications for flaws and vulnerabilities.

The perimeter of a network is the boundary between the private and locally managed-and-owned side of a network and the public and usually provider-managed side of a network.

Solutions that help the user discover patterns in large data sets in order to predict future behavior.


A type of malware that weaponizes encryption to block access to a computer system or service until a ransom is paid.

The ability to use all available enterprise data as needed and usually involves streaming data that allows users to make decisions on the fly.

A piece of software used to remotely access or control a computer.

The collection of data from various sources and software tools for presentation to end-users in a way that is understandable and easy to analyze.

A rootkit is a toolkit, or a collection of programs, that allows administrator-level access to a network.


A sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third parties, suppliers, untrusted users and untrusted websites.

A contract between a service provider or vendor and the customer that defines the level of service expected. SLAs are service-based and specifically define what the customer can expect to receive.

An international, vendor-neutral professional certification provided by CompTIA for IT professionals who want to become certified in IT security.

A security incident, or a security event, is any notable change in the normal operations of a network. This could be a breach, a failure of a security policy, or simply a warning that there may be a threat to information or computer security.

A person that takes on security management tasks.

A security operations center (SOC) is a business unit that deals with security issues on an organizational level.

A security policy is a document that outlines how an organization will protect itself from threats, and how it will handle incidents when they do occur.

A Secure Web gateway is a tool that filters unwanted software or malware from internet traffic and implements regulatory policy compliance.

A software delivery model in which software is licensed on a subscription basis and is centrally hosted and typically accessed by end-users using a client via web browser.

Sarbanes–Oxley, Sarbox or SOX, is a United States federal law that set new or expanded requirements for all U.S. public company boards, management, and public accounting firms.SOX requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud.

Software that allows a malicious actor to covertly gather information about another user’s computer activities by transmitting data from their device.


A cyberattack that aims to breach the security network of a specific organization.

Information about current or potential attacks on an organization.

In information security, a Trojan is a piece of malware disguised as a harmless program.


According to Gartner, Unified threat management (UTM) is “a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM: firewall/intrusion prevention system (IPS)/virtual private network, secure Web gateway security (URL filtering, Web antivirus [AV]) and messaging security (anti-spam, mail AV).”


A self-replicating piece of code that is loaded onto a computer without its owner’s knowledge, typically for negative purposes.

A vulnerability, or vuln, is a term referring to a flaw in a system, program, or network that can leave it open to attack. A vulnerability may also refer to a weakness in security procedures or even personnel.

Vulnerability scanning is the act of scanning or inspecting a network for possible vulnerabilities, exploits, or security holes.


A white hat is a hacker who finds and discloses vulnerabilities before they can be used with malicious intent.


A zero-day is an exploit that utilizes a vulnerability on the same day that the vulnerability becomes known. Ie., There have been zero days between the discovery of the vulnerability (by information security professionals) and its exploitation.