secure file transfer protocol (Secure FTP)

A secure version of FTP, which facilitates data access and transfer over a Secure Shell (SSH) data stream. What is Enterprise SFTP Software?

secure mail transfer protocol/secure (SMTPs)

A more secure version of SMTP, this is a protocol for sending email messages between servers using TLS, or Transport Layer Security, and formerly SSL.

Secure Shell (SSH)

A cryptographic network protocol for operating network services securely over an unsecured network.

secure shell file transfer protocol (SFTP)

A network protocol that organizations can use to secure and send file transfers over SSH (Secure Shell).

secure sockets layer (SSL)

Secure sockets layers protect connections between web users and websites when using an unsecured network. They ensure that private details like credit card numbers, social security numbers, and login information are sent safely and securely.

security configuration management (SCM)

The management and control of configurations for an information system to enable security and facilitate the management of risk.

security information and event management (SIEM)

Software that gives organizations helpful insights into potential security threats across critical business networks. This is possible via centralized collection and analysis of normalized security data pulled from a variety of systems, including antivirus applications, firewalls, and intrusion prevention solutions. Fortra’s Core Security and Powertech product lines deliver SIEM solutions.

security operations center (SOC)

A security operations center is a strategic command center facility for fighting cyberattacks through monitoring, threat analysis, and more. SOC analysts perform around-the-clock monitoring of an organization's network and investigate any potential security incidents.

security orchestration, automation, and response (SOAR)

Security orchestration, automation, and response is a group of software programs that cooperate to assist a company in gathering details about security issues and managing security concerns automatically without relying solely on human effort. These platforms enhance the effectiveness and speed of both physical and digital security tasks. Security orchestration, automation and response is also known as SOAR.

security risk intelligence (SRI)

The ability of an organization to gather information that will successfully identify uncertainties in the workplace.

service level agreement (SLA)

A service level agreement is a formal and enforceable agreement between a service giver and one or more customers that outlines the rules and arrangements for how long the contract will last. It covers when the customer pays for the service, and the provider must provide it as promised. They are also referred to as SLAs.

shadow IT

When a company’s employees use hardware or software, particularly SaaS applications, on the corporate network without the knowledge of the IT team. This puts the organization at risk. 

single pane of glass (SPOG)

Single pane of glass is a term used throughout the IT and management fields relating to a management tool that unifies data or interfaces across several different sources and presents them in a single view.

single sign-on (SSO)

An authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

site reliability engineering (SRE)

Site reliability engineering is a set of principles and practices that incorporates aspects of software engineering and applies them to IT infrastructure and operations.

software as a service (SaaS)

A software distribution model in which software is licensed on a subscription basis and is centrally hosted. It is a form of cloud computing that gives users access to software that runs on a shared resource online.

spear phishing

A cybercrime that uses emails to carry out targeted attacks against individuals and businesses.

static application security testing (SAST)

Static application security testing is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities.

steganography

The practice of concealing data within a computer file, image, or video.

supervisory control and data acquisition (SCADA)

A system used in manufacturing for acquiring measurements of process variables and machine states, and for performing regulatory or machine control across a process area or work cell.

System and Organization Controls (SOC)

SOC is a suite of reports from the American Institute of CPAs (AICPA) that CPA firms can issue in connection with system-level controls at a service organization. There is a SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity report offering.

threat actor

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

threat fusion center (TFC)

Standard cybersecurity services, such as threat detection and response, are combined with advanced security features and tools, including threat intelligence, data analytics, security information and event management (SIEM) technologies, and user and entity behavior analytics.

threat intelligence (TI)

The analysis of data using tools and techniques to generate meaningful information about existing or emerging threats targeting the organization that helps mitigate risks.

threat vulnerability management (TVM)

The cyclical practice of identifying, assessing, classifying, remediating, and mitigating security weaknesses together with fully understanding root cause analysis to address potential flaws in policy, process and, standards – such as configuration standards.

transport layer security (TLS)

A cryptographic protocol that provides end-to-end communications security over networks and is widely used for internet communications and online transactions.

trivial file transfer protocol (TFTP)

A protocol based around FTP technology that uses a different approach to how files are transferred. It is a stripped-down transfer protocol that can only be used to send and receive files. TFTP is best used when encryption or advanced security isn’t required.

unified endpoint management (UEM)

Enables companies to remotely supervise business data, licenses, applications, usage, and security on a multitude of devices from a single console.

unified threat management (UTM)

An approach to information security where a single hardware or software installation provides multiple security functions. This contrasts with the traditional method of having point solutions for each security function.

Uniplexed Information and Computing System (UNIX)

A widely used multiuser operating system.

value-added reseller (VAR)

An organization that is part of a sales channel for an original equipment manufacturer (OEM). VARs sell products on behalf of the OEM.

virtual machine (VM)

A software implementation of a hardware-like architecture, which executes predefined instructions in a fashion similar to a physical central processing unit (CPU). VMs are partitions of servers so different applications can run separately.

virtual private network (VPN)

A VPN extends a private network across a public network. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to a private network.

vishing, voice phishing

The use of manipulative, phone-based tactics to get victims to reveal private information that can be used for digital theft.

voice of customer (VOC)

Getting feedback directly from customers to inform strategy.

vulnerability assessment (VA)

A rapid automated review of network devices, servers and systems to identify key vulnerabilities and configuration issues that an attacker may be able to take advantage of.