Cybersecurity terms and concepts explained

Cybersecurity is becoming increasingly complex. Many organizations offer resources and information on the fundamental principles of cybersecurity, including endpoint protection, security services, and different types of cyberattacks. If you need information about these cybersecurity topics and many others, Sophos has you covered.

Filter by term


A holistic cybersecurity strategy to protect Active Directory (AD), a Microsoft Windows directory service. Active Directory Security focuses on securing user credentials, access to company systems, sensitive data, software applications, and more from unauthorized access.

Artificial Intelligence (AI) has revolutionized the way IT security professionals think about cybersecurity. Newer AI-powered cybersecurity tools and systems have the ability to support providing even better data protection against threats by quickly recognizing behavior patterns, automating processes, and detecting anomalies.

Also known as anti-malware in cybersecurity, antivirus software is a computer program designed to detect, prevent, and remove malicious software (malware) from a computer or network. Malware includes various types of harmful software such as viruses, worms, trojan horses, spyware, adware, and ransomware. The primary objective for antivirus software is to protect computers and data from being compromised or damaged by these malicious programs.

An Advanced Persistent Threat (APT) is a sophisticated and targeted cyberattack in which an unauthorized user gains access to a network and remains there, undetected, for an extended period.

An attack surface in cybersecurity is the entire area of all the possible points of entry through which a cybercriminal can penetrate your networks, applications, or systems.


A business email compromise (BEC) attack is when a cybercriminal targets your employees with convincing emails designed to trick users into clicking and downloading malicious files.  Once the attacker gains access to the network, they can learn more about your business or even block access, holding confidential information for ransom.


Cyber threat intelligence (CTI) represents evidence-based knowledge (e.g., context, mechanisms, indicators, implications, and action-oriented advice) about existing or emerging cyber threats.

A cybersecurity provider helps you keep pace with emerging cyberthreats and protect against cyberattacks and data breaches. With the right approach, you can select a cybersecurity provider that meets your expectations.

Cloud security protects modern enterprises from an ever-expanding digital attack surface. Cloud security involves keeping track of the data, workloads, and architecture changes in multiple cloud computing environments (such as AWS, GCP, Azure, and Kubernetes) and ensuring its safety from internal and external threats.

The outsourced model of cybersecurity-as-a-service means that, rather than handling it internally, organizations work with a third-party partner with the expertise and resources to continuously monitor their security posture.


Data breach prevention is a form of cybersecurity that is focused solely on stopping a data breach before it can take hold. A data breach is an incident resulting in the exposure of confidential, private, protected, or sensitive information. This includes corporate information, such as trade secrets or financial information, as well as personal data belonging to your partners, customers, and employees.

Data Loss Prevention (DLP) is a cybersecurity strategy that protects sensitive or confidential information from being accessed, shared, or distributed inappropriately without authorization. DLP solutions prevent data breaches and leaks.


Today’s endpoint security must manage the chaos of a never-ending list of endpoint devices, all connecting to your organization’s infrastructure and accessing sensitive data. This is the challenge that top best cyber security companies are working to solve. How do you constantly monitor for any changes in the security posture of connected devices and keep everything secure?

If not properly protected, your company’s endpoints—laptops, tablets, mobile devices, and more—become vulnerable, regardless of where employees are located.  Learn best practices and strategies to secure your remote workforce. 

Endpoint Detection and Response (EDR) is a cybersecurity approach designed to monitor, detect, and respond to advanced threats and security incidents on endpoints, such as desktops, laptops, servers, and mobile devices. Endpoints are often the entry points for cyberattacks, making them a critical focus for security efforts.

Endpoint management focuses on managing the security posture of all connected end-user devices or endpoints within an organization's network. Endpoints are the devices that connect to a network and include desktop computers, laptops, smartphones, tablets, servers, and other devices.


In network security, a firewall is a device that monitors and filters network traffic between a private network and the public internet. A firewall aims to allow non-threatening traffic in to allow users to complete their work while keeping dangerous traffic out to prevent internet-based cyberattacks.


Since it became law in 2018, the General Data Protection Regulation, commonly known as GDPR, has forced companies to rethink how they collect, store, share, and secure personal data belonging to private citizens.

Securing a multi-cloud environment is challenging due to the increased attack surface and lack of visibility across cloud hosts and services. This is where cloud governance enters the picture. Cloud governance is a framework of policies established by a business that will define and enforce how they create, store, and share data in the cloud and ensure regulatory compliance.


A honeypot is a cybersecurity defense technology that detects, lures, tracks, and analyzes unauthorized access to a website, computer systems and networks, or applications.


Indicators of compromise (IOCs) are often considered to be "digital breadcrumbs. They consist of evidence that shows a cyberattack is underway. Additionally, IOCs can provide insights into the tools used during a cyberattack, who's behind the attack, and more. 

iOS Mobile Security is a mobile device management tactic that protects Apple's iPhone Operating System (iOS)-powered devices, such as iPhones and iPads, from various security threats and vulnerabilities.

An IPS is an active security system that detects potential threats and takes automated actions to prevent or block them in real time. An IPS is a passive security system that monitors network traffic or system activities to identify potential security incidents, policy violations, or abnormal behavior.

Incident response refers to the process your business uses to manage a cyberattack or data breach. The process allows you to resolve a security incident and generate insights from it that you can use to prevent similar problems from happening.


JSON Web Token > JSON is an abbreviation for JavaScript Object Notation, a standard text-based format for storing and transporting data. A JSON Web Token, or JWT, is an open industry standard for sharing information between entities, such as clients and servers. JSON Web Tokens are both powerful and versatile, serving as a bridge between software application functionality and data security.


A keylogger is an insidious form of spyware. It's also a legal and sometimes ethical tool to monitor the activity of employees and even your kids as they interact online.


A Local Area Network is one of the seven types of networks and offers a fast, reliable method of connecting a group of devices, such as an office, school campus, hospital, or even a home office.


Mobile device management (MDM) is security software that lets your business implement policies to secure, monitor, and manage your end-user mobile devices. The software also protects your network devices and allows your employees to work remotely without compromising their security.

A managed security service provider (MSSP) protects an organization's applications, devices, and systems against cyberthreats. You can hire an MSSP to handle some or all aspects of your cyber protection. If you do, your service provider will manage your cybersecurity in alignment with your organization's security needs.

Managed detection and response (MDR) is a fully-managed, 24/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent. By combining human expertise with protection technologies and advanced machine learning models, MDR analysts can detect, investigate, and neutralize advanced human-led attacks, preventing data breaches and ransomware.

Demand for MDR services is soaring and Gartner predicts that by 2025, half of organizations will be using MDR services.

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework was designed for a simple reason: to solve problems for a safer world. This framework is available for free to anyone that wants to level up their cybersecurity. Your organization can use the MITRE ATT&CK framework to understand how cybercriminals operate. From here, you can prepare for cyberattacks and limit your risk of data breaches.


A network switch is a networking device used to connect devices together within a local area network (LAN).

Next-generation antivirus (NGAV) solutions protect your business against known and unknown cyberthreats. The solution looks at your files, processes, applications, and network connections and the relationships between them. This helps you identify malicious intent, behaviors, and activities — and block them.

Network security includes any solutions that your organization utilizes to protect its network applications, devices, and users. Network security as a service gives organizations the option to outsource their data protection to a team of IT security professionals.

A network detection and response solution uses AI, Machine Learning, and other non-signature-based analytical techniques to identify and respond to suspicious network activity.


A phishing attack involves a cybercriminal masquerading as a reputable source with an enticing request or offer, usually delivered by email. The attacker lures the victim into handing over their personal information, often high-value identity credentials, through deception. Once the cybercriminal acquires these credentials, business email compromise and account takeovers are the next steps. This is where the cybercriminal can do the most damage to your business because once they take over an employee’s legitimate account, they’re difficult to identify and stop.

Unlike broad phishing attacks, spear phishing attacks are designed to target specific individuals or organizations.  Cyber criminals have done their research and once the victim clicks, the damage is done. 


Managed risk in cybersecurity is the process of identifying, assessing, and mitigating possible cybersecurity threats to an organization’s information technology (IT) systems, networks, applications, and data.

There is no stopping ransomware attacks. However, businesses can use tried-and-true ransomware mitigation technologies and techniques to address these attacks before they get out of hand.

Organizations of all sizes need to be aware of Ransomware-as-a-Service (RaaS). Due to the RaaS delivery model, and it’s a quickly growing threat to your data and systems because criminals with virtually no technical knowledge can execute a ransomware attack easily for a significant profit.

Remote ransomware is when adversaries compromise an unmanaged device and then use it to remotely encrypt protected devices on the same network. Most other endpoint solutions fall short in this scenario - meaning a single unmanaged/unprotected device can result in the entire estate being encrypted, even if the computers are running up-to-date protection.


Security as a service (SECaaS) is a form of outsourced security. With SECaaS, you receive cybersecurity services delivered through the cloud.

A security operations center (SOC) is a team of security analysts, engineers, and others who monitor, detect, respond to, and remediate cyberthreats. The SOC team ensures security issues are instantly identified and addressed 24/7/365.

The server hardening process reduces your business' attack surface and helps you guard against ransomware, malware, and other cyberthreats. You can follow this process to protect all points of entry against cyberattacks, address cybersecurity weaknesses, and optimize your security posture.

Businesses use security information and event management (SIEM) technology to track cyberthreats, monitor and analyze security events in real time, and log security data.

In the field of modern software and application development, a Software Development Kit (SDK) represents a comprehensive tool or utility that helps programmers and developers with a variety of resources to write software programs and build custom applications. SDKs are widely used in the cybersecurity industry too. Anti-malware, Anti-spam, Email Filtering and Data Loss Prevention (DLP) are some commonly used SDKs by various security vendors.

Secure Access Service Edge, more commonly known as SASE (pronounced “Sassy”), is the next iteration of cybersecurity in the cloud.

Supervisory control and data acquisition (SCADA) refers to a system commonly used by natural gas companies and other utility providers.


Telemetry refers to the collection, transmission, and measurement of data. It involves the use of sensors to retrieve information from remote sources. The telemetry you collect gives you insights that you can use to effectively administer and manage your IT infrastructure.

Businesses use threat intelligence to understand cyberattacks and why they occur. From here, companies can find the best ways to stop advanced threats. They can also get the best security outcomes now and in the future.

Organization’s can’t risk being passive when it comes to cybersecurity. Today’s malicious actors are more cunning than ever, increasingly deploying evasive human-led techniques to conduct their attacks. 

A threat actor is anyone who is either a key driver of or participates in a malicious action that targets an organization's IT security.


A Virtual Private Network (VPN) is essential to support remote or hybrid workers. A VPN uses encryption and a secure network connection to protect internet users from exposure to cybercriminals. A VPN lets users bypass geo-blocks, regardless of where they live or work.


From data storage and databases to virtual servers, containers, and networking software, cloud workloads are an essential technology to create, collaborate, solve problems, and get work done from anywhere.


Extended detection and response (XDR) is a cybersecurity approach that identifies threats by unifying information from multiple security solutions, automating and accelerating detection, investigation, and response in ways that isolated point solutions cannot.


Zero trust security solutions require end-users to be continuously authenticated, authorized, and validated. As such, they enable your business to secure access to its applications and data 24/7/365.