Plain-language definitions of 25essential cybersecurity and cloud security terms — from CSPM to MITRE ATT&CK.
CSPM tools continuously monitor cloud infrastructure for misconfigurations, compliance violations, and security risks. They automate the detection of gaps across IaaS, PaaS, and SaaS environments, providing remediation guidance to maintain a strong security posture.
SIEM platforms aggregate and analyse log data from across an organisation's IT estate to detect threats in real time. They correlate events from firewalls, servers, endpoints, and applications, enabling security teams to investigate incidents and meet compliance requirements.
XDR unifies threat detection, investigation, and response across endpoints, networks, cloud workloads, and email into a single platform. By correlating telemetry from multiple security layers, XDR reduces alert fatigue and accelerates mean time to respond.
MDR is a managed security service that combines technology with human expertise to monitor, detect, and respond to threats around the clock. It is particularly valuable for organisations that lack an in-house security operations centre.
EDR solutions continuously monitor endpoints such as laptops, servers, and mobile devices for suspicious activity. They record detailed telemetry, enabling security teams to detect, investigate, and contain threats that bypass traditional antivirus defences.
SOAR platforms integrate security tools, automate repetitive tasks, and orchestrate incident response workflows. By codifying playbooks, they reduce manual effort and help security teams respond to alerts faster and more consistently.
ZTNA enforces the principle of least-privilege access by verifying every user and device before granting access to specific applications. Unlike traditional VPNs, ZTNA never exposes the broader network and continuously re-evaluates trust.
A SOC is a centralised function that monitors, detects, analyses, and responds to cybersecurity incidents. It brings together people, processes, and technology to provide 24/7 protection of an organisation's digital assets.
IAM frameworks govern who can access which resources and under what conditions. They encompass user provisioning, authentication, authorisation, and audit, forming a foundational layer of any enterprise security strategy.
MFA requires users to provide two or more independent verification factors before gaining access to a system. By combining something you know, something you have, and something you are, MFA dramatically reduces the risk of credential-based attacks.
DLP technologies identify, monitor, and protect sensitive data in use, in motion, and at rest. They enforce policies that prevent accidental or malicious data exfiltration through email, cloud storage, USB devices, and other channels.
A CASB sits between users and cloud service providers to enforce security policies such as authentication, encryption, and data loss prevention. It provides visibility into shadow IT and helps organisations govern the use of SaaS applications.
A WAF inspects HTTP/HTTPS traffic to and from web applications, blocking attacks such as SQL injection, cross-site scripting (XSS), and request forgery. It operates at Layer 7 and can be deployed on-premises, in the cloud, or as a service.
An IDS monitors network traffic or system activity for malicious behaviour or policy violations. When a threat is detected, the system generates alerts for security personnel, though it does not actively block the traffic.
An IPS extends IDS capabilities by not only detecting but also automatically blocking or mitigating identified threats in real time. Positioned inline with network traffic, it can drop malicious packets before they reach their target.
UEBA uses machine learning to establish baselines for normal user and device behaviour, then flags anomalies that may indicate insider threats, compromised accounts, or advanced persistent threats. It adds a behavioural layer to traditional rule-based detection.
SSPM continuously assesses and remediates security risks across an organisation's SaaS application portfolio. It detects misconfigurations, excessive permissions, and compliance drift in platforms such as Microsoft 365, Salesforce, and Slack.
CNAPP converges CSPM, CWPP, and other cloud security capabilities into a unified platform that secures cloud-native applications from development to runtime. It provides end-to-end visibility across code, infrastructure, and workloads.
CWPP solutions protect server workloads running in public clouds, private clouds, and on-premises environments. They address threats at the workload level, including vulnerability management, runtime protection, and network segmentation.
CIEM tools manage and enforce least-privilege access in multi-cloud environments by analysing effective permissions across identities, roles, and policies. They detect over-privileged accounts and automate right-sizing to reduce the attack surface.
mTLS extends standard TLS by requiring both the client and the server to authenticate each other with digital certificates. It is widely used in zero-trust architectures and service-to-service communication to prevent impersonation and man-in-the-middle attacks.
OWASP is a non-profit foundation that produces freely available tools, standards, and documentation for application security. Its Top 10 list of critical web application security risks is an industry-standard awareness document referenced by regulators and auditors worldwide.
CVE is a publicly available catalogue of known cybersecurity vulnerabilities, each assigned a unique identifier (e.g. CVE-2024-12345). Security teams use CVE IDs to track, prioritise, and remediate vulnerabilities consistently across tools and organisations.
MITRE ATT&CK is a globally accessible knowledge base that catalogues real-world adversary tactics and techniques. Security teams use it to map detections, evaluate coverage gaps, and simulate attacks in red-team and purple-team exercises.
RBAC restricts system access based on predefined roles assigned to users rather than individual permissions. By grouping permissions into roles that mirror job functions, organisations simplify administration and reduce the risk of excessive privileges.
Opsio's managed cloud services help you implement these security practices — so your team can focus on building, not firefighting.
