Cybersecurity terms, in plain language
Security is jargon-heavy. These short, opinionated definitions are written for the people who have to decide what to buy and what to do — not the people selling it.
Business Email Compromise (BEC)
A scam where attackers take over or impersonate a business email account to redirect payments or steal sensitive information.
Read definition →Endpoint Detection and Response (EDR)
Security software on laptops, servers, and workstations that detects and stops attacks attackers run on the device itself.
Read definition →Extended Detection and Response (XDR)
Detection and response across multiple security data sources — endpoints, email, identity, cloud — combined into one platform.
Read definition →Incident Response (IR)
The structured process of containing, investigating, eradicating, and recovering from a security incident — ideally guided by a tested plan.
Read definition →Managed Detection and Response (MDR)
A security service that combines continuous monitoring, threat investigation, and hands-on response into a single managed outcome.
Read definition →Managed Security Services Provider (MSSP)
A company that delivers ongoing security operations — monitoring, detection, response, advisory — as a service.
Read definition →Multi-Factor Authentication (MFA)
A sign-in security control that requires something beyond a password — typically a phone, security key, or app prompt.
Read definition →Phishing
Fraudulent messages — by email, text, or phone — designed to trick someone into giving up credentials, money, or access to your systems.
Read definition →Ransomware
Malicious software that encrypts your data and demands payment for the key — often combined with data theft and extortion.
Read definition →Security Information and Event Management (SIEM)
A platform that collects log data from across your environment and runs detection rules over it to find security events.
Read definition →Security Operations Center (SOC)
The team and tooling that continuously monitor your environment for security threats, investigate them, and respond when something is found.
Read definition →Security Orchestration, Automation, and Response (SOAR)
Tooling that automates repetitive parts of investigation and response — like enriching alerts or isolating endpoints.
Read definition →Vulnerability Management
The ongoing process of finding, prioritizing, and fixing security weaknesses in your systems before attackers exploit them.
Read definition →Zero Trust
A security model that trusts no user or device by default — even inside the corporate network — and verifies every access request continuously.
Read definition →