How can
we help?
Want to know more about Uptycs? Curious about cloud native security? Maybe you’d like to know more about unified CNAPP and XDR? Well, you’ve come to the right place.
Master Glossary
Organized into four main sections — Cybersecurity Platforms and Management, Cybersecurity Operations and Processes, Telemetry and Analytics, and Security Monitoring and Compliance — this guide gives you the knowledge you need to secure your digital environments effectively.
This section covers terms related to various platforms and management strategies used to safeguard applications, data, and infrastructure in cloud and hybrid environments. It includes concepts like Cloud-Native Application Protection Platforms (CNAPP), Cloud Workload Protection Platforms (CWPP), and Zero Trust Architecture.
- Cloud-Native Application Protection Platform (CNAPP)
An integrated suite of security and compliance tools designed to protect cloud-native applications throughout their lifecycle. - Cloud Workload Protection Platform (CWPP)
A security solution focused on protecting workloads, including virtual machines, containers, and serverless functions, in cloud environments. - Hybrid Cloud Security
Measures and solutions implemented to secure applications, data, and infrastructure in a hybrid cloud environment, combining on-premises and cloud-based resources. - Cloud Security Posture Management (CSPM)
Tools and processes used to continuously assess and improve the security posture of cloud environments by identifying and remediating risks. - Cloud Infrastructure Entitlement Management (CIEM)
Solutions that manage and control access entitlements to cloud resources, ensuring users have the appropriate level of access. - Cloud Detection and Response (CDR)
Security technologies designed to detect and respond to threats within cloud environments, providing real-time threat monitoring and automated response capabilities. - Extended Detection and Response (XDR)
An advanced security solution integrating multiple security products into a cohesive system for comprehensive threat detection and response across various environments. - Managed Detection and Response Services (MDR)
Outsourced security services providing continuous monitoring, threat detection, and response capabilities managed by a team of security experts. - Hybrid Cloud Security Platform
A comprehensive security solution designed to protect applications, data, and infrastructure across both on-premises and cloud environments. - Endpoint Security
Measures and technologies used to protect endpoint devices such as computers, mobile devices, and servers from cybersecurity threats. - Osquery
An open-source SQL-powered tool for querying operating system data and monitoring security across various platforms. - Kubequery
An extension of osquery designed specifically for Kubernetes environments to enhance security and visibility. - Zero Trust Architecture
A security model requiring continuous verification for access to resources, based on the principle of "never trust, always verify." - Shift Up Security
A new cybersecurity methodology aimed at eliminating tool, team, and infrastructure silos by adopting a unified approach to security operations and intelligence.
Understanding operations and processes in cybersecurity is important for effective threat management and incident response. This section introduces terms such as Computer Security Incident Response Teams (CSIRT), Threat Hunting, and Vulnerability Management, along with methodologies like Shift Left Security Controls and Risk Prioritization.
- Computer Security Incident Response Team (CSIRT)
A team responsible for responding to and managing security incidents, including threat detection, analysis, and mitigation efforts. - Threat Hunting
The proactive search for cyber threats and adversaries within a network or system, aiming to identify and neutralize potential risks before they cause harm. - Vulnerability Management
The process of identifying, assessing, prioritizing, and mitigating security vulnerabilities in software and hardware systems. - Cloud Compliance
Ensuring that cloud environments and operations adhere to relevant regulatory and industry standards and best practices. - Uptycs Academy
An educational platform offering training and resources to help users effectively utilize Uptycs' security solutions. - Uptycs Security Policies
Defined rules and guidelines established by Uptycs to ensure the security and integrity of systems and data. - Behavioral Detection
Techniques to identify abnormal behaviors within systems that may indicate security threats, often using machine learning. - Threat Intelligence Matches
Correlating observed activities within an organization's environment with known threat intelligence data to identify potential threats. - Post-Exploit Detection
Identifying malicious activities that occur after an initial exploit, aimed at detecting further compromise within a network. - Proactive Threat Hunting
Actively searching for signs of malicious activity within an environment, beyond automated alerts. - TTPs (Tactics, Techniques, and Procedures)
Patterns of behavior used by cyber adversaries, including methods of attack and tools used. - Attack Path Analysis
A proactive security measure that provides a visual representation of potential attack vectors within a cloud environment, helping to preemptively identify and mitigate risks. - Risk Prioritization
Integrating real-time data and contextual analysis to spotlight the most critical vulnerabilities, guiding security teams to focus on the highest risks. - Internet Exposure
The vulnerabilities that arise from misconfigured cloud resources, such as EC2 instances with overly permissive security settings, which serve as entry points for attackers. - Lateral Movement
Techniques used by attackers to move within a compromised network, gaining access to additional systems and data after an initial breach.
Telemetry and analytics play a key role in monitoring and analyzing security data to detect and respond to threats. This section provides insights into terms like Security Analytics, Cloud-Based Security Analytics, and Unified Data Models, as well as tools like Flight Recorder and YARA Rule Scanning.
- Telemetry
The automated process of collecting and transmitting data from remote or inaccessible sources to an IT system for monitoring and analysis. - Security Analytics
The use of data collection, aggregation, and analysis tools to detect and respond to security threats in real time. - Service Mesh
A dedicated infrastructure layer that controls service-to-service communication over a network, offering features like load balancing, encryption, and observability. - Structured Telemetry
Organized and systematic collection of data that provides insights into system performance and health. - Cloud-Based Security Analytics
Security analysis conducted in the cloud, leveraging cloud resources for data processing, threat detection, and response. - Unified Data Models
Standardized data structures that allow for consistent data integration, analysis, and reporting across different systems. - Scalability
The ability of a system or solution to handle increased load or demand by adding resources without affecting performance. - Kubernetes Security Posture Management (KSPM)
Tools and practices designed to secure and manage the security posture of Kubernetes environments. - Security Graph
A visual representation of the relationships and interactions between various security entities, aiding in threat detection and analysis. - Flight Recorder
A tool that continuously records system activity, allowing for detailed analysis and investigation of security incidents. - SDLC Policy Controls
Security measures integrated into the Software Development Life Cycle (SDLC) to ensure compliance with security policies and best practices. - Container Runtimes
Software components that allow containers to run and manage their lifecycle, such as Docker, containers, and CRI-O. - Self-managed Kubernetes
Kubernetes clusters that are deployed, managed, and maintained by an organization's internal team rather than by a third-party provider. - Managed Container Orchestration Platforms
Services provided by third-party vendors to manage container orchestration, such as Amazon EKS, Google GKE, and Azure AKS. - Serverless Technologies
Cloud services that allow developers to build and run applications without managing server infrastructure, such as AWS Lambda and Azure Functions. - Live and Historical Query Investigations
The ability to perform real-time and retrospective analysis of system data to identify security incidents or performance issues. - YARA Scans
A method of detecting malware and other malicious software by defining and matching patterns within files or processes. - CIS Benchmarks
Security best practice guidelines developed by the Center for Internet Security to help organizations secure their systems and data. - CI/CD Process Security
The implementation of security measures within Continuous Integration and Continuous Deployment pipelines to ensure the integrity and security of code throughout the development lifecycle. - Query Packs
Predefined sets of queries in osquery to automate the collection and analysis of security data.
Effective security monitoring and compliance are necessary for maintaining the integrity and security of cloud and container environments. This section includes terms such as Real-time Container Security Visibility, Infrastructure as Code (IaC) Scans, and Compliance Automation, highlighting the importance of continuous monitoring and adherence to security policies.
- Real-time Container Security Visibility
The capability to monitor and analyze the security status of containers in real time, identifying potential threats and vulnerabilities as they occur. - Graphical Kubernetes Overview
A visual representation of a Kubernetes environment, displaying the relationships and status of various components such as nodes, pods, and services. - Namespace, Pod, and Image Risk Assessment
The evaluation of security risks associated with Kubernetes namespaces, pods, and container images to identify and mitigate potential vulnerabilities. - Shift Left Security Controls
Security practices integrated early into the software development process, enabling the identification and resolution of security issues before deployment. - Software Development Lifecycle (SDLC) Security
Security measures implemented throughout the software development lifecycle to ensure code integrity and compliance with security policies. - Infrastructure as Code (IaC) Scans
Automated checks of IaC configurations to detect and remediate security vulnerabilities and misconfigurations in infrastructure provisioning scripts. - OPA Gatekeeper Policy Controls
The use of Open Policy Agent (OPA) Gatekeeper to enforce security and compliance policies within Kubernetes environments. - Indicators of Compromise (IoC)
Data points or evidence that suggest a system may have been breached or is under attack, used for threat detection and response. - YARA Rule Scanning
The process of using YARA rules to identify and categorize malware and other security threats within files and processes. - Real-time Cloud Inventory
Continuous tracking and management of cloud resources to provide up-to-date information about all assets within a cloud environment. - Configuration and Settings Monitoring
The process of overseeing and verifying cloud configurations and settings to ensure compliance and security. - Insights Dashboards
Visual interfaces that provide real-time analytics and insights into cloud security and performance metrics. - Resource Relationship Analysis
Examination of how different cloud resources interact and relate to one another to identify potential security risks and dependencies. - Best-Practice Guardrails
Predefined policies and controls designed to enforce industry best practices within cloud environments. - Audit Checks
Systematic reviews and evaluations of cloud resources and configurations to ensure compliance with security policies and standards. - Vulnerability Highlighting
Identifying and emphasizing potential security weaknesses within a cloud environment for remediation. - Historical Trend Data
The analysis of past data to identify patterns and trends in cloud resource usage and security incidents. - Custom Compliance Checks
Tailored assessments that ensure cloud environments meet specific regulatory and organizational compliance requirements. - Identity Misconfiguration Detection
Identifying incorrect or risky configurations in identity and access management settings that could lead to security breaches. - Access Request Tracking
Monitoring and logging requests for access to cloud resources to ensure proper authorization and traceability. - Identity Risk Posture
An assessment of the overall security risk associated with an organization's identity and access management practices. - Cloud IAM Policy Analysis
Evaluating cloud Identity and Access Management (IAM) policies to ensure they are secure and effective. - Credential Rotation Monitoring
Keeping track of how often and effectively credentials are rotated to minimize the risk of compromise. - Privilege Escalation Detection
Identifying attempts to gain unauthorized access to higher privilege levels within a cloud environment. - Credential Exposure Analysis
Assessing the risk of credentials being exposed to unauthorized entities, potentially leading to security breaches. - Identity Relationship Mapping
Visualizing and analyzing the relationships between different identities and their access rights within a cloud environment. - Least Privilege Implementation
Ensuring that users and services have the minimum level of access necessary to perform their functions, reducing the risk of security incidents. - Cloud Anomaly Detection
Identifying unusual or unexpected behaviors within a cloud environment that could indicate security threats. - Automatic Threat Detection and Response
Automated systems that detect and respond to security threats in real-time without human intervention. - Runtime Threat Detection
Identifying and mitigating threats as they occur in real-time within cloud environments. - Centralized Visibility and Control
A unified interface for monitoring and managing security across multiple cloud environments and services. - Unified API Monitoring
Overseeing and securing API interactions to ensure they are operating correctly and securely across cloud services. - Incident Response Playbooks
Documented procedures outlining steps to take during a security incident to respond effectively. - Credential Escalation
The process by which attackers increase their access privileges within a compromised environment, often by exploiting misconfigurations or vulnerabilities. - Data Exfiltration
The unauthorized transfer of data from a compromised system to an external location controlled by the attacker. - Real-Time ATT&CK-Mapped Detections
Behavioral detections that are mapped to the MITRE ATT&CK framework, providing real-time alerts and remediation steps. - Runtime Security
Ensuring that only trusted and verified code is executed within a cloud or container environment, protecting against runtime threats. - Compliance Automation
Automating the processes required to meet various compliance standards, such as NSA Kubernetes hardening checks, CIS Benchmarks, SOC 2, PCI-DSS, HIPAA, and ISO 27001.