Vendor Specific Terminology, Jargon and Acronyms
Cyber Security Acronyms and Jargon - What Clients See in Vendor Slide Decks
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| NGFW | Next-Gen Firewall | App-aware firewalling with IPS, SSL/TLS inspection, and threat intelligence enforcement at the network edge. |
| SWG | Secure Web Gateway | Web filtering, malware inspection, and policy enforcement for HTTP/HTTPS traffic, often cloud-delivered. |
| CASB | Cloud Access Security Broker | Visibility/control for SaaS usage (Shadow IT), DLP and policy enforcement for cloud apps. |
| ZTNA | Zero Trust Network Access | App-level, identity-centric access instead of VPN; used for remote/hybrid access. |
| SASE | Secure Access Service Edge | Converges networking (SD-WAN) and security (SWG, CASB, ZTNA, FWaaS) as a cloud service. |
| SSE | Security Service Edge | The security half of SASE (SWG, CASB, ZTNA, RBI, DLP) delivered from the cloud. |
| EDR | Endpoint Detection & Response | Telemetry, detection, and response on endpoints; replaces/extends AV/EPP. |
| XDR | Extended Detection & Response | Correlates signals across endpoints, network, identity, email, cloud to speed detection/response. |
| NDR | Network Detection & Response | East–west and north–south traffic analytics to catch lateral movement and C2. |
| SIEM | Security Information & Event Management | Central log analytics/correlation for detection, compliance and investigations. |
| SOAR | Security Orchestration, Automation & Response | Playbooks to automate triage and response actions across tools. |
| UEBA | User & Entity Behavior Analytics | Baselines normal behaviour to detect anomalies and insider threats. |
| DLP | Data Loss Prevention | Finds and controls sensitive data in motion/at rest/in use to stop leaks. |
| CNAPP | Cloud-Native App Protection Platform | Unifies CSPM, CWPP, CIEM, KSPM and runtime protection for cloud/K8s. |
| CSPM | Cloud Security Posture Management | Misconfig detection and compliance for cloud accounts (AWS/Azure/GCP). |
| CWPP | Cloud Workload Protection Platform | Runtime protection for VMs, containers, and serverless. |
| CIEM | Cloud Infra Entitlement Mgmt | Rights/role analysis in cloud to reduce excessive privileges. |
| KSPM | Kubernetes Security Posture Mgmt | Misconfigs and hardening guidance for clusters and workloads. |
| EASM | External Attack Surface Mgmt | Finds internet-exposed assets and risks (shadow IT). |
| ASM/DRP | Attack Surface Mgmt / Digital Risk Protection | Monitors brand, domains, dark web, typosquats, credential leaks. |
| TIP | Threat Intelligence Platform | Aggregates/normalises IOCs, scoring and dissemination to controls. |
| BAS | Breach & Attack Simulation | Safe, automated testing of controls vs ATT&CK techniques. |
| IAM | Identity & Access Management | AuthN/Z, SSO, MFA, lifecycle; the control plane for Zero Trust. |
| PAM | Privileged Access Management | Vaults, rotates and brokers high-risk credentials/sessions. |
| IGA | Identity Governance & Administration | Joiner/mover/leaver processes, certification, and SoD controls. |
| RASP | Runtime App Self-Protection | In-process protection for web apps/APIs at runtime. |
| WAF/WAAP | Web App Firewall / Web App & API Protection | Blocks OWASP Top 10, bot/DDoS for web and API traffic. |
| NAC | Network Access Control | Device/user health and policy checks at connect time (802.1X, posture). |
| EPP | Endpoint Protection Platform | Prevention-first (ML/AV/HIPS), usually feeding EDR. |
| MDR | Managed Detection & Response | 24×7 monitoring/response delivered as a service. |
| MSSP | Managed Security Service Provider | Operates/monitors customer security tech (firewalls, SIEM, etc.). |
| ZTA | Zero Trust Architecture | “Never trust, always verify” across identity, device, network, data, apps. |
| FIDO2/WebAuthn | — | Phishing-resistant MFA using passkeys/security keys. |
| EPP vs EDR vs XDR | — | Prevention vs endpoint-centric detection vs multi-surface correlated detection. |
Palo Alto Networks (PANW)
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| PAN-OS | — | OS for PA-Series firewalls; App-ID/User-ID/Content-ID engines. |
| App-ID / User-ID | — | App/user identification for policy decisions in NGFW. |
| WildFire | — | Cloud sandbox + ML for malware analysis; feeds prevention. |
| AutoFocus | — | Threat intel portal with campaign context from WildFire. |
| Cortex XDR | — | XDR platform (endpoint + network + cloud telemetry). |
| Cortex XSOAR | — | SOAR/playbooks, case mgmt, threat intel mgmt. |
| Cortex Xpanse | — | EASM—discovers internet-exposed assets. |
| Prisma Access | — | SSE/SASE cloud security (SWG, ZTNA, FWaaS). |
| Prisma Cloud | — | CNAPP: CSPM, CWPP, CIEM, IaC scanning, runtime. |
| AIOps for NGFW | — | Health, drift and best-practice guidance for firewalls. |
Fortinet
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| FortiGate / FortiOS | — | NGFW platform and OS with ASIC acceleration (SPUs). |
| FortiManager / FortiAnalyzer | — | Centralised management and analytics for Fortinet estate. |
| FortiGuard | — | Threat intel services (IPS/AV/URL/DNS, etc.). |
| FortiEDR | — | Endpoint prevention/detection and response. |
| FortiNAC | — | Network Access Control and device profiling. |
| FortiWeb | — | WAF/WAAP for web apps and APIs. |
| FortiMail | — | Secure email gateway with ATP and DLP. |
| FortiSandbox | — | Malware detonation and analysis. |
| FortiSASE | — | Cloud-delivered SSE/SASE. |
| FortiSIEM | — | SIEM for multi-tenant SOC use. |
Check Point
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| Quantum | — | NGFW appliances and software blades. |
| R8x | — | Security Gateway/Gaia releases (e.g., R81). |
| ThreatCloud | — | Global threat intelligence backbone. |
| Harmony | — | User/device suite (Endpoint, Mobile, Email, Browse). |
| CloudGuard | — | Cloud and workload security (CSPM/CWPP/WAF). |
| Infinity | — | Unified architecture/licensing across portfolio. |
| Maestro | — | Hyperscale security (chassis-style clustering). |
Cisco Security
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| FTD / FMC | Firepower Threat Defense / Mgmt Center | NGFW software + central manager. |
| Talos | — | Cisco threat intelligence organisation. |
| Duo | — | MFA/SSO and device trust (Zero Trust). |
| Umbrella | — | DNS-layer security + SWG + CASB. |
| ISE | Identity Services Engine | NAC/802.1X, posture and segmentation policy. |
| Secure Endpoint | (formerly AMP) | EPP/EDR agent with cloud analytics. |
| SecureX | — | Integration/federated search and case mgmt across Cisco stack. |
| AnyConnect / Secure Client | — | VPN/agent bundle for remote access and posture. |
Microsoft Security
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| MDE | Defender for Endpoint | EPP/EDR with threat/attack surface reduction. |
| MDI | Defender for Identity | AD/Azure AD identity threat detection. |
| MDO | Defender for Office 365 | Email/Teams/SharePoint threat protection. |
| MDC | Defender for Cloud | CSPM/CNAPP across Azure/AWS/GCP. |
| Entra ID | — | Microsoft’s identity platform (formerly Azure AD). |
| Sentinel | — | Cloud SIEM/SOAR with native connectors. |
| Purview | — | Data governance/DLP/IRM and insider risk. |
CrowdStrike
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| Falcon | — | Cloud-native platform; modules licensed à la carte. |
| Falcon Insight | — | EDR telemetry, detections, response. |
| Falcon Prevent | — | NGAV prevention engine. |
| Falcon Discover | — | IT hygiene/asset/identity exposure visibility. |
| Falcon Identity Protection | — | Identity threat detection/SSO risk signals. |
| Falcon Spotlight | — | Vulnerability assessment. |
| Falcon OverWatch | — | 24×7 managed threat hunting. |
| Falcon LogScale | — | High-speed logging/observability (ex-Humio). |
| Falcon X | — | Threat intel and malware analysis. |
SentinelOne
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| Singularity Platform | — | EPP/EDR/XDR with autonomous agents. |
| Ranger | — | Asset discovery and network visibility. |
| RemoteOps | — | Scalable remote scripting/response. |
| Singularity Data Lake | — | Telemetry storage/analytics. |
Sophos
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| Intercept X | — | EPP/EDR with anti-exploit and CryptoGuard. |
| XDR | — | Cross-product detection/response. |
| Sophos Firewall (XGS) | — | NGFW appliances. |
| Central | — | Cloud management plane. |
| MTR | Managed Threat Response | Sophos MDR service. |
Trend Micro
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| Vision One | — | XDR across endpoint/email/cloud/network. |
| Apex One | — | Endpoint protection and EDR. |
| Cloud One | — | CNAPP modules (CSPM, CWPP, containers, files). |
Email security:
Proofpoint | Mimecast | Microsoft | Google
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Proofpoint TAP | Targeted Attack Protection | URL rewriting, sandboxing, BEC controls. |
| Proofpoint TRAP | Threat Response Auto-Pull | Auto-removal of malicious emails post-delivery. |
| Mimecast TTP | Targeted Threat Protection | URL/attachment defence, impersonation protect. |
| DMARC Analyzer | — | Hosted DMARC monitoring and enforcement tooling (Mimecast/others). |
| MDO | Defender for Office 365 | Microsoft email security stack. |
| Gmail ATP (Workspace) | — | Google phishing/malware/URL defences. |
Zero Trust - SSE leaders:
Zscaler | Netskope | Cloudflare
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| ZIA | Zscaler Internet Access | SWG/CASB/DLP to internet/SaaS. |
| ZPA | Zscaler Private Access | ZTNA to private apps. |
| ZDX | Zscaler Digital Experience | Experience and path monitoring. |
| Netskope NGSWG | Next-Gen SWG | Inline SSE with CASB/DLP/ATP. |
| Netskope SSPM | SaaS Security Posture Mgmt | Hardening SaaS tenants. |
| Cloudflare Zero Trust | — | SWG, ZTNA, CASB, DNS, RBI on Cloudflare network. |
| Magic Transit | — | Cloud DDoS/L3-4 protection for networks. |
App/API & Edge Security:
Akamai | F5 | Imperva | Cloudflare
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Akamai Kona / App & API Protector | — | WAF/WAAP on Akamai edge. |
| Akamai Prolexic | — | High-capacity DDoS mitigation. |
| F5 BIG-IP ASM/Adv WAF | — | On-prem/virtual WAF/WAAP with bot and API defence. |
| F5 BIG-IP AFM | — | L3-4 DDoS/network firewall. |
| Imperva WAF / DDoS / RASP | — | WAAP suite incl. runtime protection. |
| Cloudflare WAF/Bot Mgmt | — | Edge WAF + bot controls + API Shield. |
Identity:
Okta | Ping Identity | CyberArk | BeyondTrust | Delinea
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Okta Workforce Identity | — | SSO/MFA/LLMNR? (core IdP for apps). |
| Okta ASA | Advanced Server Access | SSH/RDP access with short-lived certs. |
| PingFederate / PingID | — | Enterprise SSO/federation and MFA. |
| CyberArk PAM | — | Privileged vault, rotation, session isolation. |
| CyberArk EPM | Endpoint Privilege Manager | Least privilege on endpoints/servers. |
| BeyondTrust Password Safe | — | PAM vault and session management. |
| BeyondTrust Privilege Mgmt | — | Endpoint/server privilege controls. |
| Delinea Secret Server | — | PAM vault and workflow (ex-Thycotic). |
SIEM | SOAR | Data-lake:
Splunk | IBM | Google | Elastic | Exabeam | Sumo
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Splunk ES | Enterprise Security | SIEM content pack on Splunk platform. |
| Splunk SOAR | — | Playbooks/automation (ex-Phantom). |
| IBM QRadar SIEM/SOAR | — | Correlation + runbooks/case mgmt. |
| Google Chronicle | — | High-scale cloud SIEM + rules/YARA-L. |
| Google SecOps SOAR | — | Chronicle-integrated automation/cases. |
| Elastic Security | — | SIEM + endpoint on Elastic Stack. |
| Exabeam Fusion | — | UEBA-driven SIEM with TDIR content. |
| Sumo Logic Cloud SIEM | — | SaaS SIEM with detections/apps. |
Vulnerability, Exposure & Pentest:
Tenable | Qualys | Rapid7 | AttackIQ
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Tenable Nessus | — | Scanner for vuln assessment. |
| Tenable.io / Tenable One | — | SaaS VM/cloud/EASM exposure mgmt. |
| Qualys VMDR | — | Vulnerability Mgmt, Detection & Response suite. |
| Qualys TruRisk | — | Normalised risk scoring across assets/vulns. |
| Rapid7 InsightVM | — | Vulnerability mgmt with remediation analytics. |
| Rapid7 InsightIDR | — | SIEM/XDR with UEBA. |
| Rapid7 InsightAppSec | — | DAST for web applications. |
| Pentest/BAS (AttackIQ, Cymulate, SafeBreach) | — | Continuous control validation and purple-team automation. |
Cloud & Container Security:
Wiz | Lacework | Orca | Aqua | Sysdig | Snyk | Prisma
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Wiz | — | Agentless CNAPP (CSPM/CWPP/CIEM) with “toxic combo” risk. |
| Lacework | — | Behaviour-based CNAPP with polygraph analysis. |
| Orca Security | — | Side-scanning CNAPP across cloud estates. |
| Aqua Platform | — | Container/K8s runtime security, supply-chain controls. |
| Sysdig Secure | — | Falco-based runtime/container threat detection. |
| Snyk | — | Dev-first SCA/Code/Container/IaC scanning. |
| Prisma Cloud | — | PANW CNAPP (see section B). |
OT/IoT & Network Detection:
Darktrace | Vectra | ExtraHop | Armis | Nozomi | Claroty | Dragos
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Darktrace DETECT/RESPOND | — | Self-learning AI for NDR/email/OT with autonomous response. |
| Vectra NDR / Cognito Detect | — | AI-driven NDR for network/IDP/M365. |
| ExtraHop Reveal(x) | — | NDR via L7 analytics/Decryption-at-scale options. |
| Armis | — | Asset intelligence for IoT/IoMT/OT. |
| Nozomi Guardian | — | OT visibility/threat detection. |
| Claroty xDome/Edge | — | OT/IoT/IIoT risk and segmentation. |
| Dragos Platform | — | ICS/OT threat detection/intel. |
Backup, DR & Data Security:
Rubrik | Cohesity | Veeam | Commvault | Skyhigh
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Rubrik Security Cloud | — | Immutable backups, ransomware monitoring, data risk insights. |
| Cohesity DataProtect | — | Backup with threat/PII discovery and rapid restore. |
| Veeam VBR | Backup & Replication | Backup/RPO-RTO orchestration; immutability options. |
| Commvault Metallic | — | SaaS backup/data protection. |
| Skyhigh Security | — | SSE/DLP (ex-McAfee Enterprise SSE). |
Application Security:
Veracode | Checkmarx | GitHub | GitLab | HashiCorp
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Veracode | — | SAST/DAST/SCA for SDLC governance. |
| Checkmarx One | — | Unified AppSec (SAST/IAST/SCA/KICS). |
| GitHub Advanced Security (GHAS) | — | CodeQL, secret scanning, dependabot alerts. |
| GitLab Ultimate / Secure | — | Built-in SAST/DAST/IAST/DA/Secret scanning. |
| HashiCorp Vault | — | Secrets mgmt, KMS, dynamic creds and encryption. |
Threat Intel, Phishing & Awareness
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Recorded Future | — | TIP with risk scoring and intel modules. |
| Anomali ThreatStream | — | TIP and detection content. |
| Mandiant Advantage | — | Intel, validation and expertise (Google Cloud). |
| Cofense | — | Phishing simulations and reporting (Triage/Vision). |
| KnowBe4 | — | Awareness training and phishing tests. |
| IRONSCALES | — | AI-assisted email threat detection and user reporting. |
Legacy/Combined:
McAfee/Trellix | FireEye | Bitdefender | ESET | Trend Micro | Kaspersky
| Vendor Term | Expansion | What it is / How it’s used |
|---|---|---|
| Trellix Helix | — | XDR/SIEM-like analytics and response. |
| Trellix EDR/ENS/ePO | — | Endpoint suite with central mgmt. |
| FireEye NX/EX/HX | — | Network/email/endpoint detection (many now Trellix). |
| Bitdefender GravityZone | — | EPP/EDR/XDR and risk analytics. |
| ESET PROTECT | — | Endpoint suite and management. |
| Kaspersky EDR Optimum | — | Endpoint prevention and response. |
More Everyday Acronyms Clients Ask About
| Term | Expansion | What it is / How it’s used |
|---|---|---|
| MITRE ATT&CK | — | Common language of adversary TTPs; used to map detections/coverage. |
| IOC/IOA | Indicators of Compromise/Attack | Atomic signals and behavioural patterns for detection. |
| C2/C&C | Command & Control | Attacker’s remote control channel; NDR/EDR aim to disrupt. |
| BEC | Business Email Compromise | Social-engineering wire fraud; email security + process controls mitigate. |
| APT | Advanced Persistent Threat | Long-dwell, well-resourced adversaries; layered controls needed. |
| DGA | Domain Generation Algorithm | Malware domain churn; DNS security detects/blocks. |
| LOLBins | Living-Off-the-Land Binaries | Legit tools abused by attackers; EDR detects misuse. |
| SBOM | Software Bill of Materials | Inventory of components; used in AppSec and compliance. |
| NIST CSF / ISO 27001 | — | Security frameworks for governance and audit. |
| PCI DSS / HIPAA / GDPR / POPIA | — | Regulatory regimes driving control requirements and audits. |