Knowledge Base
Cybersecurity Glossary
Clear definitions of the terms, frameworks, and techniques that matter in adversarial exposure validation, threat-informed defense, and security operations.
Threat Emulation
Adversary Simulation
Adversary simulation is a security testing methodology where defenders mimic the behavior of real-world threat actors to evaluate the effectiveness of an organization's detection and response capabilities.
Read definition →Threat EmulationPurple Teaming
Purple teaming is a collaborative security exercise where offensive (red team) and defensive (blue team) personnel work together in real-time to maximize the effectiveness of attack simulation and detection improvement.
Read definition →Threat EmulationRed Teaming
Red teaming is an adversarial security assessment where a skilled team simulates realistic attacks against an organization to test technical controls, people, processes, and physical security.
Read definition →Security Concepts
Attack Surface
An organization's attack surface is the complete set of vulnerabilities, entry points, and exposure points through which a threat actor can attempt to gain unauthorized access to systems, data, or networks.
Read definition →Security ConceptsAttack Surface Management (ASM)
Attack Surface Management is the continuous, automated process of discovering, inventorying, classifying, assessing, and monitoring all external-facing assets and exposure points across an organization's digital footprint.
Read definition →Security ConceptsSecurity Posture
Security posture refers to the overall cybersecurity strength and readiness of an organization — encompassing the collective state of its networks, information, systems, data, processes, and people.
Read definition →Security ConceptsVulnerability Management
Vulnerability management is the ongoing, systematic process of discovering, evaluating, prioritizing, and addressing security vulnerabilities across an organization's technology ecosystem.
Read definition →Security Testing
Breach and Attack Simulation (BAS)
Breach and Attack Simulation is an advanced security testing approach that uses automation to continuously simulate real-world attack techniques against an organization's infrastructure, providing ongoing validation of security controls.
Read definition →Security TestingSecurity Validation
Security validation is the ongoing practice of testing, measuring, and verifying that an organization's security controls, tools, and processes are functioning correctly and effectively against real-world threats.
Read definition →Security Operations
Detection Engineering
Detection engineering is the systematic discipline of creating, testing, deploying, and maintaining detection logic that identifies malicious or suspicious activity within an organization's environment.
Read definition →Security OperationsEndpoint Detection and Response (EDR)
EDR (Endpoint Detection and Response) is a security solution that continuously monitors endpoint devices to detect suspicious activity, investigate threats, and enable rapid incident response.
Read definition →Security OperationsExtended Detection and Response (XDR)
XDR is a security platform that unifies detection, investigation, and response across endpoints, network, email, cloud, and identity through correlated data and integrated workflows.
Read definition →Security OperationsIncident Response
Incident response is the organized approach to addressing and managing the aftermath of a cybersecurity incident, with the goals of limiting damage, reducing recovery time and costs, and learning from the event.
Read definition →Security OperationsSecurity Operations Center (SOC)
A Security Operations Center (SOC) is a centralized unit staffed by security analysts and engineers who continuously monitor, detect, investigate, and respond to cybersecurity incidents.
Read definition →Security OperationsSIEM
SIEM (Security Information and Event Management) is a security solution that collects, aggregates, and analyzes log and event data across an organization's IT environment to detect threats, support investigations, and enable compliance reporting.
Read definition →Security OperationsSOAR
SOAR (Security Orchestration, Automation and Response) is a security technology category that enables organizations to collect security data from multiple sources and automate incident analysis and response through orchestrated workflows.
Read definition →Attack Techniques
Initial Access
Initial access encompasses the techniques adversaries use to gain their first foothold in a target environment — the critical entry point that all subsequent attack activities depend on.
Read definition →Attack TechniquesLateral Movement
Lateral movement refers to the techniques adversaries use to progressively move through a network after gaining initial access, escalating privileges and expanding their reach to high-value systems.
Read definition →Attack TechniquesPhishing
Phishing is a social engineering attack where threat actors use deceptive communications to trick victims into revealing credentials, clicking malicious links, or downloading malware.
Read definition →Attack TechniquesPrivilege Escalation
Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight to gain elevated access to resources that are normally protected from an application or user.
Read definition →Threat Analysis
Threat Hunting
Threat hunting is the proactive, human-driven practice of searching through networks, endpoints, and datasets to detect and isolate advanced threats that have evaded automated security solutions.
Read definition →Threat AnalysisThreat Intelligence
Threat intelligence is actionable, evidence-based knowledge about cybersecurity threats — including context, mechanisms, indicators, and implications — that helps organizations make informed security decisions.
Read definition →