CyberArk glossary

Cybersecurity is awash in technical terms and industry buzzwords. The CyberArk Glossary is your guide through a sea of complicated terminology, providing easy-to-understand definitions and resources for further exploration.

A

Access Certification

Access Certification facilitates the review of a user’s access privileges and requires a third-party to certify that the access should continue to be granted for a designated period of time.

Learn more about

Access Certification

Access Discovery

Access discovery provides administrators with a clear picture of who has access to what applications, resources or privileges across the organization.

Learn more about

Access Discovery

Access Management

Access management solutions are used by businesses to authenticate, authorize and audit access to on-premises and cloud-based applications and IT systems.

Learn more about

Access Management

Active Directory

Active Directory (AD) is Microsoft’s directory and identity management service for Windows domain networks. AD is used for user authentication and authorization by a variety of Microsoft solutions like Exchange Server and SharePoint Server, as well as third-party applications and services.

Learn more about

Active Directory

Adaptive Multi-Factor Authentication (MFA)

Adaptive MFA is a method for using contextual information and business rules to determine which authentication factors to apply to a particular user in a particular situation. Businesses use Adaptive Authentication to balance security requirements with the user experience.

Learn more about

Adaptive Multi-Factor Authentication (MFA)

Application (App) Gateway

An app gateway is an enterprise security solution that lets users access traditional web applications hosted in corporate data centers using the same logon credentials and methods they use to access mobile apps and cloud services.

Learn more about

Application (App) Gateway

Authentication Authorization

Authentication and Authorization solutions positively validate a user’s identify and grant permission to access applications and IT systems once verified.

Learn more about

Authentication Authorization

B

Bot Security

Bots automate and supplement human workflows helping organizations improve business agility, reduce costs and risks, and free up staff for higher value tasks.

Learn more about

Bot Security

C

CI/CD Pipeline

A CI/CD pipeline is a collection of tools used by developers and test engineers throughout the continuous software development, delivery and deployment lifecycle.

Learn more about

CI/CD Pipeline

Cloud IAM Permissions

Cloud identity and access management (IAM) permissions let IT and security organizations control access to the resources in their cloud environments.

Learn more about

Cloud IAM Permissions

Cloud Infrastructure Entitlements Management (CIEM)

Sometimes referred to as Cloud Entitlements Management solutions or Cloud Permissions Management solutions, CIEM solutions apply the Principle of Least Privilege access to cloud infrastructure and services, helping organizations defend against data breaches, malicious attacks and other risks posed by excessive cloud permissions.

Learn more about

Cloud Infrastructure Entitlements Management (CIEM)

Cloud Workload Security

Cloud workload security refers to the practice of protecting applications, services, capabilities run on a cloud resource. Virtual machines, databases, containers and applications are all considered cloud workloads.

Learn more about

Cloud Workload Security

Customer Identity and Access Management (CIAM)

CIAM solutions control access to public websites and digital properties, making it easy for customers to sign up and log on to online applications and services.

Learn more about

Customer Identity and Access Management (CIAM)

Cyber Insurance

Businesses purchase cyber insurance (also known as cybersecurity insurance) to mitigate financial loss due to cyber attacks and data breaches.

Learn more about

Cyber Insurance

D

Data Breach

A data breach is a security incident in which malicious insiders or external attackers gain unauthorized access to confidential data or sensitive information such as medical records, financial information or personally identifiable information (PII). Data breaches are one of the most common and most costly types of cybersecurity incidents.

Learn more about

Data Breach

Data Sovereignty

Data sovereignty is the ability of enterprises to safeguard and have full control over the personally identifiable information (PII) of any citizen or permanent resident of the country in which it operates.

Learn more about

Data Sovereignty

Defense-in-Depth

A defense-in-depth strategy, aka a security-in-depth strategy, refers to a cybersecurity approach that uses multiple layers of security for holistic protection.

Learn more about

Defense-in-Depth

DevOps Security

DevOps Security is the practice of securing modular, containerized applications that are built by agile development teams that use DevOps methodologies, practices and approaches.

Learn more about

DevOps Security

Directory Services

A directory service is a common data repository for maintaining information about network users and resources as part of their Identity Security strategy.

Learn more about

Directory Services

E

Endpoint Security

Endpoint security refers to the practice of protecting enterprise networks against threats originating from on-premises or remote devices. An endpoint is any device that provides an entry point to corporate assets and applications and represents a potential cybersecurity vulnerability.

Learn more about

Endpoint Security

F

FedRAMP Authorization

Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that standardizes the security assessment, authorization and continuous monitoring of cloud products and services.

Learn more about

FedRAMP Authorization

G

H

Healthcare Cybersecurity

Healthcare cybersecurity protects organizations from cyber attacks and ensures availability of medical services, integrity of patient data, and compliance.

Learn more about

Healthcare Cybersecurity

I

Identity and Access Management (IAM)

Identity and Access Management (IAM) solutions enable administration of user identities and control of access to enterprise resources. IAM solutions ensure the right individuals have access to the right IT resources, for the right reasons, at the right time.

Learn more about

Identity and Access Management (IAM)

Identity as a Service (IDaaS)

Identity as a Service (IDaaS) is an Identity and Access Management solution delivered in the form of a cloud-based service hosted and managed by a trusted third party. An IDaaS offering combines all the functions and benefits of an enterprise-class IAM solution with all the economic and operational advantages of a cloud-based service.

Learn more about

Identity as a Service (IDaaS)

Identity Governance and Administration (IGA)

Identity Governance and Administration (IGA) solutions efficiently manage digital identities and access rights across diverse systems and are used by corporate information security, risk management, compliance teams and IT organizations.

Learn more about

Identity Governance and Administration (IGA)

Identity Lifecycle Management

Identity lifecycle management refers to the process of managing the user identities and evolving access privileges of employees and contractors throughout their tenure—from day one through separation.

Learn more about

Identity Lifecycle Management

Identity Orchestration

Learn everything you need to know identity orchestration and how it automates identity management workflows without writing custom codes or scripts.

Learn more about

Identity Orchestration

Identity Security

Identity Security is a comprehensive solution for securing all identities– human or machine – throughout the cycle of accessing critical assets.

Learn more about

Identity Security

Identity Threat Detection and Response (ITDR)

Identity Threat Detection and Response (ITDR) is a security discipline consisting of cyber threat intelligence, behavior analysis, tools and structured processes to enhance identity infrastructure security and accelerate the remediation of identity-centric attacks.

Learn more about

Identity Threat Detection and Response (ITDR)

J

Just-In-Time Access

Using the just-in-time (JIT) access methodology, organizations can elevate human and non-human users in real-time to provide elevated and granular privileged access to an application or system in order to perform a necessary task. Cybersecurity industry analysts recommend JIT access as a way of provisioning secure privileged access by minimizing standing access.

Learn more about

Just-In-Time Access

K

Kubernetes

Kubernetes, also known as K8s, is a popular open-source container orchestration platform designed for cloud portability across hybrid and multi-cloud infrastructure. 

Learn more about

Kubernetes

L

Least Privilege

The principle of least privilege (PoLP) refers to an information security concept in which a user is given the minimum levels of access – or permissions – needed to perform his/her job functions. The principle of least privilege is widely considered to be a cybersecurity best practice and is a fundamental step in protecting privileged access to high-value data and assets.

Learn more about

Least Privilege

M

Malware Attacks

Malware attacks are any type of malicious software designed to cause harm or damage to a computer, server, client or computer network and/or infrastructure without end-user knowledge. Cyber attackers create, use and sell malware for many different reasons, but it is most frequently used to steal personal, financial or business information.

Learn more about

Malware Attacks

MITRE ATT&CK Framework

Mitre Att&ck is an open framework for implementing cybersecurity detection and response programs that includes a global knowledge base of adversarial TTPs.

Learn more about

MITRE ATT&CK Framework

Multi-cloud

Multi-cloud leverages two or more cloud services from more than one cloud provider. In the enterprise, multi-cloud typically refers to running enterprise applications on platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS) from multiple cloud service providers, such as Amazon Web Services (AWS), Google Cloud Platform (GCP), IBM cloud and Microsoft Azure.

Learn more about

Multi-cloud

Multi-Factor Authentication (MFA)

Multi-Factor Authentication is a method for using contextual information and business rules to determine which authentication factors to apply to a particular user in a particular situation. Businesses use MFA to balance security requirements with the user experience.

Learn more about

Multi-Factor Authentication (MFA)

N

NIS2 Directive

The NIS2 (Network and Information Security) Directive is a regulatory framework established by the European Union(EU) to enhance the cybersecurity of critical infrastructure and digital service providers.

Learn more about

NIS2 Directive

O

Operational Technology (OT) Cybersecurity

Operational Technology (OT) cybersecurity is a key component of protecting the uptime, security and safety of industrial environments and critical infrastructure.

Learn more about

Operational Technology (OT) Cybersecurity

P

Passwordless Authentication

Passwordless Authentication is an authentication method that allows a user to gain access to an application or IT system without entering a password or answering security questions.

Learn more about

Passwordless Authentication

Phishing Attack

A phishing attack is a social engineering tactic commonly used to steal confidential data or deliver ransomware or some other form of malware.

Learn more about

Phishing Attack

Privileged Access Management (PAM)

Privilege access management (PAM) refers to a comprehensive cybersecurity strategy – comprising people, processes and technology – to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment. Organizations implement privilege access management to protect against the threats posed by credential theft and privilege misuse.

Learn more about

Privileged Access Management (PAM)

Q

R

Ransomware

Ransomware is a type of malware designed to extort victims for financial gain. Once activated, ransomware prevents users from interacting with their files, applications or systems until a ransom is paid, usually in the form of an untraceable currency like Bitcoin.

Learn more about

Ransomware

Remote Access Security

Remote access security solutions authenticate users who are accessing business applications and IT systems from outside the private enterprise network.

Learn more about

Remote Access Security

Remote Work Security

Remote work security safely extends business applications and services to teleworkers and nomadic users without impairing user experience or satisfaction.

Learn more about

Remote Work Security

Robotic Process Automation (RPA)

Robotic process automation (RPA) is an automation technology that helps organizations to partially or fully automate standardized tasks. Robotic process automation software robots, or “bots” can mimic the actions of humans to perform work.

Learn more about

Robotic Process Automation (RPA)

S

SaaS

Software-as-a-Service (SaaS) is a software licensing and distribution model in which a service provider hosts applications and makes them available to customers over the Internet. Also referred to as “on-demand software,” “hosted software,” and “web-based software,” SaaS is one of three main components of cloud computing—which is one of the foundational elements of digital transformation.

Learn more about

SaaS

Secrets Management

Secrets management allows organizations to consistently enforce security policies for non-human identities. Secrets management provides assurance that resources across tool stacks, platforms and cloud environments can only be accessed by authenticated and authorized entities.

Learn more about

Secrets Management

Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML) provides a standard way for businesses and application providers to share user authentication and authorization data and federate identity management functionality.

Learn more about

Security Assertion Markup Language (SAML)

Security Framework

A security framework (also known as a cybersecurity framework) is a collection of well-documented standards, policies, procedures and best practices intended to strengthen an organization’s security posture and reduce risk.

Learn more about

Security Framework

Security Operations

Security Operations (SecOps) is the practice of combining internal information security and IT operations practices to improve collaboration and reduce risks.

Learn more about

Security Operations

Single Sign-On (SSO)

Single Sign-On (SSO) is an authentication method that lets users access multiple applications and services using a single set of login credentials. SSO can help businesses improve user satisfaction and productivity, strengthen access security, and reduce IT operations expense and complexity.

Learn more about

Single Sign-On (SSO)

SOC 2

SOC 2 (Service Organization Control Type 2) is a cybersecurity compliance framework developed by the American Institute of Certified Public Accountants (AICPA) that helps manage customer data within the cloud.

Learn more about

SOC 2

Social Engineering

Social engineering is a manipulation technique aimed at tricking individuals into revealing sensitive information

Learn more about

Social Engineering

Synthetic Identity

Synthetic identity refers to a counterfeit identity formed by combining a mix of genuine and false information, blurring the line between physical and digital characteristics that identify a human being.

Learn more about

Synthetic Identity

T

Temporary Elevated Access Management

Temporary elevated access management (TEAM) access methodology helps organizations elevate privileges for human and non-human users in real time to provide granular access to an application or system in order to perform a necessary task.

Learn more about

Temporary Elevated Access Management

Third-Party Access

Third-party access is the process of granting external vendors and service providers secure access to IT assets for maintenance, administration and management.

Learn more about

Third-Party Access

U

User Behavior Analytics

User behavior analytics use AI and machine learning to analyze large datasets to identify security breaches, data exfiltration and other malicious activities.

Learn more about

User Behavior Analytics

V

Virtual Directory

A virtual directory is an Identity and Access Management architectural component that gives identity consumers a consolidated and unified view of identity management information stored in multiple disparate data repositories.

Learn more about

Virtual Directory

W

X

Y

Z

Zero Standing Privileges

Zero Standing Privileges (ZSP) is a security principle that advocates for the removal of persistent access privileges for users within an enterprise network, the next logical progression from just-in-time access.

Learn more about

Zero Standing Privileges

Zero Trust

Zero Trust is a strategic cybersecurity model designed to protect modern digital business environments. Zero Trust is centered on the belief that organizations should not automatically trust anything, whether it’s outside or inside its network perimeter. Zero Trust models demand that anyone and everything trying to connect to an organization’s systems must first be verified before access is granted.

Learn more about

Zero Trust