Reference
Glossary
126 terms · 26 sections
The acronyms and concepts referenced throughout the field guide, defined in plain language and cross-linked to what they relate to.
#
- 3-2-1 Backup Rule
- A backup best practice: keep at least three copies of your data, on two different types of media, with one copy stored offsite. The modern 3-2-1-1-0 variant adds one offline or immutable copy and zero recovery errors — meaning restores are regularly tested and confirmed to work.
- Immutable BackupAir GapRTO / RPORansomware
A
- ACMEAutomatic Certificate Management Environment
- An open protocol (RFC 8555) that automates proving domain control and then requesting, issuing, and renewing TLS certificates between a client and a certificate authority — the mechanism behind Let's Encrypt that replaced manual certificate paperwork with an API call a server can run entirely on its own.
- Certificate AuthorityPKI
- Agent
- A small piece of software installed on a device that collects activity data and can take local action, such as blocking a process or isolating the machine from the network.
- EDRTelemetryEndpoint
- Air Gap
- Keeping a system or backup copy physically or network-isolated from any connected system, so it can't be reached or encrypted by ransomware or other malware spreading through the network.
- Immutable BackupRansomware3-2-1 Backup Rule
B
- BASBreach and Attack Simulation
- Software that continuously and safely runs simulated attack techniques against an environment to measure whether existing defenses actually detect or block them, rather than trusting that a control works just because it's installed.
- PentestCTEM
- BECBusiness Email Compromise
- A scam where an attacker impersonates an executive, vendor, or trusted contact — often via a compromised or look-alike account — to trick an employee into wiring money or sharing sensitive data, typically without any malware or malicious link involved.
- Spear PhishingPhishing
- Blue Team
- The defensive side of a security organization — the analysts and engineers who monitor, detect, and respond to attacks, including those simulated by a red team during an exercise.
- Purple TeamSOC
- Botnet
- A network of compromised devices, controlled remotely by an attacker through command-and-control infrastructure, used collectively to launch DDoS attacks, send spam, or carry out other automated abuse at scale.
- C2DDoS
- BYOK / HYOKBring Your Own Key / Hold Your Own Key
- Two models for who controls the encryption keys protecting data in a cloud service: Bring Your Own Key lets a customer supply keys the provider still has some access to, while Hold Your Own Key keeps keys entirely outside the provider's infrastructure.
- HSMEnvelope Encryption
C
- C2Command and Control
- The infrastructure and channel an attacker uses to remotely control malware already running on a compromised system — issuing commands, exfiltrating data, or pulling down additional tools.
- SandboxLateral MovementBotnet
- CAASMCyber Asset Attack Surface Management
- Aggregates data from existing tools — EDR, cloud, identity, vulnerability scanners — into one queryable inventory of every asset an organization has, closing the gaps that come from no single tool seeing everything.
- Attack SurfaceEASM
- CASBCloud Access Security Broker
- Sits between users and cloud applications to enforce visibility and data-protection policy — discovering unsanctioned app use and controlling what happens to sensitive data inside approved SaaS applications.
- SASESSE
- CIEMCloud Infrastructure Entitlement Management
- Analyzes who and what can actually do inside cloud environments, surfacing excessive or unused permissions across human and machine identities that a role's name alone wouldn't reveal.
- CNAPPLeast Privilege
- CIS Controls
- A prioritized, practical set of safeguards published by the Center for Internet Security, grouped into implementation groups by organizational maturity — often used as a concrete starting checklist alongside a broader framework like NIST CSF.
- NIST CSFGRC
- CMMCCybersecurity Maturity Model Certification
- A U.S. Department of Defense certification program requiring contractors and subcontractors handling defense-related information to prove they meet a tiered set of cybersecurity practices before winning certain contracts.
- FedRAMPNIST CSF
- CNAPPCloud-Native Application Protection Platform
- A category of tools that consolidates cloud posture management, workload protection, and identity risk into one platform, aiming to replace a pile of separate point tools with correlated, prioritized findings.
- CSPMCWPPCIEM
- CSPMCloud Security Posture Management
- Continuously checks cloud account configuration against best-practice benchmarks — an exposed storage bucket, an overly permissive security group — and flags drift before it becomes a breach.
- CNAPPKSPM
- CTEMContinuous Threat Exposure Management
- A program model for continuously scoping, discovering, prioritizing, validating, and mobilizing action against an organization's exposures, treating exposure management as an ongoing cycle rather than a periodic vulnerability scan.
- Attack SurfaceBAS
- CVECommon Vulnerabilities and Exposures
- A public catalog that assigns a unique identifier to a specific, publicly known software or hardware vulnerability, so vendors, researchers, and tools can all refer to the same flaw unambiguously.
- CVSSKEVCWE
- CVSSCommon Vulnerability Scoring System
- An industry-standard formula for scoring how severe a vulnerability is, producing a 0-10 number from factors like how easily it can be exploited and what an attacker gains. The current major version, CVSS 4.0, added metrics for real-world threat activity and automatability that earlier versions lacked.
- CVEEPSS
- CWECommon Weakness Enumeration
- A catalog of general categories of security weaknesses in software design or code — like SQL injection or improper input validation — as distinct from CVE, which tracks specific, individual instances of a vulnerability in a specific product.
- CVEOWASP Top 10
- CWPPCloud Workload Protection Platform
- Security focused on protecting the actual compute workloads running in the cloud — virtual machines, containers, serverless functions — through vulnerability scanning and runtime threat detection, complementing CSPM's focus on account-level configuration.
- CNAPPCSPM
D
- Data Classification
- Labeling data by sensitivity — public, internal, confidential, restricted — so that access controls, encryption, and handling rules can be applied automatically based on what a piece of data actually is.
- DSPMTokenization
- DDoSDistributed Denial-of-Service
- An attack that floods a target with traffic from many sources at once — often a botnet — to overwhelm its capacity and knock it offline for legitimate users.
- BotnetWAF
- Defense in Depth
- A security strategy that layers multiple, different controls — network, endpoint, identity, data — so that if an attacker gets past one, another independent layer still stands between them and the target.
- Zero TrustKill Chain
- Detection Rule
- Logic that turns raw log or telemetry events into a security alert when a specific suspicious pattern is matched.
- SIEMLog
- DevSecOps
- A practice and culture that builds security checks directly into the software delivery pipeline — automated scanning, policy-as-code gates — rather than treating security as a separate review that happens after development is done.
- Shift LeftIaC
- DFIRDigital Forensics and Incident Response
- The specialized work of investigating a suspected or confirmed security breach: reconstructing what happened, how far it spread, and preserving evidence that will hold up later.
- EDRSOCMDR
- DMARC, DKIM & SPF
- Three DNS-based email authentication standards that work together to stop domain spoofing: SPF lists which mail servers may send for a domain, DKIM cryptographically signs outgoing messages, and DMARC tells receiving mail servers what to do when a message fails those checks and reports the results back to the domain owner.
- BECPhishing
- DNS Filtering
- Blocking access to known-malicious or policy-violating domains at the DNS resolution step, before a connection is ever made — a lightweight control that stops a lot of malware and phishing infrastructure with minimal setup.
- WAFC2
- DSPMData Security Posture Management
- Continuously discovers where sensitive data actually lives across cloud and SaaS environments and who can reach it, catching forgotten copies and risky exposure that a data inventory built once, by hand, would miss.
- Data ClassificationCSPM
- Dwell Time
- The length of time an attacker is present inside an environment before being detected — a key metric for measuring how well detection capabilities are actually working, since a longer dwell time generally means more damage done.
- MTTD / MTTRThreat Hunting
E
- EASMExternal Attack Surface Management
- Continuously discovers and monitors an organization's internet-facing assets — including forgotten subdomains and shadow IT nobody remembers standing up — from the outside, the same vantage point an attacker starts from.
- Attack SurfaceCAASM
- EDREndpoint Detection and Response
- Software that continuously records what happens on endpoints (processes, files, network connections) and detects, investigates, and responds to malicious behavior.
- XDREndpointAgentEPP
- Endpoint
- Any laptop, server, or mobile device that runs software and connects to a network — the place where most attacks ultimately execute.
- EDREPPAgent
- Envelope Encryption
- A key-management pattern where data is encrypted with a fast, disposable data key, and that data key is itself encrypted with a more tightly controlled master key, so rotating the master key doesn't require re-encrypting all the underlying data.
- HSM
F
- FedRAMPFederal Risk and Authorization Management Program
- The U.S. government's standardized process for security-assessing and authorizing cloud services for use by federal agencies, letting a cloud vendor get certified once and reused across many agencies instead of being individually vetted by each.
- GRCNIST CSF
- FIDO2 / WebAuthn
- The open standards underlying passkeys and hardware security keys: WebAuthn is the browser API a website uses to request a cryptographic credential, and FIDO2 is the broader standard, including the protocol between the browser and an authenticator, that makes the credential resistant to phishing.
- PasskeyMFA
G
- GDPRGeneral Data Protection Regulation
- The European Union's data protection law, giving individuals rights over their personal data and requiring organizations that process it to meet strict security, consent, and breach-notification obligations, with steep fines for violations.
- HIPAAData Classification
- GRCGovernance, Risk, and Compliance
- The combined discipline of setting policy (governance), identifying and managing what could go wrong (risk), and proving adherence to laws and standards (compliance) — usually the umbrella term for the programs and tools that manage all three together.
- Risk RegisterSOC 2
H
- HIPAAHealth Insurance Portability and Accountability Act
- A U.S. federal law that sets security and privacy requirements for protected health information, binding on healthcare providers, insurers, and the vendors that handle health data on their behalf.
- PCI DSSGDPR
- Honeypot
- A decoy system, account, or file deliberately left exposed to attract attackers, giving defenders early warning of an intrusion and insight into attacker behavior without risking real assets.
- Threat HuntingIOC
- HSMHardware Security Module
- A dedicated, tamper-resistant hardware device that generates, stores, and uses cryptographic keys, so the keys themselves never have to leave secure hardware even when software using them is compromised.
- Envelope EncryptionBYOK / HYOK
I
- IaCInfrastructure as Code
- Defining and provisioning infrastructure — servers, networks, cloud resources — through version-controlled configuration files like Terraform or CloudFormation instead of manual setup, which also means a misconfiguration can be scanned and caught before anything is ever deployed.
- CSPMSBOM
- IAMIdentity and Access Management
- The system that manages who employees are, what they're allowed to access, and how that access is granted and revoked over their time at a company.
- SSOIGAIdP
- IdPIdentity Provider
- The system that actually authenticates a user's identity and issues the token other applications trust, underpinning single sign-on.
- SSOIAMSCIM
- IGAIdentity Governance and Administration
- The discipline of running periodic access reviews, modeling entitlements as roles, and producing audit evidence that an organization's access actually matches who should have it.
- IAMLeast Privilege
- Immutable Backup
- A backup copy stored so it cannot be modified, encrypted, or deleted for a set retention period — even by an administrator account — guaranteeing a clean recovery point survives even if ransomware compromises the backup system itself.
- Air GapRTO / RPO3-2-1 Backup Rule
- Infrastructure Security
- An umbrella term for securing the layers applications run on — networks, servers, containers, and cloud services — as opposed to the application code itself. This map deliberately splits that umbrella by where each control lives: Network & Perimeter (traffic and the perimeter), Cloud Security (cloud infrastructure and container/Kubernetes security), and Security Operations (vulnerability management).
- IaCCSPMMicrosegmentation
- IOAIndicator of Attack
- A signal that describes an attacker's intent and behavior in progress — such as a process trying to dump credentials — rather than a static artifact left behind, letting defenses catch an attack while it's still unfolding instead of only after the fact.
- IOCMITRE ATT&CK
- IOCIndicator of Compromise
- Forensic evidence that a system has already been breached — a malicious file hash, a known-bad IP address, a suspicious registry key — used to detect or confirm past or ongoing compromise.
- IOAC2YARA
- ISO 27001
- An international standard, published by the International Organization for Standardization, for building and certifying a formal information security management system — the standard many enterprise customers outside the U.S. (and increasingly within it) require as proof of a vendor's security program, playing a similar role to SOC 2.
- SOC 2GRC
J
- JIT AccessJust-in-Time Access
- Granting elevated or privileged access only for a limited time window tied to a specific task, then automatically revoking it, instead of leaving standing permissions active around the clock.
- Least PrivilegePrivileged Account
K
- KEVKnown Exploited Vulnerabilities
- A catalog, maintained by the U.S. Cybersecurity and Infrastructure Security Agency, of vulnerabilities confirmed to be actively exploited by attackers — a fast, evidence-based way to prioritize patching over relying on severity scores alone.
- CVECVSSEPSS
- Kill Chain
- A model that breaks an attack into a sequence of stages — reconnaissance, weaponization, delivery, exploitation, and so on through actions on objectives — on the premise that breaking any single link stops the whole attack.
- MITRE ATT&CKLateral Movement
L
- Lateral Movement
- The stage of an attack where, after gaining an initial foothold, an intruder moves from system to system inside a network to reach more valuable targets, often using stolen credentials rather than new exploits.
- C2Privileged AccountKill Chain
- Least Privilege
- The security principle of granting a person or system only the minimum access needed to do a specific task, rather than broad standing permissions.
- Privileged AccountPAM
- Log
- A timestamped record of an event generated by a system, application, or device, used for troubleshooting and security investigation.
- SIEMDetection Rule
M
- Machine Identity
- The credentials — certificates, keys, and tokens — that let non-human actors like servers, services, containers, and API clients prove who they are to each other, as opposed to the usernames and passwords that identify people. Machine identities now vastly outnumber human ones, and each is another certificate that can expire or be forged if it isn't managed.
- PKICertificate AuthorityPrivileged Account
- MDMMobile Device Management
- A system for enrolling, configuring, and remotely locking or wiping phones and tablets used for work, without requiring physical access to the device.
- UEMEndpoint
- MDRManaged Detection and Response
- A subscription service where a vendor's own analysts monitor an organization's security alerts and respond to routine detections, instead of the customer's team doing it alone.
- EDRSOC
- MFAMulti-Factor Authentication
- A login flow that requires a second proof of identity beyond a password, such as a push approval, one-time code, or biometric check, so a stolen password alone isn't enough to log in.
- PasswordlessPasskey
- MFA Fatigue
- An attack where someone who already has a victim's password sends a flood of push-based MFA approval requests, hoping the victim eventually taps 'approve' just to make the notifications stop — also called MFA bombing or push bombing.
- MFAVishing
- Microsegmentation
- Dividing a network into small, isolated zones — down to the level of individual workloads — with tightly controlled traffic rules between them, so a compromise in one segment can't freely spread laterally to the rest of the environment.
- Lateral MovementZero Trust
- MITRE ATT&CKAdversarial Tactics, Techniques, and Common Knowledge
- A free, continuously updated knowledge base, maintained by the MITRE Corporation, that catalogs real-world attacker behavior as a matrix of tactics (the attacker's goal, like lateral movement) and techniques (how it's done), giving defenders a shared vocabulary for describing and detecting threats.
- TTPIOCThreat HuntingPurple Team
- MSSPManaged Security Service Provider
- A vendor that operates security tools and processes — like a SIEM or firewall — on an ongoing basis for a customer, distinct from an MDR provider's narrower focus on 24/7 detection and response for a specific set of telemetry.
- MDRSOC
- MTTD / MTTRMean Time to Detect / Mean Time to Respond
- Two core SOC performance metrics: MTTD measures how long it takes to notice something malicious happened, and MTTR measures how long it then takes to contain and resolve it, together showing whether a security program is getting faster over time.
- Dwell TimeSOC
N
- NDRNetwork Detection and Response
- Detection and response built around monitoring network traffic rather than endpoint or log data, catching attacker behavior like lateral movement and command-and-control that never touches a monitored endpoint.
- EDRXDRC2
- NIST CSFNational Institute of Standards and Technology Cybersecurity Framework
- A widely adopted, voluntary framework that organizes cybersecurity activity into functions — Govern, Identify, Protect, Detect, Respond, Recover — used as a common structure for building or assessing a security program.
- CIS ControlsGRC
O
P
- PAMPrivileged Access Management
- Software that vaults, rotates, and time-limits the credentials for admin, database, and service accounts capable of causing outsized damage, and records what's done with them.
- Least PrivilegePrivileged AccountIAM
- Passkey
- A phishing-resistant, passwordless credential stored on a device that uses cryptography to prove identity to a specific website or app, without ever transmitting a shared secret that could be stolen.
- PasswordlessMFA
- Passwordless
- Authentication that replaces the password entirely, relying instead on a device, security key, or biometric as the primary credential.
- PasskeyMFA
- PCI DSSPayment Card Industry Data Security Standard
- A security standard, set by the major card networks, that any organization storing, processing, or transmitting credit card data must comply with — covering network segmentation, encryption, and access control specifically around cardholder data.
- GRCHIPAA
- PentestPenetration Test
- An authorized, time-boxed engagement where a tester actively attempts to exploit vulnerabilities in a system or network, going beyond a vulnerability scan's list of weaknesses to prove which ones are actually exploitable.
- Red TeamBAS
- Phishing
- A social-engineering attack that tricks someone into clicking a malicious link, entering credentials on a fake page, or running an attached file.
- MFARansomware
- PKIPublic Key Infrastructure
- The combined system of certificate authorities, enrollment processes, and policies that issues, distributes, renews, and revokes digital certificates, binding public keys to verified identities so machines and people can trust one another. It's the plumbing underneath TLS, code signing, and most machine-to-machine authentication.
- Certificate AuthorityMachine IdentityHSM
- Privileged Account
- A login — administrator, database, or service account — capable of far more damage than an ordinary user account if it's stolen or misused.
- PAMLeast Privilege
R
- RaaSRansomware as a Service
- A criminal business model where ransomware developers lease their malware and infrastructure to affiliates who carry out the actual attacks and split the ransom, lowering the technical bar for launching a ransomware attack.
- Ransomware
- Ransomware
- Malware that encrypts a victim's files and demands payment for the decryption key, often spreading to as many systems as possible before it's discovered.
- PhishingEDR
- Red Team
- A group that simulates real-world adversary tactics against an organization's people, processes, and technology to test whether defenses actually hold up, typically operating without the defenders' knowledge until after the exercise.
- Purple TeamPentest
- Risk Register
- A tracked, living list of an organization's identified risks, each with an owner, likelihood and impact rating, and a treatment plan — the central artifact most GRC programs and audits are built around.
- GRCTabletop Exercise
- RTO / RPORecovery Time Objective / Recovery Point Objective
- Two targets that define how much disaster an organization can tolerate: RTO is how long systems can be down before recovery, and RPO is how much data — measured in time — can be lost since the last good backup.
- Immutable BackupTabletop Exercise3-2-1 Backup Rule
S
- SaaSSoftware as a Service
- Software that's hosted and run by the vendor and accessed over the internet, rather than installed and maintained on the customer's own servers.
- SAMLSecurity Assertion Markup Language
- An older, XML-based standard for passing authentication and authorization data between an identity provider and an application, still widely used for enterprise single sign-on alongside the newer OIDC standard.
- SSOIdPOIDC
- Sandbox
- An isolated environment where a suspicious file or link can be opened and observed safely, revealing what it actually does — dropping malware, calling out to a remote server — without risking the real network.
- YARAC2
- SASESecure Access Service Edge
- An architecture that converges networking (like SD-WAN) and security services (like SWG and ZTNA) into one cloud-delivered platform, replacing a stack of separate branch and data-center appliances.
- SSEZTNASWG
- SBOMSoftware Bill of Materials
- A formal, machine-readable inventory of every open-source and third-party component that makes up a piece of software, so an organization can quickly tell whether a newly disclosed vulnerability affects anything it runs.
- VEXSupply Chain AttackCVE
- SCIMSystem for Cross-domain Identity Management
- A standard protocol for automatically creating, updating, and deactivating user accounts across connected applications as an identity system's records change.
- IdPIGA
- Secrets Sprawl
- The accumulation of API keys, passwords, and certificates scattered across source code, config files, chat messages, and CI/CD systems instead of a managed vault, each one a potential credential an attacker could find and reuse.
- HSMTokenization
- Shift Left
- Moving security testing and review earlier in the software development process — into the IDE and pull request instead of a pre-release gate — so flaws are caught and fixed while they're still cheap to change.
- DevSecOps
- SIEMSecurity Information and Event Management
- A central system that collects logs from across an environment, correlates them into alerts using detection rules and behavioral baselining, and lets analysts search historical activity during an investigation.
- SOCLogDetection RuleUEBA
- Smishing
- Phishing carried out over SMS text message, typically impersonating a delivery service, bank, or IT department to get a recipient to click a malicious link or share a code on their phone.
- PhishingVishing
- SOARSecurity Orchestration, Automation and Response
- Software that automates the repetitive steps of responding to a security alert — pulling context from other tools, opening a case, taking containment action — via predefined playbooks, freeing analysts to focus on judgment calls a machine can't make.
- SIEMSOC
- SOCSecurity Operations Center
- The team (in-house or vendor-run) responsible for monitoring security alerts around the clock and responding when something looks like a real incident.
- SIEMMDRThreat Hunting
- SOC 2
- An audit report, defined by the AICPA (the American Institute of CPAs) — SOC stands for System and Organization Controls — that evaluates a service organization's controls around security, availability, and related trust criteria. SOC 2 is the specific report enterprise SaaS customers most often require, as distinct from SOC 1's focus on financial reporting controls.
- GRCISO 27001
- Spear Phishing
- A phishing attack tailored to a specific person or organization using researched details — a colleague's name, a real project, a familiar vendor — to appear far more convincing than a generic mass phishing email.
- PhishingBEC
- SSESecurity Service Edge
- The security-focused subset of SASE — ZTNA, SWG, and CASB delivered from the cloud — without the SD-WAN networking half, for organizations that want converged security without replacing their existing network connectivity.
- SASEZTNACASB
- SSOSingle Sign-On
- A login flow that lets a user authenticate once and gain access to many connected applications, instead of maintaining a separate username and password for each one.
- IAMIdP
- STIX/TAXIIStructured Threat Information eXpression / Trusted Automated eXchange of Indicator Information
- A pair of open standards for describing threat intelligence in a structured, machine-readable format (STIX) and automatically transporting it between sharing partners (TAXII), letting organizations exchange indicators and context without manually reformatting feeds.
- IOCMITRE ATT&CK
- Supply Chain Attack
- An attack that compromises a trusted upstream component — a software dependency, a build pipeline, a vendor's update mechanism — so the malicious code rides along into every downstream organization that uses it.
- TyposquattingSBOM
- SWGSecure Web Gateway
- Inspects and filters outbound web traffic for malware, phishing sites, and policy violations, typically as a cloud-delivered service that a user's traffic routes through before reaching the open internet.
- SASEDNS Filtering
T
- Tabletop Exercise
- A discussion-based walkthrough of a simulated incident, where stakeholders talk through their planned response step by step, used to find gaps in an incident response plan before a real breach forces the issue.
- RTO / RPODFIR
- Telemetry
- The stream of activity data — process starts, file changes, network connections — that an agent continuously records and sends to a central system for analysis.
- AgentSIEMUEBA
- Threat Hunting
- The practice of proactively searching historical activity data for signs of a compromise that never triggered an automatic alert.
- EDRSIEMSOC
- Tokenization
- Replacing a piece of sensitive data, like a credit card number, with a nonsensitive placeholder token that has no exploitable value on its own, while the real value is kept in a separate, tightly controlled vault.
- Data Classification
- TTPTactics, Techniques, and Procedures
- The way security teams describe attacker behavior at three levels of detail — the high-level goal (tactic), the general method (technique), and the specific implementation (procedure) — most commonly organized using the MITRE ATT&CK framework.
- MITRE ATT&CKIOCIOA
- Typosquatting
- Publishing a malicious package or domain with a name deliberately similar to a popular one — a common misspelling or swapped character — hoping a developer or user installs or visits the fake by mistake.
- Supply Chain Attack
U
V
- VEXVulnerability Exploitability eXchange
- A companion standard to SBOM that states whether a known vulnerability in a listed component is actually exploitable in the way the software uses it, cutting down the noise of vulnerabilities that technically exist but can't be triggered.
- SBOMCVE
- Vishing
- Phishing carried out over a phone call, often impersonating IT support, a bank, or an executive to pressure the victim into revealing credentials, approving an MFA prompt, or transferring money.
- PhishingSmishingMFA Fatigue
W
- WAFWeb Application Firewall
- A filter that sits in front of a web application or API, inspecting incoming requests for attack patterns like SQL injection and cross-site scripting and blocking them before they reach the application.
- DDoSOWASP Top 10
X
Y
Z
- Zero Trust
- A security approach that verifies every request based on identity, device, and context, instead of assuming anything is safe just because it's already inside the corporate network.
- IAMLeast Privilege
- Zero-Day
- A vulnerability that's exploited by attackers before the vendor knows about it or has released a fix, leaving defenders with zero days of advance warning to patch.
- CVEKEV
- ZTNAZero Trust Network Access
- Grants access to a specific internal application on a per-request basis, verifying identity and device posture every time, instead of putting a remote user on the corporate network the way a traditional VPN does.
- SASEZero Trust