malware incidents Reading Time: 9 minutes

Endpoint Protection

Here’s an A to Z glossary of terms related to Endpoint Protection-


Advanced Persistent Threat (APT) – An unauthorized person gaining access to a network, staying there undetected for a long period of time, intending to steal data than to cause damage to the network/organization.

Analytics– Discovering meaningful data patterns, usually using an analytics software solution.

Antivirus– Software used to detect, block and remove malware.

Audit– Systematic evaluation of the network, information security practices and policies etc of a company.


Black Hat Hacker – A hacker who violates computer security with malicious intent or for personal gain.

Bot– A computer that is taken over and controlled by a remote hacker.

Botnet– A network of computers that’s infected with malware and thus taken over and controlled by a remote hacker.

Breach– An incident that results in stealing, potential exposure or disclosure of sensitive, protective or confidential data.


Certified Information Systems Security Professional (CISSP) – A security professional who has attained the Information System Security Professional Certification, which is a vendor-neutral independent certification offered by the (ISC)² (International Information System Security Certification Consortium).

Chief Information Officer (CIO) – A senior executive within an organization who is in charge of and responsible for IT and computer systems supporting enterprise goals.

Chief Information Security Officer (CISO) – A senior-level executive in an enterprise who has the responsibility of establishing and maintaining the enterprise vision, strategy, and program to ensure that the information assets and technology of the organization are protected.

Compliance– A term that’s used to refer to an organization’s compliance with government regulations regarding data storage and management plus other IT processes.

Computer Fraud and Abuse Act (CFAA) – This US legislation of 1986 makes accessing a protected computer without proper authorization a federal crime.

Cybercrime – This refers to any illegal or criminal activity that involves a computer or network-connected device.


Dashboard – A tool which comprises of a single screen and shows reports and other metrics that an organization is studying and which is used to create, deploy and analyze information.

Data Loss Prevention (DLP) – A strategy for preventing data loss, for ensuring that end users don’t send data outside the enterprise network. DLP tools help network administrators control what data end users can transfer and thus prevent data loss.

DDoS Attack– A DDoS (Distributed Denial-of-Service) attack happens when a large number of compromised systems target a single system or internet resource and flood or overload its servers with superfluous requests, thereby causing a denial of service for legitimate users of the system.


Encryption – The process by which data is transformed into codes so as to prevent anyone from attempting to access original data in an unauthorized manner.

Endpoint – An endpoint, in simple terms, refers to any device that’s connected to a network via the internet.

Endpoint Protection Platform (EPP) – Security solution that comprises a set of software tools and technologies and helps secure endpoint devices. It brings together antivirus, antispyware, intrusion detection/prevention, a personal firewall and other endpoint protection solutions and offers them as a single package, a single solution.

Endpoint Security – This refers to protecting a network from unauthorized access and threats or attacks that may happen via the endpoints.
What is Endpoint Security?

Endpoint Threat Detection and Response – The class of endpoint security solutions that are focused on detecting, investigating, and mitigating illicit activities and problems on hosts and endpoints.

Event – This may refer to any action or the result of an action. In an enterprise set-up or organizational set-up, events are monitored and logged so as to ensure security.

Event Correlation – This refers to linking multiple events together, making sense of this large number of events, pinpointing relevant and important events, and detecting strange behaviors from this mass of information.

Exploit – This refers to any strategy or method used by an attacker to gain unauthorized entry into a system, network or device.


False Positive – This refers to any normal behavior on a network which mistakenly gets identified as malicious activity. When there are too many such false positives, they can drown out true alerts too.

File Integrity Monitoring (FIM) – Refers to the process of validating the integrity of the OS (operating system) and the application software files. This is done using a verification method between the current file state and a known, good baseline state.
Firewall – A firewall is a network security device used to monitor, filter and control network traffic and access based on set rules and policies.

FISMA – Federal Information Security Management Act (FISMA) is a US legislation, signed into law as part of the Electronic Government Act of 2002. This law defines a comprehensive framework to protect government digital information, operations, and assets against threats.


Gateway – Refers to program or a device that is used to connect systems or networks to the internet, or with different network architectures.

GLBA – The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is an act of US Congress that repealed part of the Glass-Steagall Act. The Financial Privacy Rule, which is included in the GLBA, governs the collection and disclosure of customers’ personal financial information by financial institutions.

GRC – GRC (Governance, Risk Management and Compliance) refers to an organization’s coordinated strategy for integrating and managing IT operations that are subject to regulation. These include things like corporate governance, enterprise risk management (ERM) and corporate compliance.


Hacker – Refers to any individual who uses illicit methods to gain access to computers and networks, with an aim to cause sabotage or theft of data.

HIPAA – HIPAA (Health Insurance Portability and Accountability Act), passed by the US Congress in 1996, comprises of a Rule on Security Standards (issued in 2003), deals with Electronic Protected Health Information (EPHI) and lays out security safeguards required for compliance.

Honeypot – Refers to computer systems that may seem like part of a network but are actually used as a decoy to attract and trap cyber criminals trying to gain entry into the network.


Identification – Refers to the process of gathering information about an entity and the consequent verification of the accuracy of the gathered information.

Incident response – This refers to the organizational approach of addressing and managing the aftermath of an incident (attack or data breach). An Incident Response Plan is for limiting damages and for bringing down recovery time and costs following an incident.

Information Security – This refers to preventing the unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. It also refers to the processes and methodologies designed and implemented to prevent such access, use etc.

Infrastructure – Here the reference is to IT (Information Technology) Infrastructure, which refers to the hardware and the virtual resources supporting an overall IT environment.

Intrusion Detection and Prevention Systems – This term refers to the network security appliances that are used to monitor network and/or system activities with an aim to detect malicious activity.




Legacy Solution – Refers to an old method or outdated tool, technology, computer system, or application program.


Machine Learning – Machine Learning is that area of computer science which deals with computers acquiring the ability to learn without being programmed to do so. This is a kind of artificial intelligence that focuses on the development of computer applications that can teach themselves to change when exposed to new data.

Malware – This term refers to any software that has been designed to gain unauthorized access to any computer and/or damage/disrupt the system or any activities related to the system or a network.


NERC CIP – The NERC CIP (North American Electric Reliability Corporation critical infrastructure protection) plan refers to a set of requirements that have been designed to secure the assets which are required for operating the bulk electric system in North America. It comprises of 9 standards and 45 requirements and it covers areas like the security of electronic perimeters, protection of critical cyber assets, personnel and training, security management, disaster recovery planning etc.

Network Security – Refers to the procedures and the policies that are implemented to avoid hacking or exploitation of a network and its resources.

Next Generation Firewall – An integrated network platform that brings together traditional firewall capabilities and other filtering functionalities, including DPI (Deep Packet Inspection), intrusion prevention etc.


Operations Security (OPSEC) – Refers to the process of identifying and then protecting general, unclassified information/processes that can be accessed by a competitor and which can be pieced together to gain real information.


PCI DSSPCI DSS (Payment Card Industry Data Security Standard) refers to the proprietary information security standards that are mandatory for organizations that handle card payments.

Penetration Testing – Also referred to as pen test, Penetration testing is the testing of a system, network, or applications by carrying out some attacks. The aim is to look for flaws and vulnerabilities and thus evaluate the security of the system, network or application.

Perimeter – The boundary between the private, locally managed side of a network and its public side, which is usually provider managed.

Predictive Analytics – The system of analytics that helps discover patterns in large data sets, which would in turn help predict future behavior and discover data breaches before they happen.



Ransomware – A kind of malware that causes access to a computer system to be blocked. Access can be regained only after a ransom is paid.

Real-Time Analytics – Analytics that involves data as they come into a system, or streaming data as it’s often referred to. This helps make decisions instantly, based on the analytics.

Remote Access Tool – A piece of software that is used to remotely access a computer and control it. When remote access tool is used for malicious purposes, it’s called RAT (Remote Access Trojan).

Reporting – Collecting and submitting data (from various sources and software tools) so that the data can be easily understood and analyzed.

Rootkit – A collection of tools or software that would enable administrator-level access to a network. Rootkits are often installed on computers by crackers to gain access to systems and data.


Sandbox – A security mechanism that helps separate running programs. This is used to execute untested codes or untested programs that come from unverified third parties, users, websites etc in such a way that they don’t cause harm to hosting machine or its OS.

Service Level Agreement (SLA) – A contract between a service provider (internal or external) and the end user for defining the level of service expected. These output-based or service-based agreements would specifically state what all services the customer can expect to receive.

Security Incident – Any notable change in the normal operations of a network. This is also called a security event and may be caused by a security breach or a failure of a security policy. It could also be just a warning about a threat to information or computer security.

Security Manager – A person, a piece of software or a platform that takes on security management tasks.

Security Operations Center (SOC) – A centralized unit that takes care of security issues on an organizational and technical level. The whole security supervision within an organization is done from the SOC.

Security Policy – A document that gives a detailed outline of how security would be handled in an organization. It details how the organization would protect itself from threats and how security incidents would be handled as and when they occur.

Secure Web Gateway (SWG) – A tool used to filter malware or any unwanted software from the internet traffic and leads to the implementation of regulatory policy compliance.

Software as a Service (SaaS) – A software licensing and delivery model in which software centrally hosted and is licensed on a subscription basis. Also referred to as “on-demand software”, SaaS is typically accessed by users using a client via a web browser.

SOX – SOX, the Sarbanes–Oxley Act of 2002, is a US Federal law that sets new or expanded requirements for US public company boards, management and public accounting firms. Also known as Sarbox, the act also has provisions that apply to privately held companies. As per this act, all companies must establish internal controls and procedures for financial reporting and thus reduce possibilities of corporate fraud.

Spyware – A malware that allows a hacker to gather information about a system and its activities, about a person or an organization without their knowledge. The spyware helps the hacker send information that’s gathered in such a manner to another system or device, without the person’s/organization’s knowledge or consent.


Targeted Attack – A cyber attack that seeks to breach the security measures of a specific organization or individual. It would begin with gaining access to a system or network, followed by attacks designed to cause harm, steal data etc.

Threat Intelligence – Refers to intelligence or information relating to current or potential attacks on an organization.

Trojan – Named after the Trojan horse in Greek mythology, this is a piece of malware that cheats a user into installing it, disguising as a legitimate program.


Unified Threat Management – Also known as USM (Unified Security Management), this refers to a unified or converged platform of security products. As Wikipedia defines…”UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system: network firewalling, network intrusion detection/prevention (IDS/IPS), gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data loss prevention, and on-appliance reporting”.


Virus – A kind of malware (malicious software) which, when executed, replicates by reproducing itself or infecting other computer programs by modifying them.

Vulnerability – Refers to a flaw in a system/program/network which can leave the system/program/network open to a malware attack. It could also be used to refer to a weakness or flaw in security procedures or even personnel.

Vulnerability Scanning – Refers to scanning a system/network for possible vulnerabilities, exploits, or security holes.


White Hat hacker– A hacker who looks for, finds and discloses vulnerabilities on time to prevent malicious attacks.




Zero Day Attack –An attack or exploit that happens exploiting a flaw or security hole that’s unknown to the vendor. Such attacks happen before the vendor knows about the flaw and fixes it.

Endpoint security

Related Resources

What is Device Manager?

Device Manager for Android

DDoS Attack Forces Wikipedia Offline

What Is The Importance Of ITSM

EDR Security

Endpoint Detection and Response