Most people who are in the process of developing a fundamental understanding of cybersecurity issues and solutions are also being tasked with learning “a new language” of sorts. Like every other field with a litany of terms, cybersecurity has its own universe of acronyms and initialisms.
And yes, they are many and varied in this case. While some are used commonly, others are more obscure. Because of the sheer volume of data involved here, we will endeavor to cover the most often encountered or important cybersecurity acronyms for business today.
Acronyms vs. Initialisms
Before we begin, please note there is a difference between acronyms and initialisms. People tend to refer to any grouping of letters commonly agreed upon to represent a certain phrase as an acronym.
While this works much of the time, there are many instances in which it is incorrect. Such groupings are acronyms only when they are pronounceable as a “word” — like NASA. They are actually initialisms when they cannot — like FCC.
So technically, what follows here is really a list of initialisms rather than acronyms, but who conducts internet searches for initialisms? Who even knew initialisms existed before right now?
(OK, we can proceed now that I’ve got that off my chest. –Ed.)
IDS/IDP – IDPS — One of the primary lines of cyber defense, Intrusion Detection and Protection Systems scan the traffic in your network for known cyberattack signatures (Detection) and stop the delivery of packets they consider threatening (Protection).
NGFW — A Next Generation Firewall combines the attributes of a traditional firewall with IDPS capabilities. In other words, it actively seeks threats even as it stands in defense against them.
EDR — Endpoint Detection and Response refers to technologies designed to hunt and counter functional anomalies in any of the devices connected to your network. An integral aspect of advanced cloud-based SASE (Secure Access Service Edge) solutions, EDR monitors workstations, servers, modems, routers, printers and the like. It’s important to understand EDR should be employed to broaden the functionalities of IDPS and NGFWs rather than replace them.
EPP — Endpoint Protection Platforms are designed to block any perceived threats that may originate from devices such as those listed above. While EDR and EPP do work hand-in-hand, they are two different solutions.
SIEM — The real-time collection of data from events detected by your firewalls, anti-virus software and hardware connected to the network informs Security Information and Management tech. While SIEM and EDR have some commonalities, SIEM’s functions are much broader in scope. In fact, EDR is one of the sources from which SIEM gathers data.
UEBA/UBA — User Entity Behavior Analytics/User Behavior Analytics solutions “keep an eye” on the actions of those who have access to the system, monitoring their activities for conduct deemed to be out of the ordinary. Algorithms and statistical analysis are applied to patterns of observed user behavior to determine when someone might be acting maliciously.
DLP — Data Loss Prevention tools and processes are employed to protect sensitive data from being mishandled. This includes loss, abuse and unauthorized access, from both inside and outside of a system. DLP differs from UBA in that its attention is focused upon the data itself, as opposed to the users of the data.
IAM — Designed to limit access to specific aspects of a network to those who have a clearly defined need to interact with them, Identity and Access Management systems enable “least privilege” or “zero trust” account access.
Comprising firewalls, perimeter and endpoint security — as well as data and user monitoring — these are eight of the most important cybersecurity acronyms for business today. Combined, they encompass the core of contemporary protection technologies. In fact, you may have observed considerable overlap between them; and it’s likely they will only become more intertwined as they evolve.
With that said, there are many more such initialisms and acronyms to consider as you continue your quest to become more proficient at cybersecurity. What are some of the other ones of which you are aware? Please share them in the comments section below.