Resources

Cybersecurity Glossary

Plain-language definitions of real-world cybersecurity terms, threats, and defense concepts.

164 terms

A

Abuse Mailbox: An abuse mailbox is the designated email address—typically formatted as abuse@company.com, phishing@company.com, or security@company.com—where employees forward suspicious emails they receive to IT and security teams for further evaluation and analysis. It is a crucial component of an organization's threat detection and incident response capabilities.
Adaptive Authentication: Adaptive authentication dynamically adjusts security requirements based on real-time risk assessment, enabling organizations to balance robust protection with seamless user experiences.
Advanced Persistent Threat (APT): An Advanced Persistent Threat (APT) is a sophisticated, long-term cyberattack in which a highly skilled and well-resourced threat actor gains unauthorized access to a target network and maintains stealthy, persistent access over an extended period—often months or years—to achieve specific strategic objectives.
Adversary-in-the-Middle: Adversary-in-the-Middle (AitM) attacks intercept authentication between users and services to hijack sessions and bypass multi-factor authentication.
AI TRiSM: AI TRiSM (AI Trust, Risk, and Security Management) is a framework designed to ensure that artificial intelligence systems operate safely, ethically, and transparently within organizations. The term was coined by Gartner as an acronym referring to a comprehensive approach for how organizations should identify and mitigate risks surrounding the reliability, security, fairness, and trust of AI models and applications.
AI-Enabled Cyberattacks: AI-enabled cyberattacks (also called AI-powered or offensive AI attacks) are cyberattacks that leverage artificial intelligence and machine learning algorithms to automate, enhance, scale, or improve the effectiveness of malicious activities. These attacks use AI to make traditional attack techniques more sophisticated, more targeted, harder to detect, and easier to execute at scale.
Alert Fatigue: Alert fatigue refers to the condition where security operations center (SOC) analysts become overwhelmed by the sheer volume of security alerts, leading to decreased vigilance, slower response times, and reduced effectiveness in identifying genuine threats.
Angler Phishing: Angler phishing is a sophisticated social engineering attack that targets social media users by impersonating legitimate customer service accounts on platforms like Twitter (X), Facebook, LinkedIn, and Instagram to steal credentials and sensitive information.
Arbitrary Code Execution: Arbitrary code execution (ACE) represents one of the most critical cybersecurity threats organizations face today, enabling complete system compromise through unauthorized command execution. Arbitrary code execution enables attackers to run unauthorized commands with system-level privileges, representing a complete compromise of enterprise security infrastructure.
Attack Surface: An attack surface is the total set of points an attacker can exploit to access a system, including digital, physical, and human vulnerabilities. More specifically, it refers to the total set of potential entry points an attacker can exploit to gain unauthorized access to a system or environment, which includes internet-facing services, endpoints, cloud resources, APIs, user behavior patterns, and third-party integrations.
Attack Vector: An attack vector is a method or pathway that cybercriminals use to gain unauthorized access to networks, systems, or data. Attack vectors are the specific techniques attackers use to exploit vulnerabilities—the "how" of a cyberattack—whether through malware hidden in an attachment, credentials stolen through a fake login page, or vulnerabilities in unpatched software.

B

Backdoor Attack: A backdoor attack creates a persistent, unauthorized access pathway into systems while bypassing normal authentication and security controls. Unlike opportunistic malware designed for immediate financial gain, adversaries deliberately engineer backdoor attacks for long-term persistence and stealth operation, enabling continued access to compromised systems over extended periods.
Barrel Phishing: Barrel phishing uses a series of benign emails to establish trust before deploying malicious requests, exploiting relationship dynamics rather than immediate pressure tactics.
Blast Phishing: Blast phishing distributes high-volume, generic phishing emails to thousands of recipients simultaneously, relying on scale rather than precision to achieve successful credential theft and system compromise.
Blue Team (Cybersecurity): Blue team cybersecurity represents the defensive backbone of enterprise security operations. Blue teams continuously monitor networks, detect threats, and respond to incidents through structured frameworks and proactive threat hunting methodologies, protecting organizational assets from both external attackers and insider threats.
Bring Your Own Device (BYOD): Bring Your Own Device (BYOD) refers to organizational policies that allow employees to use their personal devices—including smartphones, tablets, laptops, and personal computers—to access corporate networks, applications, and data to perform work-related tasks.

C

Catfishing: Catfishing is the deliberate creation of false online personas to deceive and manipulate victims for financial gain, information theft, or emotional exploitation. Attackers construct elaborate fictional identities using stolen photos, fabricated backgrounds, and sophisticated social engineering to establish trust before pivoting to exploitation that can compromise both personal and corporate security.
Chargeback Fraud: Chargeback fraud occurs when authorized cardholders deliberately dispute legitimate transactions to obtain unauthorized refunds, exploiting consumer protection mechanisms.
CISO (Chief Information Security Officer): A Chief Information Security Officer (CISO) is a C-suite executive responsible for establishing and overseeing an organization's entire information security program. This strategic leadership role combines deep technical expertise with business acumen to protect critical assets while enabling digital transformation and innovation.
Clone Phishing: Clone phishing is a type of phishing attack in which attackers create a convincing replica of a legitimate email that the victim has previously received. The attacker compromises or impersonates the original sender and uses the cloned email to deceive victims into entering login credentials, paying an invoice, downloading malware, or sharing sensitive data. These emails are often nearly identical to a previous legitimate email the victim received, except a malicious attachment or link replaces the original legitimate one.
Cloud Email: Cloud-based email is an email delivery and storage method hosted and maintained by an outside provider that allows organizations and users to securely send, receive, and store emails. Rather than managing email infrastructure on-premises, organizations leverage cloud email platforms provided by companies like Microsoft (Microsoft 365/Exchange Online) and Google (Google Workspace/Gmail).
Cloud Security: Cloud security encompasses the technologies, policies, and controls designed to protect data, applications, and infrastructure hosted in cloud computing environments. It protects data, applications, and infrastructure in cloud environments through shared responsibility models, encryption, access controls, and continuous monitoring across public, private, and hybrid deployments.
Cloud Security Posture Management (CSPM): Cloud Security Posture Management (CSPM) is a set of tools and processes designed to keep cloud-based environments secure by continuously identifying misconfigurations, enforcing security policies, and maintaining a strong security posture across cloud infrastructure and applications.
Command and Control (C&C): Command And Control (C&C) infrastructure functions as the communication backbone cybercriminals use to remotely control compromised systems after initial exploitation. This infrastructure establishes covert bidirectional channels where attackers send commands to infected systems and receive stolen data in return.
Consent Phishing: Consent phishing is a specialized type of phishing attack that exploits the OAuth 2.0 authorization protocol to gain unauthorized access to user data and cloud services by tricking users into granting permissions to malicious applications. Rather than stealing login credentials directly, consent phishing manipulates victims into consenting to data access through the legitimate OAuth permission flow.
Critical Systems: Critical systems are high-value infrastructure components that require elevated privileges and provide essential trust functions, making them prime targets for sophisticated cyber threats.
Cyber Risk Scoring: Cyber risk scoring is a method of quantifying an organization's exposure to cyber threats using a numeric score that reflects how vulnerable the organization is to cyberattacks. This score evaluates the strength of security controls, policies, infrastructure, and digital footprint to provide continuous, objective assessment of cybersecurity posture across internal systems and third-party ecosystems.
Cyberattack: A cyberattack is a malicious attempt by individuals or groups to access, damage, destroy, or disrupt computer systems, networks, data, or digital infrastructure. Cyberattacks target businesses, governments, individuals, and critical infrastructure, and can result in financial loss, data theft, reputational damage, and operational disruption.
Cybersecurity Awareness: Cybersecurity awareness is the knowledge and practices that help individuals and organizations recognize, prevent, and respond to cyber threats through training, vigilance, and security best practices.

D

Dark Web Monitoring: Dark web monitoring continuously scans hidden internet marketplaces to detect when an organization's credentials, sensitive data, or proprietary information appear for sale or discussion among cybercriminals, enabling swift response before attackers can exploit exposed information.
Data Breach: A data breach is the unauthorized access and exposure of an organization's private information. Data breaches typically involve malicious, intentional actions to access secured data, including cyberattacks like phishing, ransomware, or hacking into secure systems to steal sensitive information.
Data Exfiltration: Data exfiltration refers to the unauthorized transfer of information from enterprise systems—one of the most critical cybersecurity threats in the modern landscape. Attackers conduct data exfiltration to steal sensitive organizational data including intellectual property, financial records, customer information, employee data, and strategic business intelligence.
Data Governance: Data governance establishes the framework of policies, processes, and accountability that ensures data remains accurate, secure, and compliant throughout its lifecycle. It defines how data is collected, stored, accessed, and used to support business objectives while ensuring compliance with regulations and industry standards.
Data Leakage: Data leakage involves the unintentional exposure of sensitive information through misconfigurations, human error, or inadequate security controls—without malicious intent. Unlike data breaches, which are deliberate attacks by threat actors seeking to steal information, data leakage typically results from accidental actions or security gaps rather than targeted exploitation.
Data Protection: Data protection is a systematic approach to safeguarding organizational information assets through integrated security controls, regulatory compliance, and risk management frameworks.
Digital Forensics: Digital forensics is the investigation and analysis of electronic data to uncover evidence of cybercrime, security breaches, or policy violations. More specifically, it is the systematic process of collecting, preserving, analyzing, and presenting electronic evidence from digital devices to support legal investigations and cybersecurity incident response.
Distributed Denial-of-Service (DDoS) Attack: A distributed denial-of-service (DDoS) attack is a cyberattack where a server, system, or network is overloaded with traffic and rendered nonfunctional. A DDoS attack is different from a regular denial-of-service (DoS) attack in that it is committed by multiple IP addresses or machines, rather than just one.
DKIM (DomainKeys Identified Mail): DomainKeys Identified Mail (DKIM) is an email security standard that protects your domain name from email spoofing, ensures emails are not altered during transit, and prevents outgoing emails from getting marked as spam.
DNS Cache Poisoning & Spoofing: How It Works: DNS spoofing (also called DNS cache poisoning) involves tampering with DNS records to redirect users to malicious sites, even when they enter the correct URL. DNS poisoning or spoofing occurs when traffic is maliciously diverted from a legitimate site to a fake site by hackers.
DOS Attack (Denial-of-Service Attack): A Denial-of-Service (DoS) attack is a cyber weapon that overwhelms systems, servers, or networks with malicious traffic, rendering them unavailable to legitimate users and causing significant operational and financial damage to targeted organizations.
Doxxing: Doxxing is the malicious practice of researching and broadcasting private information about individuals or organizations without consent, typically to enable harassment, intimidation, or reputational damage. Derived from "dropping documents," this tactic has evolved into a sophisticated enterprise threat that targets executives, employees, and corporate infrastructure through coordinated information exposure campaigns.
Dwell Time Reduction: Dwell time reduction means shortening how long attackers remain hidden in a system after breaking in, which directly limits the damage they can cause. Dwell time refers to the duration a threat actor remains undetected within a system or network after gaining access—a critical time window from initial compromise to detection that directly impacts the scope and severity of cyberattacks.

E

Email Archiving: Email archiving is the process of storing email communications outside the mail server and indexing them for future search and retrieval. Email archiving involves securely storing emails in a separate, searchable system—making it easy to access old emails that are no longer needed for immediate operations but should not be permanently deleted.
Email Encryption: Email encryption transforms readable messages into unreadable ciphertext, protecting sensitive data from interception while ensuring only authorized recipients can decode business communications and regulated information.
Email Forensics: Email forensics specialists systematically examine and analyze email evidence to investigate cybersecurity incidents, support legal compliance, and identify digital threats. Email forensics specializes in the collection, examination, analysis, and reporting of email-based evidence within digital forensics investigations.
Email Protection: Email protection is a combination of software and processes designed to defend an organization's inboxes from email-based cyberattacks, ranging from email security software that scans and detects malicious content and intent in messages, to security awareness training for end users. Email is the most common entry point for cyberattacks, making comprehensive email protection essential for organizational security.
Email Quarantine: Email quarantine provides a controlled isolation mechanism that stores potentially harmful messages, preventing delivery while enabling security review processes. Modern email quarantine systems function as trust verification layers within broader email security architectures, enhancing trust in email communications through systematic threat isolation and analysis.
Email Scams: Email scams are cyberattacks that use social engineering to deceive recipients into sharing sensitive information, sending money, or downloading malware. In modern email scams, attackers craft convincing messages that appear to come from trusted sources, exploiting trust to manipulate victims into taking harmful actions. These scams often rely on urgency, fear, or authority to override skepticism and bypass common red flags.
Email Security: Email security is a collection of processes and technologies that protect email accounts, users, and organizations from unauthorized access and malicious messages. Email is the most common attack vector for cybercriminals, making robust email security essential for every organization.
Ethical Hacker: Ethical hackers are authorized cybersecurity professionals who use penetration testing methodologies to identify vulnerabilities and strengthen enterprise security defenses before malicious actors can exploit them. Unlike malicious hackers who operate without authorization, ethical hackers have explicit written permission from the organization being tested and operate within defined scope and rules of engagement.
Executive Impersonation: Executive impersonation exploits organizational hierarchy through sophisticated email-based attacks that bypass traditional security controls by mimicking trusted authority figures.

F

False Positive in Cybersecurity: False positives in cybersecurity refer to security alerts that incorrectly identify benign or expected activity as potential threats. False positives in cybersecurity alerts flag benign activities as threats, overwhelming security teams with unnecessary investigations and reducing operational efficiency.
FedRAMP: FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government-wide program that standardizes security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. Established to ensure that cloud services used by the federal government meet rigorous security requirements, FedRAMP creates a unified framework that enables cloud service providers to pursue a single authorization reusable across multiple agencies.
Firewall: A firewall is a type of network security that filters incoming and outgoing traffic. It acts as a barrier between a trusted, internal network and an unknown, external network—like the Internet.

G

GDPR (General Data Protection Regulation): GDPR is a data privacy law in the European Union that regulates the collection and processing of personal data. Businesses that operate in the EU need a strong cybersecurity framework to comply with the GDPR to avoid substantial penalties.

H

Hacktivist: Hacktivists use hacking techniques to advance political or social causes rather than financial gain. Hacktivists represent a distinct category of cyber threat actor who uses computer hacking techniques to promote ideological, political, or social causes.
HIPAA Compliance: HIPAA compliance refers to the adherence to standards established by the Health Insurance Portability and Accountability Act of 1996, which mandates how organizations must protect and handle protected health information (PHI).
Honeypot in Cybersecurity: A honeypot in cybersecurity is an intentionally vulnerable decoy system used to attract attackers, gather threat intelligence, and enhance organizational security defenses.
How Cloud Access Security Brokers (CASB) Work: A cloud access security broker (CASB) is a security solution that acts as an intermediary between users and cloud service providers and enforces security policies across all cloud-based resources, ensuring consistent security measures are applied throughout an enterprise's cloud environment. A CASB enforces cloud security policies between cloud service providers and users.

I

Identity and Access Management: Identity and Access Management (IAM) verifies and governs digital identities across your entire technology stack, from users and devices to applications and services. IAM forms the foundation of security by controlling who accesses what, when they access it, and how they prove they belong — protecting against credential attacks while enabling productivity.
Identity Management: Identity management (IDM) verifies and governs digital identities across an organization's entire technology stack—from users and devices to applications and services. This security discipline establishes unique digital identities, authenticates access requests, and enforces precise permissions based on verified attributes rather than relying on network location.
Impersonation Attacks: An impersonation attack is a type of cybercrime where a criminal poses as a known, trusted person or organization to steal confidential data or money. Impersonation attacks trick employees into authorizing payments or sharing sensitive data by convincingly posing as executives, vendors, colleagues, financial institutions, or other trusted entities.
Incident Response: Incident response is the structured process organizations use to detect, contain, and recover from cyberattacks, minimizing damage through coordinated teams, proven methodologies, and integrated security tools. It is a systematic approach organizations employ to prepare for, detect, manage, and recover from cybersecurity incidents such as data breaches, ransomware attacks, or unauthorized system access.
Indicators of Compromise: Indicators of Compromise (IOCs) are forensic artifacts or pieces of digital evidence that suggest a network, system, or device may have been breached or is currently under attack. IOCs serve as "digital fingerprints" that provide security teams with crucial information to detect, analyze, and respond to cyber threats.
Insider Threat: An insider threat is a person within an organization who poses a cybersecurity risk. This person uses their credentials, trusted status, and knowledge of internal systems to compromise a network, steal data, commit fraud, or leak sensitive information to unauthorized parties outside the organization—either intentionally or accidentally.
Integrated Cloud Email Security: Integrated Cloud Email Security (ICES) is a cloud-based email security solution that supplements the native security capabilities of a cloud email provider like Microsoft 365 or Google Workspace. Unlike traditional Secure Email Gateways (SEGs) that require routing email through a separate system, ICES solutions integrate directly with cloud email environments via API, working alongside the provider's built-in security rather than replacing it.
Internet of Things (IoT): The Internet of Things (IoT) refers to physical devices, vehicles, appliances, and other objects embedded with sensors, software, and internet connectivity, enabling them to collect and exchange data through the web. IoT encompasses everything from consumer devices like smart home appliances to Industrial IoT (IIoT) devices that are part of manufacturing processes.
Intrusion Detection System (IDS): An intrusion detection system (IDS) monitors network traffic and system activity for malicious patterns, policy violations, and suspicious behavior. Unlike firewalls that block traffic at the perimeter, IDS solutions analyze data flow passively to detect threats that may already be inside the network, providing critical alerts when attack patterns or anomalies surface.
IP Reputation: IP reputation measures the trustworthiness or credibility of an IP address based on its historical behavior and activities. In the context of email security, IP reputation helps identify malicious senders, route suspicious emails to spam folders, or block them entirely. If an IP address consistently sends authentic, spam-free emails, it maintains a positive IP reputation score; IP addresses associated with spam, malware, or abusive behavior receive negative scores.
ISC2: ISC2 (International Information System Security Certification Consortium) is the world's largest nonprofit cybersecurity certification organization, providing globally recognized credentials that validate security expertise and drive professional development for cybersecurity practitioners worldwide.

K

Keylogger: A keylogger is malicious software or hardware designed to capture and record every keystroke typed on a computer or mobile device without the user's knowledge. These covert surveillance tools represent one of the most persistent cybersecurity threats, capable of stealing passwords, credit card numbers, personal information, and confidential business data by monitoring keyboard input in real time.

L

Lateral Movement: Lateral movement refers to the techniques that threat actors use to progressively move through a network after gaining initial access, escalating privileges, accessing additional systems, and working toward their ultimate objective such as data exfiltration, ransomware deployment, or long-term persistence.
Least Privilege Access: Network Segmentation: Dividing networks into isolated zones forces lateral movement attempts to cross monitored security boundaries, increasing visibility and friction.
Lightweight Directory Access Protocol: LDAP (Lightweight Directory Access Protocol) is an Internet protocol that enables access to distributed directory services, allowing organizations to centralize user authentication and authorization across enterprise environments.
Living Off The Land Attack: Living Off The Land (LOTL) attacks weaponize legitimate administrative tools to bypass security controls and conduct malicious operations. These sophisticated attacks exploit system binaries, PowerShell, Windows Management Instrumentation (WMI), and built-in networking utilities already present in target environments to achieve persistence, privilege escalation, and data exfiltration while appearing as normal system administration activities.
Log Files: Log files provide structured records of system events and activities, delivering essential forensic evidence and real-time visibility for cybersecurity threat detection and incident response.
Look-Alike Domains: Look-alike domains (also called lookalike domains) are subtly manipulated domain names designed to impersonate legitimate brands, used by threat actors to launch phishing attacks, harvest credentials, and facilitate business email compromise.

M

Malware: Malware is a type of malicious software designed to disrupt a victim's computer, server, or network. It is a catch-all term for software like viruses, trojan horses, ransomware, spyware, worms, and more.
Man-in-the-Middle Attacks: Man-in-the-middle (MITM) attacks are a type of cyberattack in which a criminal secretly intercepts and potentially alters data or communications between two parties—such as a user and a web application, or a client and a server—without either party knowing. The attacker positions themselves between the victim and their intended destination, allowing them to eavesdrop on, capture, or manipulate the communication.
MDM - Mobile Device Management: Mobile Device Management (MDM) enables organizations to secure, monitor, manage, and enforce security policies across employees' mobile devices, regardless of service provider or operating system.
Mean Time to Detect (MTTD): Mean Time to Detect (MTTD) is a cybersecurity and system reliability metric that measures the average time it takes an organization to identify a security incident or system failure after it occurs. This metric reflects how quickly threats are detected and serves as a critical component of any incident response framework.
Mean Time to Respond (MTTR): Mean Time to Respond (MTTR) is a critical security operations metric that measures the average time elapsed from when a security alert or incident is first detected to when it is fully resolved and systems are restored to normal operation. It is also referred to as Mean Time to Resolve, Mean Time to Restore, or Mean Time to Repair, depending on organizational context.
MFA Bypass: A multi-factor authentication (MFA) bypass occurs when an attacker exploits weaknesses in MFA security controls to gain unauthorized access to an account, circumventing the additional verification steps designed to protect user identities beyond passwords alone.
MFA Fatigue Attacks: An MFA fatigue attack (also called MFA bombing or push bombing) is a social engineering tactic where attackers who have obtained a victim's credentials repeatedly send multi-factor authentication push notification requests to the victim's mobile device or authenticator app, hoping the victim will eventually approve one of the requests to stop the barrage of notifications.
MITRE ATT&CK: MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally accessible knowledge base of adversary behaviors across the cyberattack lifecycle. Developed in 2013 from MITRE's Fort Meade Experiment, it provides a comprehensive, structured framework cataloging the tactics, techniques, and procedures (TTPs) that real-world threat actors use to compromise systems and networks.
Multifactor Authentication (MFA): Multifactor Authentication (MFA) is a security mechanism requiring users to provide multiple verification methods before gaining access to an account or system. Rather than relying solely on a password, MFA adds additional layers of protection that make unauthorized access significantly more difficult even when credentials have been stolen.
MX Record: An MX record, or mail exchange record, is a type of DNS (Domain Name System) resource record that specifies the mail server responsible for accepting email messages on behalf of a domain. When someone sends an email to user@examplesite.com, the MX record directs the sending server to the appropriate mail server—such as Google's Gmail servers or Microsoft's Exchange Online—where email for that domain is hosted.

N

Network Level Authentication: Network Level Authentication (NLA) validates user credentials before establishing RDP (Remote Desktop Protocol) sessions, blocking unauthorized connection attempts.
Network Security: Network security encompasses the technologies, processes, and policies designed to protect the integrity, confidentiality, and availability of computer networks and their data. It defends against unauthorized access, misuse, modification, and denial of network resources through layered technical and administrative controls.
Network Segmentation: Network Access Control (NAC): Enforces security policies on devices before they are permitted to connect to the network, ensuring endpoints meet security requirements.
NIST Framework: The NIST Cybersecurity Framework (CSF) is a voluntary, risk-based framework developed by the National Institute of Standards and Technology that provides organizations with a structured approach to managing and reducing cybersecurity risk. It is widely considered the gold standard for building comprehensive cybersecurity programs across industries and organizational sizes.

O

OAuth: OAuth is an open authorization standard that enables applications to access user resources across different platforms without sharing passwords, using secure tokens instead of credentials. OAuth 2.0 is the current widely accepted industry standard that is ubiquitous across the internet.
OPSEC: OPSEC (Operational Security) is a systematic process that protects organizational information from adversaries by identifying, controlling, and securing data that reveals capabilities, intentions, and vulnerabilities.
OSI Model: The OSI (Open Systems Interconnection) model is a conceptual framework that divides network communication functions into seven distinct layers. This standardized model enables different computer systems, applications, and network technologies to communicate effectively, regardless of their underlying architecture or manufacturer.

P

Packet Loss: Packet loss is a data transmission error when pieces of data (packets, in this case) do not make it to their intended destination. Packet loss is usually caused by network congestion, software bugs, cyberattacks, or hardware issues.
Patch Management: Patch management is the systematic process of identifying, testing, prioritizing, and deploying software updates to remediate known vulnerabilities and maintain system security across IT infrastructure.
Payment Fraud: Modern payment fraud has evolved beyond simple wire transfer scams to include complex supply chain attacks through Vendor Email Compromise (VEC), where attackers target third-party suppliers to reroute invoice payments or gain downstream access to enterprise systems.
Penetration Testing: Penetration testing is an authorized simulated cyberattack against computer systems, networks, or applications to identify and exploit security vulnerabilities. Also known as "pen testing" or "ethical hacking," this proactive security assessment demonstrates how attackers could breach defenses, access sensitive data, or disrupt operations through controlled exploitation of discovered weaknesses.
Phishing Simulation: Phishing simulation is a controlled cybersecurity training technique that involves delivering realistic but harmless phishing attacks to employees to test their response behavior and build organizational resilience against email security threats.
Pretexting: Pretexting is a form of social engineering attack in which cybercriminals construct elaborate false identities and believable fictional scenarios to establish trust with a target before requesting sensitive data, credentials, or actions that compromise security. Unlike direct phishing attempts that immediately request credentials, pretexting operates as trust-building infrastructure that enables advanced, multi-stage campaigns.
Proxy Server: A proxy server acts as an intermediary or gateway between a user and the Internet, serving as the middleman between an end user and a network resource while providing an added layer of security and privacy.

Q

QR Code Phishing Attacks: QR code phishing, also known as quishing, is a phishing attack where an attacker embeds a malicious QR code in an email or other communication to trick victims into visiting a fraudulent website, entering credentials, or downloading malware. The QR code typically redirects users to a page designed to steal login credentials, financial information, or install malicious software.

R

Red Team Cyber Security: Red team cybersecurity simulates real-world cyberattacks to test an organization's defenses, detection capabilities, and incident response through ethical hacking exercises. Ethical hackers are authorized cybersecurity professionals who use penetration testing methodologies to identify vulnerabilities and strengthen enterprise security defenses before malicious actors exploit them.
Remote Desktop Protocol (RDP): Remote Desktop Protocol (RDP) is Microsoft's proprietary network protocol that enables users to remotely access and control Windows computers over a network connection. It transmits display output from the remote system to the user's local device while sending keyboard and mouse input from the local device to the remote system, creating a seamless remote desktop experience.
Risk Assessment: Risk assessment is the systematic process of identifying, analyzing, and prioritizing cybersecurity threats to protect organizational assets, inform security investment decisions, and ensure regulatory compliance. Risk assessment bridges strategic business objectives with tactical security operations, providing the analytical foundation for building effective security programs.
Role-Based Access Control (RBAC): Role-Based Access Control (RBAC) is a formal cybersecurity model that restricts system access through organizational roles rather than individual permissions, reducing administrative complexity while improving security scalability. RBAC assigns permissions to roles that represent job functions, and users are granted access by being assigned to appropriate roles.

S

Sandbox: A sandbox is a computer security term for an isolated environment where any suspicious or unknown code can run without putting the host device or network at risk. Sandboxes are vital in cybersecurity to vet and analyze potential threats.
Scareware: Scareware is a social engineering attack that uses fake security alerts, fraudulent system warnings, and alarming pop-up notifications to manipulate users into downloading malware or paying for fraudulent software solutions through fear and urgency.
Secure Email Gateways: Why They're Not Enough: A secure email gateway (SEG) is an email security solution that filters incoming and outgoing emails to detect suspicious and potentially malicious messages. A secure email gateway blocks common email threats. But it has not kept up with modern email cyberattacks.
Security Awareness Training: Security awareness training is a program that teaches employees to adhere to cybersecurity best practices, recognize common threats like phishing and malware, and respond appropriately to cyberattacks to improve organizational security. Security awareness training minimizes security risks by empowering employees with the tools and knowledge needed to defend against cyber threats, and it is a necessary component of a comprehensive cybersecurity strategy.
Security Control Frameworks: Organizations structure their security control implementations around established frameworks including NIST SP 800-53, ISO 27001, CIS Controls, and SOC 2. These frameworks provide structured catalogs of controls mapped to specific threats, compliance requirements, and security domains.
Security Controls: Security controls are measures, safeguards, and countermeasures implemented to protect information systems and organizational assets from threats, reduce risk to acceptable levels, and ensure the confidentiality, integrity, and availability of data. They encompass the complete range of technical, administrative, and physical measures that organizations deploy to defend against cyberattacks, prevent unauthorized access, detect security incidents, and recover from breaches.
Security Information and Event Management (SIEM): Security Information and Event Management (SIEM) platforms centralize threat detection, compliance monitoring, and incident response across enterprise environments through automated log analysis and correlation.
Security Operations Center (SOC): A Security Operations Center (SOC) centralizes monitoring, detection, analysis, and response to cybersecurity threats across an organization's environment. It is a team of IT security professionals that protects the organization by monitoring, detecting, analyzing, and investigating cyber threats around the clock.
Security Orchestration, Automation and Response (SOAR): SOAR (Security Orchestration, Automation and Response) is a software solution that integrates disparate security tools, automates routine security operations, and streamlines threat response workflows through a centralized platform. SOAR platforms unify security tools, automate repetitive tasks, and orchestrate incident response workflows to help security teams detect and contain threats faster while reducing analyst fatigue.
Sender Policy Framework (SPF): Sender Policy Framework (SPF) is an email authentication protocol that helps verify an email's true sender, protecting against email spoofing and phishing attacks. SPF allows domain owners to specify which mail servers are authorized to send email on behalf of their domain.
Shadow IT: Shadow IT is the use of unapproved software, devices, or cloud services within an organization without IT oversight. It occurs when employees use unapproved software, devices, or online services at work without the IT department's knowledge or permission.
SIEM (Security Information and Event Management): SIEM (Security Information and Event Management) is a security solution that centralizes threat detection, compliance monitoring, and incident response across enterprise environments through automated log collection, correlation, and analysis.
Smishing: Smishing is a subset of phishing that utilizes SMS (Short Message Service) text messages to execute the attack. The term combines "SMS" and "phishing." Smishing scams send fraudulent text messages to victims, urging them to click on malicious links or provide personal information. These scams target individuals or businesses to steal money, sensitive data, or a combination of both.
SMTP: SMTP (Simple Mail Transfer Protocol) is an Internet standard communication protocol used for sending and transmitting email messages between servers across networks. SMTP defines the rules and procedures for email transmission, serving as the backbone of the global email infrastructure.
Social Engineering: Social engineering attacks exploit human psychology to deceive individuals into disclosing confidential information or performing actions that compromise security. Social engineers manipulate emotions like trust, fear, and urgency to trick victims into taking actions that are not in their best interests.
Spam: Spam email is unsolicited and often bulk-sent electronic messages designed to advertise, scam, or deliver malicious content. Spam refers to unsolicited bulk messages sent to large recipient lists without permission, representing one of the most persistent threats to organizational productivity and cybersecurity.
Spear Phishing Email: How It Works and How to Stop It: Spear phishing is a highly targeted cyberattack in which criminals research a victim and send convincing phishing emails. More specifically, it is a targeted email attack aimed at a specific individual or organization where attackers use personal or organizational details to craft convincing messages that trick recipients into revealing sensitive information, transferring funds, or downloading and installing malware.
Spyware: Spyware is surveillance malware that covertly monitors enterprise systems to steal credentials, intellectual property, and sensitive business data. It operates silently in the background, recording user activity without the victim's knowledge or consent.
SQL Injection: SQL injection exploits vulnerabilities in applications connected to databases by injecting malicious SQL code through user input fields like search boxes, login forms, and text fields.

T

Tailgating Attack: Tailgating attacks exploit human behavior to gain physical access to secure facilities, bypassing expensive technological security investments and creating insider-style access. Tailgating attacks allow unauthorized individuals to gain access to restricted areas by following authorized personnel past secure entry points.
Telemetry: Telemetry is the automated collection and transmission of data from remote devices and systems, enabling real-time monitoring, performance analysis, and security threat detection.
Text Message Scam: A text message scam is a fraudulent scheme delivered via SMS (Short Message Service) that uses deceptive text messages to trick recipients into revealing personal information, clicking malicious links, or transferring money to attackers.
Threat Actor: A threat actor is an individual or group that conducts cyberattacks with malicious intent. Threat actors range from individual hackers testing their skills to sophisticated cybercriminal organizations running ransomware operations, all the way up to state-sponsored groups conducting espionage and sabotage campaigns.
Threat Actor Attribution: Threat actor attribution is the process of identifying the individuals, groups, or nation-states responsible for a cyberattack. This complex investigative process involves analyzing technical indicators like IP addresses and malware signatures, behavioral traits including tactics, techniques, and procedures (TTPs), and contextual intelligence such as geopolitical motivations and temporal patterns.
Threat Hunting: Threat hunting proactively searches for hidden cyberattacks that automated defenses miss, assuming adversaries are already inside your environment and systematically tracking them down before damage occurs.
Top-Level Domain (TLD): A top-level domain (TLD) represents the final segment of a domain name, positioned after the last dot in any web address. In pangratis.ai, the ".ai" portion functions as the TLD, while "pangratis" serves as the second-level domain.
Transport Layer Security (TLS): Transport Layer Security (TLS) is a protocol that secures internet communications, protecting sensitive data from interception, tampering, and unauthorized access across networks. TLS is a cryptographic protocol that establishes secure communication channels between systems over untrusted networks, encrypting data transmissions, authenticating communicating parties, and ensuring message integrity across email, web browsing, messaging applications, and cloud services.
Trojan Horse: A Trojan horse (or simply Trojan) is a type of malware that misleads users as to its true intent by disguising itself as a legitimate or benign program. Named after the ancient Greek myth of the wooden horse used to infiltrate Troy, a Trojan deceives users into downloading or executing it, after which it performs malicious activities on the infected system.
Typosquatting: Typosquatting, also known as URL hijacking or domain mimicry, weaponizes simple typing errors to redirect users to malicious domains that steal credentials, deliver malware, or damage brand reputation through deceptive look-alike websites. Attackers exploit human typing errors by registering domains that closely resemble legitimate websites.

U

URL Rewriting: URL rewriting is a security technique that intercepts and modifies URLs within emails, redirecting links through security infrastructure for analysis and threat assessment before allowing users to access them. The technology replaces original URLs in email messages with modified versions that route through an organization's security platform, enabling real-time threat assessment and blocking of malicious content at click-time rather than only at delivery time.

V

VPN: A Virtual Private Network (VPN) is an encrypted connection technology that creates secure tunnels between remote devices and corporate networks over public internet infrastructure. VPNs allow users to send and receive data as if their devices were directly connected to a private network, protecting sensitive information from interception.
Vulnerability Management: Organizations implement vulnerability management as a systematic cybersecurity approach that identifies, assesses, prioritizes, and mitigates security weaknesses across IT environments to reduce organizational risk.

W

WannaCry: WannaCry was a devastating worldwide ransomware cyberattack that occurred in May 2017. The WannaCry ransomware cryptoworm targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin cryptocurrency. On May 12, 2017, the WannaCry ransomware spread to more than 200,000 computers across over 150 countries, causing billions of dollars in damages.
Watering Hole Attack: A watering hole attack is a targeted cyberattack strategy in which attackers compromise websites frequently visited by a specific group of users—such as employees in a particular industry, government sector, or organization—and use those websites to deliver malware to victims. The name comes from the animal kingdom, where predators wait near watering holes to ambush prey.
Web Proxy: A web proxy is a network security intermediary that sits between client applications and web servers, filtering and inspecting HTTP/HTTPS traffic before it reaches end users. The proxy intercepts web requests, evaluates them against security policies, and either forwards, blocks, or modifies traffic according to predefined rules.
Whaling: Whaling is a highly targeted type of phishing attack aimed specifically at high-level executives and senior leaders within an organization, such as CEOs, CFOs, and board members. The term "whaling" refers to going after the "big fish"—executives who have significant authority, access to sensitive data, and the ability to authorize large financial transactions.
What Are Email Filters? How They Stop Spam: Email filters function as a security mechanism that examines known signals to block spam messages. These systems scan incoming messages against established criteria—including sender reputation, content patterns, and authentication protocols—to identify and separate unwanted correspondence from legitimate communication.
What Is a Brute Force Attack? Definition & Detection: A brute force attack refers to a trial-and-error attempt to steal passwords, login credentials, and encryption keys, conducted manually or more often with the help of a computer. A brute force attack attempts to find authentic login credentials by using trial-and-error methods to guess passwords.
What Is a Data Leak? Causes & Prevention: A data leak is the unintentional exposure of sensitive data. Unlike a data breach, which typically involves a deliberate cyberattack, a data leak usually results from operational problems, including technical and human errors.
What Is a Supply Chain Attack? Detect & Prevent It: A supply chain attack is a cyberattack that targets an organization's outside vendors to access networks and infrastructure. More specifically, a supply chain attack is when a criminal compromises a trusted vendor to commit cyberattacks across a supply chain. They can infect shared infrastructure with malware, or send convincing phishing attacks from the trusted vendor.
What Is Account Takeover Fraud? Identify & Prevent: Account takeover fraud, also called account compromise, is when criminals gain unauthorized access to an account. More specifically, account takeover is a term that describes business identity theft that occurs when a bad actor uses an employee's credentials for a malicious purpose.
What Is Business Email Compromise (BEC)?: Business email compromise (BEC) is a socially engineered cyberattack that evades traditional email security and costs organizations millions in damages. BEC uses impersonation to steal money from unsuspecting victims and employs conversational techniques designed to build trust between the attacker and target. BEC attacks involve personalized emails from attackers posing as trusted contacts requesting financial transactions or sensitive information.
What is CEO Fraud? How to Identify & Stop It: CEO fraud is a sophisticated form of business email compromise (BEC) that exploits the authority of executives like CEOs to deceive employees into making unauthorized payments or sharing sensitive data. CEO fraud is a phishing campaign using executive impersonation or an account takeover to trick employees into an email scam. It is also known as executive impersonation.
What is Credential Stuffing? Detect & Prevent Attacks: Credential stuffing is a type of cyberattack where criminals use stolen usernames and passwords from one data breach to try to break into other accounts where people use the exact same login details.
What is Data Archiving? How It Saves Money and Protects Data: Data archiving is the process of moving inactive or infrequently accessed data to a separate storage system for long-term retention. A data archive is the removal and safe storage of data that remains important or sensitive but is no longer regularly used, cutting storage costs.
What is DLP? How Data Loss Prevention Works: Data loss prevention (DLP) is a combination of software and processes designed to ensure data is appropriately used, stored, and protected. It is an integral part of a comprehensive cybersecurity strategy aimed at preventing data breaches and the unauthorized sharing of sensitive information.
What Is DMARC? Secure Emails Without Spoofing: DMARC is a standard email authentication protocol which verifies an email's origin and prevents spoofing. The acronym stands for Domain-based Message Authentication, Reporting, and Conformance.
What is Email Encryption?: Email encryption is a crucial security measure that ensures the confidentiality and integrity of email communication. Email encryption is a method that protects the content of email messages by making it unreadable to unauthorized parties. It works by encoding the message using a cryptographic key, turning the readable text into a series of random characters that are difficult to decipher.
What Is Email Spoofing? How To Prevent It: Email spoofing is the act of forging a sender's address to trick recipients and deliver spam or phishing emails. It is a common form of phishing attack designed to make the recipient believe that the message originates from a trusted source, where spoof email senders create an email address or email header to trick recipients.
What Is Graymail? How To Keep It Out Of Your Inbox: Graymail is a promotional email from a legitimate sender that varies in value to different users. Different from spam, the variance in content and in relevance to users makes it more challenging to filter with rules or policies.
What is Pharming? How to Protect Yourself: Pharming is a cyberattack that secretly redirects users from legitimate websites to fake copies, typically through malware or by tampering with internet systems. A pharming attack redirects a user to a fake copy of a legitimate website using malware or a DNS spoof.
What Is Phishing? How to Spot It and Stop It: A phishing attack is a fraudulent communication that is designed to trick a person into giving up private information (like passwords or credit card numbers), paying money, or downloading malicious software. More specifically, phishing is a social engineering attack where criminals send fraudulent messages—usually by email—purporting to be a legitimate business, organization, or person.
What is Ransomware? Definition, Types, Detection: Ransomware is a type of malware that can lock computers, networks, and systems until a ransom is paid. It is a growing problem for businesses of all sizes. Ransomware is a cyberattack that encrypts files and systems, demanding payment for their release.
What Is Vishing? Detect Phone Scams: Vishing is a type of phishing attack where scammers make phone calls pretending to be someone else, often a legitimate business, to steal private information or money. Vishing stands for voice phishing, since this scam is done over phone calls. Americans face over 4 million scam phone calls a month.
Whitelisting: Whitelisting, also known as allowlisting, is a cybersecurity strategy that permits only pre-approved entities—including applications, IP addresses, email senders, or devices—to operate within a system or network. Unlike traditional security approaches that attempt to identify and block malicious elements, whitelisting establishes a default-deny posture where everything is blocked unless explicitly approved by administrators, creating a fundamental shift from reactive to proactive security management.
Wire Fraud: Wire fraud is a federal crime involving electronic communications to intentionally deceive and defraud victims of money or property. Federal law defines wire fraud under 18 U.S.C. § 1343 as requiring: a scheme to defraud, an intent to defraud, and the use of electronic communications to execute or further the scheme.

Z

Zero Trust Security: Zero Trust is a cybersecurity approach in which no user, device, or action is trusted by default—everything must be verified before access is allowed. The Zero Trust model operates on the principle of "never trust, always verify," eliminating the concept of a trusted internal network perimeter.
Zero-Day Vulnerability: A zero-day vulnerability is an unknown or unaddressed security flaw in software, hardware, or firmware that threat actors can exploit before vendors or security teams discover it. The term "zero-day" refers to the fact that developers have zero days to create a patch once the vulnerability becomes known, as cybercriminals may already be actively exploiting it to compromise enterprise systems.

Have a cybersecurity challenge?

From email security to identity protection — talk to our team about the right defense for your business.

Talk to our security team