Glossary
Dark Web
Also known as the darknet, the dark web is a part of the deep web that requires special means of access, including special software or other configurations for anonymous entry. It has long been considered a place for nefarious activity and possesses many legal barriers for law enforcement agencies.
Dark Web Forum
Online discussion boards hosted on the dark web anonymously that often attract discussions and exchanges associated with illegal and sensitive behavior.
data access governance (DAG)
An auditing, compliance, and governance framework for unstructured data and critical applications that provides comprehensive data collection, analysis, categorization and remediation workflows, and reporting.
data classification (DC)
This industry term refers to securing sensitive data against accidental and inadvertent loss. Fortra’s Titus and Boldon James product lines deliver data classification solutions.
data exfiltration
The unauthorized removal of data from a dataset. Fortra’s Clearswift product line delivers Data Loss Prevention solutions. See also DLP.
data loss prevention (DLP)
A set of tools and processes used to ensure sensitive data is not lost, misused, or accessed by unauthorized users. Fortra’s Clearswift and Digital Guardian product lines deliver Data Loss Prevention solutions.
data security posture management (DSPM)
Technology that continuously monitors and analyzes sensitive data across cloud and hybrid environments to identify risks, enforce security policies, and ensure proper governance.
decryption
The process of taking encoded or encrypted text or other data and converting it back into text that a human or the computer can read and understand.
Deep Web
Parts of the internet not indexed by everyday search engines. This may include password-protected, encrypted, and other protected sites; along with the dark web. Examples of deep web content include medical records, academic databases, financial records, etc.
defensive security
Defensive security encompasses the strategies, tools, and practices used to protect an organization's systems and data by implementing preventative controls and actively monitoring for threats.
Deposit Fraud
The process by which a threat actor makes a fraudulent deposit into a victim’s bank account — often using fake, tampered, or stolen checks via mobile deposit — to facilitate social engineering attacks and/or account takeover.
DevOps
A change in IT culture, focusing on rapid IT service delivery through the adoption of Agile, lean practices in the context of a system-oriented approach.
digital rights management (DRM)
A broad term that describes how organizations control the publication and use of digital assets. Fortra’s Vera provides a digital rights management solution.
digital risk protection (DRP)
An operational process that combines intelligence, detection, and response to mitigate attacks across the external digital risk landscape.
distributed denial of service (DDoS)
A common form of cyberattack that disrupts the normal functioning of a website, often targeting government, retail, financial, or media organizations.
DMCA Takedown
A threat takedown, supported by the Digital Millennium Copyright Act (DMCA), that protects copyrighted digital content, and enabling right holders to request the removal of infringing content from websites and social media platforms.
document management (DM)
The process of electronically capturing, managing, and distributing documents and forms on-premises or in the cloud. Fortra’s Document Management product line helps organizations go paperless with document solutions that automate key business processes.
Domain Takedown
The process of directly collaborating with domain registrars, hosting providers, or legal channels to suspend or deactivate malicious, infringing, or fraudulent websites so they can no longer pose a risk.
domain-based message authentication, reporting, and conformance (DMARC)
An email authentication protocol used to prevent spoofing.
domainkeys identified mail (DKIM)
A technique that uses a domain name to digitally “sign” emails, so recipients are confident in the sender and know the message hasn’t been altered in transit.
dynamic application security testing (DAST)
A procedure that actively investigates running applications with penetration tests to detect possible security vulnerabilities.
email security
Solutions that comprise all the technology and policies designed to protect email content and communications against cyberattacks. Fortra’s Agari, PhishLabs, and Clearswift product lines deliver email security solutions.
email spoofing
When a fraudster forges an email header ‘From’ address to make it appear as if it was sent by someone else, usually a known contact like a high-level executive or trusted outside vendor.
encryption
A method of encoding data to make it unusable or unreadable until it’s decrypted by an authorized party with keys (symmetric or asymmetric) which can read or access the data.
endpoint detection and response (EDR)
An integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
endpoint protection platform (EPP)
A solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.
Executive Impersonation
Threat actors masquerading as executives on social media or through the use of Business Email Compromise (BEC) for the purposes of stealing credentials, damaging popular brands, or causing financial damage.
extended detection & response (XDR)
SaaS capabilities that integrate and simplify security solutions into a holistic approach to protect endpoints, servers, email, and other corporate IT infrastructure.
external penetration testing
Also known as an external network pen test, it is designed to test the effectiveness of perimeter security controls to prevent and detect attacks as well as identifying weaknesses in internet-facing assets such as web, mail and FTP servers.
Fake Mobile App
Impersonation of a legitimate app by threat actors to deliver malware, steal data such as login credentials, and carry out other malicious goals.
Federal Information Security Management Act (FISMA)
Signed into law in 2002, this law requires security guidelines be implemented to help protect and reduce the security risk of sensitive federal data. It requires all federal agencies to protect and support their operations by developing, documenting, and implementing a comprehensive information security plan. All agencies within the U.S. federal government, as well as some state agencies, and any private sector organization in a contractual relationship with the government, are bound by these FISMA compliance regulations.
file integrity monitoring (FIM)
Technology that monitors and detects changes in files that may indicate a cyberattack. Fortra’s Tripwire product line delivers file integrity monitoring solutions.
firewall as a service (FWaaS)
Firewall as a Service
Fortra’s Agari
A Fortra product line that protects the workforce from inbound business email compromise, supply chain fraud, spear phishing, and account takeover-based attacks, reducing business risk and restoring trust to the inbox. Fortra’s Agari is part of the Email Security and Anti-Phishing Suite.
Fortra’s Agari DMARC Protection (DMP)
A Fortra product that automates DMARC email authentication and enforcement to prevent brand abuse and protect customers from costly phishing attacks.
Fortra’s Agari Phishing Defense (APD)
A Fortra product that stops phishing, BEC, and other identity deception attacks that trick employees into harming their business.