managed file transfer (MFT)

Software that encompasses all aspects of inbound and outbound file transfers while using industry-standard network protocols and encryption. Fortra’s GoAnywhere, Globalscape, and FileCatalyst product lines deliver MFT solutions.

managed file transfer as a service (MFTaaS)

A hosted managed file transfer solution using the vendor’s infrastructure. Why a SaaS Solution Can Benefit Your Company

managed security service (MSS)

Outsourced network security services.

managed security service provider (MSSP)

A vendor that provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.

managed service provider (MSP)

A vendor that delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers’ premises, in their MSP’s data center (hosting), or in a third-party data center.

multifactor authentication​​​​​​​ (MFA)

Electronic authentication method in which a user is granted access to a website or application only after presenting two or more pieces of identity authentication.

National Institute of Standards and Technology (NIST)

A physical sciences laboratory, and a nonregulatory agency of the U.S. Department of Commerce. The NIST promotes U.S. innovation and industrial competitiveness in the fields of technology, engineering, IT, and more. What is NIST?

North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP)

NERC Critical Infrastructure Protection (NERC-CIP) is a set of requirements designed to secure the assets required for operating North America's bulk electric system.

offensive security

Offensive security involves proactively testing an organization's defenses by simulating real-world attacks, such as through penetration testing, in order to identify and fix exploitable vulnerabilities.

Open PGP

A popular encryption standard that protects the privacy and integrity of sensitive files. Open PGP is an open-source offshoot of PGP that uses PGP as its foundation. Everything You Need to Know About Open PGP Encryption

open source

Software that comes with permission to use, copy, and distribute, either as-is or with modifications, and that may be offered either free or with a charge.

Open Worldwide Application Security Project (OWASP)

The Open Worldwide Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open resources.

Payment Card Industry Data Security Standard (PCI DSS, PCI)

The comprehensive set of requirements designed to ensure that any company that processes, stores, or transmits credit card information does so by maintaining a secure environment. The requirements were established to help prevent payment data breaches and payment card fraud.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC), made up of major payment companies, including Visa, MasterCard, American Express, Discover, and JCB, administers and manages the PCI DSS standard. However, enforcing the compliance of PCI DSS is the responsibility of the individual payment brands.

penetration testing

Also called pen testing. An attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. Fortra’s Core Security Core Impact, Cobalt Strike, and IBM i product lines deliver pen testing solutions.    

personally identifiable information (PII)

Data that directly or indirectly identifies a specific individual, such as names, addresses, biometrics, and alphanumeric account numbers.

platform as a service (PaaS)

A form of cloud computing in which a provider delivers hardware and software tools on its own infrastructure to users over the internet.

Pretty Good Privacy (PGP)

An encryption program that provides cryptographic privacy and authentication for data communication. See also Open PGP.

privileged access management (PAM)

Giving users only the access they need and ensuring that least privileged access is enforced. Fortra’s Core Privileged Access Manager (BoKS) product delivers privileged access management solutions.    

purple teaming

A collaborative security practice that integrates the offensive capabilities of an organization's Red Team with the defensive capabilities of its Blue Team to ensure continuous improvement and validate security controls.

ransomware

A type of malware that locks users and system administrators out of computers, files, and networks until a ransom is paid. Ransomware can be unknowingly downloaded and launched when users click on email or website links.

ransomware as a service (RaaS)

A business model where threat actors can purchase pre-packaged ransomware kits to launch on their targets without needing the expertise to develop the code themselves.

rapid penetration test (RPT)

Automation that enables admins to discover, test, and report on vulnerabilities easily.

red team

Offensive security professionals, experts in attacking systems.

redaction

Blacking out sensitive data within a document or dataset.

sanitization

Permanent removal of sensitive data from a document, image or dataset, including any hidden fields. Also known as document sanitization or data sanitization.

Sarbanes-Oxley (SOX)

A United States federal law that addresses financial recordkeeping and reporting. It requires that any publicly traded American or overseas company registered with the Securities and Exchange Commission (SEC) demonstrate strong and transparent internal control over their financial reporting (ICFR). Companies that provide financial services to such firms also fall under SOX compliance obligation. In addition, top executives ultimately are held responsible for the accuracy of the financial data of their organization, under SOX.

secure file transfer (SFT)

Secure file transfer is a data sharing method that uses secure protocols and encryption to safeguard data in transit and at rest.

secure file transfer protocol (Secure FTP)

A secure version of FTP, which facilitates data access and transfer over a Secure Shell (SSH) data stream. What is Enterprise SFTP Software?

secure mail transfer protocol/secure (SMTPs)

A more secure version of SMTP, this is a protocol for sending email messages between servers using TLS, or Transport Layer Security, and formerly SSL.

secure shell file transfer protocol (SFTP)

A network protocol that organizations can use to secure and send file transfers over SSH (Secure Shell).

security awareness training

Technology that implements educational programs designed to inform employees about cybersecurity threats, company policies, and best practices to better prepare them to recognize and avoid risks like phishing and social engineering.

security configuration management (SCM)

The management and control of configurations for an information system to enable security and facilitate the management of risk.

security information and event management (SIEM)

Software that gives organizations helpful insights into potential security threats across critical business networks. This is possible via centralized collection and analysis of normalized security data pulled from a variety of systems, including antivirus applications, firewalls, and intrusion prevention solutions. Fortra’s Core Security and Powertech product lines deliver SIEM solutions.

security operations center (SOC)

A security operations center is a strategic command center facility for fighting cyberattacks through monitoring, threat analysis, and more. SOC analysts perform around-the-clock monitoring of an organization's network and investigate any potential security incidents.

shadow IT

When a company’s employees use hardware or software, particularly SaaS applications, on the corporate network without the knowledge of the IT team. This puts the organization at risk.