Glossary
Easy definitions for hard cyber topics.
A
Access Control
Limits access to resources based on identity and permissions.
Access control ensures only authorized users can access specific data or systems. It involves authentication and authorization, and is often enforced through RBAC and least privilege. If you want to see how NBUSA approaches real-world security coverage (not just IAM theory), start with the Cybersecurity Solutions overview.
Antivirus
Software that detects, blocks, and removes malicious software.
Antivirus is one layer of endpoint defense, but modern protection also includes web and email malware filtering. Network Box USA reduces malware exposure by scanning email and attachments with MCES, and blocking malicious web traffic and downloads through UTM+ and SWG+ (which includes web browsing protection modules).
Application Firewall
Controls and filters traffic to web applications.
Application firewalls block threats like SQL injection and cross-site scripting by inspecting HTTP/S requests and enforcing rules at the application layer. Network Box USA offers this through its managed WAF+ service, which is designed specifically to protect public-facing web apps.
Authentication
Verifies a user's or system's identity.
Authentication can involve passwords, biometrics, and tokens. Strong authentication typically includes multi-factor authentication (MFA). For practical configuration guidance, NBUSA maintains setup documentation in its User Library (including MFA-related guides).
Authorization
Determines what actions are allowed after authentication.
Once identity is confirmed, authorization defines what a user or system is permitted to do. RBAC simplifies management by grouping permissions by role, and least privilege limits impact if an account is compromised. In practice, authorization decisions show up as enforceable policies across security controls like gateways and monitoring; NBUSA’s SWG+ page is a good example of policy enforcement in the real world.
B
Backdoor
A hidden method of bypassing authentication to gain access to a system.
Backdoors allow attackers to silently enter systems and persist over time. They can be planted by malware, exploited via misconfiguration, or left behind after a compromise. Detecting backdoor activity often depends on layered monitoring and investigation; NBUSA’s NBX (managed detection and response) is designed to help identify suspicious behavior and contain threats quickly.
Baseline
A standard for measuring normal system or user behavior.
Baselines help detect anomalies in traffic, performance, and access patterns. For example, an unusual login time, new destination, or abnormal data transfer can stand out against a baseline. This kind of analysis is commonly supported by SIEM-style correlation; see NBUSA’s SIEM page for how centralized logging supports better detection.
Black Hat
A hacker with malicious intent.
Black hats exploit systems for profit, disruption, or access. Understanding their tactics helps defenders prioritize hardening and detection. If you want to see how offensive testing is used to strengthen defenses, NBUSA’s Pen Testing service explains how controlled testing finds weaknesses before attackers do.
Blocklist
A list used to block known malicious IPs, domains, URLs, or files.
Blocklists are commonly powered by threat intelligence and updated continuously as new indicators are discovered. They are most effective when enforced at multiple layers, like firewall and web controls. NBUSA enforces blocklists through gateway security services such as UTM+ and SWG+.
Botnet
A group of compromised devices remotely controlled by an attacker.
Botnets can launch DDoS attacks, send spam, or distribute malware. Stopping botnets involves blocking command-and-control traffic, reducing exposure, and monitoring for unusual outbound behavior. Network-level controls in UTM+ and web controls in SWG+ help reduce exposure to known malicious infrastructure.
Brute Force Attack
An attack using repeated trial-and-error to guess credentials.
Brute force attacks exploit weak passwords and exposed login services. Countermeasures include MFA, rate limiting, account lockouts, and bot defenses. For practical security configuration guidance, NBUSA maintains documentation in its User Library.
Bypass
A technique used to circumvent security controls.
Attackers use bypass techniques to avoid detection, defeat filters, or sidestep policy enforcement. Good defenses rely on multiple overlapping controls so a single bypass does not defeat everything. NBUSA’s NBX combines detection and response workflows with broad telemetry to reduce the chance that a bypass goes unnoticed.
BYOD (Bring Your Own Device)
A policy allowing personal devices to access corporate systems.
BYOD improves mobility but introduces risk, since device hygiene and patching are less controlled. Organizations commonly reduce BYOD risk by limiting access to specific apps, enforcing MFA, and using strong web filtering policies for managed access paths. NBUSA’s SWG+ is often used to enforce safer browsing and reduce web-delivered threats across user devices.
Behavioral Analytics
Detects threats by analyzing deviations from normal behavior.
Behavioral analytics can help detect insider threats, compromised accounts, or malware that does not match known signatures. It is most effective when combined with centralized logging and investigation workflows. NBUSA’s NBX and SIEM offerings are relevant starting points for understanding how signals are collected and correlated.
Browser Isolation
Separates browser activity from the local system to reduce risk.
By executing browsing sessions in a container or remote environment, browser isolation can neutralize web-based threats before they reach endpoints. Even without full isolation, strong web security policies can reduce risk dramatically; see SWG+ for NBUSA’s approach to securing web access.
Business Continuity
Keeping business operations running during disruptions.
Business continuity focuses on maintaining essential services during incidents like ransomware, outages, or infrastructure failures. It typically involves backups, redundancy, and tested recovery processes. If you want a higher-level view of how NBUSA approaches resilience and protection across layers, the Cybersecurity Solutions overview is a good starting point.
BCP (Business Continuity Plan)
A formal plan to recover business functions after a disruption.
A strong BCP outlines critical systems, contact chains, recovery methods, and service targets. Regular testing is essential to ensure readiness, especially against ransomware and operational outages.
Biometrics
Uses physical traits to authenticate users.
Common biometrics include fingerprints and facial recognition. Biometrics are often used as part of multi-factor authentication alongside something you know (password) or something you have (token).
Blue Team
Cybersecurity defenders responsible for monitoring and protecting infrastructure.
Blue teams monitor systems for intrusions, investigate alerts, and respond to incidents. Network Box can function as an external blue team through ongoing monitoring and response, and also supports validating defenses via Pen Testing, which helps harden the environment against real attacker methods.
Binary
Machine-executable file composed of 1s and 0s.
Binaries are commonly used to package legitimate software, but they can also deliver malware. Security controls often scan attachments and downloads for malicious content. NBUSA reduces risk from malicious files through layered filtering such as MCES (email and attachment scanning) and web download controls via SWG+.
C
Command and Control (C2)
The communication channel used by malware to receive commands.
C2 servers allow attackers to control compromised systems remotely. Detecting and blocking C2 traffic is critical in stopping advanced persistent threats and botnet operations.
CASB (Cloud Access Security Broker)
A security solution that governs access to cloud services.
CASBs enforce security policies between users and cloud-based applications, providing visibility, data loss prevention, threat protection, and compliance support. They are essential for securing SaaS and IaaS usage in modern enterprises.
CapEx (Capital Expenditure)
Funds spent to acquire or improve long-term assets like infrastructure.
In cybersecurity, CapEx refers to investments in physical security appliances, servers, or licenses. Many companies are shifting from CapEx to OpEx models via managed services like those provided by Network Box NBX.
CCPA (California Consumer Privacy Act)
A privacy law granting California residents rights over their personal data.
CCPA enforces transparency on how businesses collect, use, and share personal data. It includes the right to access, delete, and opt out of the sale of personal information. Organizations must implement data governance practices to comply.
CDN (Content Delivery Network)
A network of servers that deliver content based on user location.
CDNs reduce latency and improve website load times by caching content on edge servers. While CDNs enhance performance, they must be secured to prevent abuse by attackers or content hijacking.
Certificate Pinning
Locks a client to trusted certificates to prevent fraud.
It helps avoid man-in-the-middle attacks by ensuring a known certificate is used for HTTPS. Pinning must be updated when certs change to avoid service failures.
CISSP (Certified Information Systems Security Professional)
A globally recognized certification for cybersecurity professionals.
CISSP validates expertise in areas like risk management, network security, and access control. It's often held by senior cybersecurity professionals responsible for designing and managing enterprise security programs.
CIS Controls
A prioritized set of cybersecurity best practices.
Developed by the Center for Internet Security, the CIS Controls provide a roadmap for improving an organization’s security posture. They include steps like inventory control, secure configurations, and continuous vulnerability management.
Cloud
A computing model delivering resources over the internet.
Cloud services offer scalability, flexibility, and cost efficiency. Network Box USA integrates cloud security controls into its managed security services to protect assets hosted on platforms like AWS and Microsoft Azure.
Cloud Security
Practices and tools to protect cloud-based infrastructure and data.
Cloud security includes identity and access management, encryption, threat detection, and compliance monitoring. Network Box offers visibility and protection for hybrid and multi-cloud environments.
Clusters
Groups of servers or systems working together as a unit.
In cybersecurity and IT infrastructure, clusters provide high availability, load balancing, and resilience. They are common in data centers and cloud computing setups to ensure redundancy and scalability.
Correlation
Combining data from multiple sources to detect patterns or threats.
Correlation is a key function in SIEM systems. By analyzing events across logs, endpoints, and network traffic, correlated alerts reduce false positives and improve detection accuracy. Network Box's SOC uses correlation to identify advanced threats early.
Containerization
A method of packaging software in isolated, lightweight environments.
Containers help ensure consistency and scalability in deployment. They must be secured against risks like escape vulnerabilities and supply chain attacks. Tools such as image scanning and runtime protection are vital in securing containerized environments.
CMMC (Cybersecurity Maturity Model Certification)
A U.S. Department of Defense framework for assessing contractor cybersecurity.
CMMC requires defense contractors to demonstrate maturity across multiple security domains, from access control to incident response. Achieving compliance ensures eligibility for government contracts involving controlled unclassified information (CUI).
Credential Stuffing
A type of attack using leaked usernames and passwords across multiple sites.
Attackers use automation to test stolen login credentials on other services. MFA, rate limiting, and credential monitoring are key defenses. Network Box helps identify brute-force patterns and login anomalies linked to credential stuffing.
Cryptojacking
Unauthorized use of computing resources to mine cryptocurrency.
Cryptojacking slows systems and raises electricity costs. It often enters through malicious websites or infected software. Network Box detects unusual resource usage and flags unauthorized mining behavior as part of its endpoint monitoring suite.
CSRF (Cross-Site Request Forgery)
A web attack that tricks users into executing unwanted actions.
CSRF exploits the trust a site has in a user's browser. WAFs and token-based verification (e.g., CSRF tokens) are effective protections against it.
Cyber Hygiene
Routine practices that help maintain security health.
Examples include patching, secure password practices, user education, and endpoint scanning. Network Box promotes hygiene through its layered security stack.
D
Data Breach
Unauthorized access to sensitive data, often followed by exposure or theft.
Breaches can result from phishing, stolen credentials, vulnerable internet-facing systems, or insider misuse. Reducing breach risk usually requires prevention and fast detection. NBUSA’s UTM+ and SWG+ help block common intrusion paths, while NBX and SIEM improve visibility so incidents are detected and contained earlier.
Data Exfiltration
Covert transfer of data out of an environment by an unauthorized party.
Exfiltration often happens after an attacker has established access and is trying to move data to external infrastructure. Defenses include restricting outbound paths, monitoring for unusual destinations or data volume, and correlating events across systems. Centralized monitoring through SIEM and investigation workflows supported by NBX help surface suspicious outbound behavior before large losses occur.
DLP (Data Loss Prevention)
Controls that detect and prevent sensitive data from leaving in unauthorized ways.
DLP monitors for policy violations across email, endpoints, and web traffic, and can block or quarantine risky transfers. Email is a major data leakage channel, so it often starts with email controls like MCES, plus web controls like SWG+ to reduce risky uploads and downloads.
DDoS (Distributed Denial of Service)
An attack that floods a service with traffic to disrupt availability.
DDoS attacks can overwhelm bandwidth, network devices, or application layers. Mitigation can include rate limiting, geo restrictions, traffic shaping, and strong perimeter controls. NBUSA customers commonly use UTM+ for network-level controls, and WAF+ for web application layer protections where bots and malicious requests are part of the attack.
Decryption
Converting encrypted data back into readable form using authorized keys.
Decryption is used for legitimate access to protected data, but security teams may also decrypt certain network traffic to inspect it for threats (often called TLS inspection). When web traffic is a major risk path, enforcing safer browsing policies with SWG+ can reduce exposure even when content is encrypted end-to-end.
Defense in Depth
A layered security strategy where multiple controls back each other up.
Defense in depth reduces single points of failure by combining controls across email, web, perimeter, and monitoring. NBUSA’s service model is designed around layered coverage; the Cybersecurity Solutions overview is a good starting point, with practical layers like UTM+, SWG+, WAF+, and detection and response via NBX.
DMZ (Demilitarized Zone)
A network segment that isolates public-facing services from internal systems.
DMZs commonly host systems that must be reachable from the internet, like web apps and mail gateways. Strong segmentation and strict firewall rules reduce the chance that a compromise of a public system leads to internal access. Perimeter policy enforcement is typically implemented with firewall controls such as UTM+.
DNS (Domain Name System)
Translates domain names into IP addresses so systems can connect to services.
DNS is frequently abused for phishing, malware delivery, and command-and-control lookups. Monitoring DNS patterns and blocking known-bad destinations are common defenses. NBUSA’s gateway security services, including UTM+ and SWG+, are commonly used to enforce safer outbound policies and block malicious destinations.
Drive-by Download
Malware that installs when a user visits a compromised or malicious site.
Drive-by downloads often exploit browser or plugin weaknesses and can occur without obvious user intent. Strong web filtering, blocking known-bad sites, and reducing risky downloads helps prevent these events. NBUSA’s SWG+ focuses on reducing web-delivered threats, and WAF+ helps protect your own public web apps from being used as an infection point.
E
EPP (Endpoint Protection Platform)
Software designed to detect and block threats on endpoint devices.
EPP typically includes antivirus, anti-malware, and basic behavioral protections for laptops, servers, and workstations. In practice, endpoint protection is most effective when paired with continuous monitoring and response; NBUSA integrates endpoint telemetry into its managed detection workflows via NBX.
Email Security Gateway
Filters and protects email traffic from phishing, spam, and malware.
Email remains one of the most common initial access vectors for attackers. Network Box USA provides managed email protection through MCES (Managed Cloud Email Security), which scans inbound and outbound mail, blocks phishing and malicious attachments, and applies policy controls informed by threat intelligence.
Elastic Scaling
Automatically adjusts computing resources to match demand.
Elastic scaling allows cloud environments to add or remove capacity as traffic changes, improving resilience and cost control. From a security perspective, scalable controls such as web filtering and monitoring must expand alongside workloads; NBUSA’s cloud-delivered services described in Cybersecurity Solutions are designed to scale without additional hardware.
EDR (Endpoint Detection and Response)
Monitors endpoint behavior to detect threats and support response.
EDR tools collect detailed endpoint telemetry to identify suspicious activity and enable containment actions such as isolation or process termination. Endpoint signals are most valuable when correlated with network and cloud data; NBUSA brings these signals together through its NBX managed detection and response platform.
Endpoint
Any device that connects to and interacts with a network.
Endpoints include laptops, desktops, mobile devices, and servers. Because endpoints are frequent entry points for attacks, they are typically protected with layered controls such as EPP, EDR, and web filtering. NBUSA reduces endpoint exposure by blocking malicious web destinations through SWG+ and monitoring endpoint activity via NBX.
Encryption
Protects data by converting it into unreadable form without a key.
Encryption safeguards data in transit and at rest, helping meet confidentiality and compliance requirements. While encrypted traffic improves privacy, it can also hide threats, which is why many organizations combine encryption with strong web and email controls such as SWG+ and MCES to reduce exposure to malicious content.
Escalation of Privilege
A technique where attackers gain higher access rights than intended.
Privilege escalation can allow attackers to move laterally or take full control of systems. Defenses include least privilege, patching, and monitoring for abnormal behavior. Detecting these patterns often relies on endpoint and log correlation, which is supported by NBX and SIEM.
Ethical Hacking
Authorized security testing performed to identify weaknesses.
Ethical hackers simulate real attacker techniques to uncover vulnerabilities before they are exploited. This work is commonly delivered through penetration testing engagements; NBUSA’s Pen Testing service explains how controlled offensive testing strengthens defensive security.
Exploit
Code or technique used to take advantage of a vulnerability.
Exploits can lead to unauthorized access, privilege escalation, or data theft. Reducing exploit risk involves patching, limiting exposure, and detecting abnormal behavior. NBUSA combines threat intelligence, gateway controls like UTM+, and monitoring through NBX to help reduce exploit impact.
F
Failover
Automatic switching to a standby system when a failure occurs.
Failover mechanisms ensure continuous availability by redirecting traffic or operations to backup systems during outages or hardware failures. High availability designs often combine redundancy and monitoring so failures are detected and handled quickly. NBUSA supports resilient architectures through its managed platform and availability-focused designs described in Cybersecurity Solutions.
FedRAMP (Federal Risk and Authorization Management Program)
A U.S. government program for standardizing cloud security authorization.
FedRAMP defines a baseline of security controls for cloud services used by federal agencies, covering areas such as access control, encryption, logging, and incident response. Continuous monitoring and audit-ready logging are core requirements, commonly supported through centralized visibility platforms like SIEM.
FFIEC (Federal Financial Institutions Examination Council)
A U.S. regulatory body that issues cybersecurity guidance for financial institutions.
FFIEC guidance influences how banks and credit unions manage cybersecurity risk, vendor oversight, and incident response readiness. Meeting these expectations often involves strong logging, monitoring, and documented controls; managed visibility through SIEM helps support examinations and audits.
Fileless Malware
Malware that operates in memory without writing files to disk.
Fileless malware abuses legitimate tools and processes, making it harder for signature-based defenses to detect. Behavioral monitoring and rapid investigation are key defenses; endpoint telemetry and response workflows integrated through NBX help surface suspicious in-memory activity.
Firewall
A system that filters network traffic based on defined security rules.
Firewalls control inbound and outbound connections to reduce exposure and enforce policy. Modern firewalls often include application awareness, intrusion prevention, and threat intelligence. Network Box USA delivers managed firewall and NGFW capabilities through UTM+, with complementary web controls available via SWG+.
FISMA (Federal Information Security Management Act)
A U.S. law requiring federal agencies to implement formal security programs.
FISMA mandates risk management practices including system inventories, security controls, incident response, and continuous monitoring. These requirements align closely with NIST guidance and often rely on centralized logging and monitoring platforms such as SIEM to demonstrate ongoing compliance.
G
GDPR (General Data Protection Regulation)
An EU regulation governing personal data protection and privacy.
GDPR sets strict requirements around lawful processing, consent, breach notification, and individual rights for EU residents. Organizations subject to GDPR must demonstrate strong access controls, monitoring, and incident response. Centralized visibility and audit-ready logging through SIEM help support compliance and breach investigations.
GLBA (Gramm-Leach-Bliley Act)
A U.S. law requiring financial institutions to protect consumer data.
GLBA mandates safeguards for nonpublic personal information, including administrative, technical, and physical controls. Financial institutions commonly rely on continuous monitoring and documented controls to meet GLBA expectations; managed logging and monitoring via SIEM support audits and examinations.
GRC (Governance, Risk, and Compliance)
A framework for managing risk, policy, and regulatory compliance.
GRC programs align business objectives with security controls and compliance requirements. They typically include risk assessments, policy management, evidence collection, and ongoing monitoring. Operational data feeding into SIEM and incident visibility from NBX provide the technical foundation that GRC processes depend on.
H
HA (High Availability)
Designs systems to remain operational despite failures.
High availability reduces downtime by using redundancy, failover, and continuous monitoring. In security environments, HA ensures that protective controls remain active even during hardware or service disruptions. NBUSA designs its platform and managed services with resilience in mind, as outlined in the Cybersecurity Solutions overview.
HIPAA (Health Insurance Portability and Accountability Act)
A U.S. law protecting the privacy and security of health information.
HIPAA requires covered entities and business associates to implement administrative, physical, and technical safeguards for Protected Health Information (PHI). Ongoing monitoring, access controls, and audit-ready logs are essential for compliance. Centralized visibility through SIEM supports investigation and reporting requirements.
Honeypot
A decoy system used to attract and study attackers.
Honeypots are intentionally exposed resources designed to observe attacker techniques, tools, and behavior without risking production systems. Insights gathered from honeypots often feed threat intelligence and detection strategies, which can then be operationalized through monitoring and investigation workflows such as those supported by NBX.
Hybrid Environment
An architecture combining on-premises and cloud infrastructure.
Hybrid environments allow organizations to balance control, compliance, and scalability, but they also increase visibility and policy challenges. Consistent monitoring and enforcement across environments is critical; NBUSA secures hybrid architectures through unified detection and logging described in its Cybersecurity Solutions approach.
I
IDS (Intrusion Detection System)
Detects suspicious activity and alerts on potential intrusions.
An IDS monitors network traffic or host activity for signs of malicious behavior. Unlike an IPS, it typically generates alerts rather than blocking traffic. IDS alerts are most useful when correlated with other signals; this is commonly done through centralized logging and analysis platforms like SIEM.
Incident Response
The process of detecting, containing, and recovering from security incidents.
Incident response includes preparation, identification, containment, eradication, recovery, and lessons learned. Network Box USA provides 24x7 monitoring, triage, and response guidance through its managed detection services; the NBX platform explains how ongoing detection and response is operationalized.
Insider Threat
Risk from trusted users misusing access intentionally or accidentally.
Insider threats include data theft, privilege misuse, and accidental exposure caused by poor hygiene or misconfiguration. Detecting insider activity often relies on behavioral analysis and log correlation across systems, which are supported through platforms like SIEM and investigation workflows in NBX.
IPS (Intrusion Prevention System)
Actively blocks or stops detected malicious activity.
An IPS inspects traffic in-line and can drop packets, reset connections, or enforce rules to prevent exploitation. IPS capabilities are commonly integrated into modern firewall platforms; Network Box USA delivers these protections through its managed UTM+ service.
ISO
International standards often used for security management and audits.
In cybersecurity, ISO commonly refers to ISO/IEC 27001 and related standards for information security management systems. ISO-aligned programs emphasize documented controls, continuous improvement, and audit evidence, which are supported by centralized monitoring and logging through SIEM.
IT (Information Technology)
The systems and teams that run business computing and networks.
IT encompasses endpoints, servers, networks, identity systems, and applications. Effective security programs work closely with IT to patch systems, enforce policy, and respond to incidents. NBUSA’s Cybersecurity Solutions overview shows how security controls integrate with day-to-day IT operations.
L
Lateral Movement
Attackers moving from one system to others inside a network.
After gaining initial access, attackers often pivot between systems to reach sensitive assets or elevate privileges. Limiting lateral movement relies on segmentation, least privilege, and detecting abnormal internal activity. Visibility across endpoints and network traffic through NBX and correlated event analysis in SIEM helps surface lateral movement earlier.
Load Balancing
Distributes traffic across systems to improve reliability and performance.
Load balancing spreads requests across multiple servers to prevent overload and support high availability. From a security perspective, it also helps absorb traffic spikes and availability attacks. When web applications sit behind load balancers, protections such as WAF+ are commonly layered in to filter malicious requests before they reach backend systems.
M
Malware
Malicious software designed to disrupt, spy, steal, or gain control.
Malware includes viruses, trojans, ransomware, spyware, and more. Defense usually layers email filtering, safer web browsing, endpoint visibility, patching, and continuous monitoring so threats are blocked early and contained fast. NBUSA reduces common malware entry paths with MCES (email and attachments) and SWG+ (malicious websites and downloads), and improves detection and response with NBX and SIEM.
MDR (Managed Detection and Response)
Outsourced 24x7 detection, triage, and response for security events.
MDR combines security telemetry with a SOC team that investigates alerts, validates threats, and helps contain incidents. It is designed to shorten time-to-detect and time-to-respond without building a full in-house SOC. NBUSA’s NBX page explains how MDR and related capabilities are delivered as a managed platform, and this webinar provides additional context on how SIEM, SOC, and MDR work together.
MITM (Man-in-the-Middle)
An attack where a third party intercepts or alters communications.
MITM attacks can occur on insecure Wi-Fi, through compromised routers, or via certificate abuse. Strong TLS, certificate validation, and safer outbound access policies reduce MITM risk. Organizations often reduce exposure by enforcing controlled web access and blocking risky destinations using a secure web gateway such as SWG+, and by enforcing perimeter policy and VPN controls through UTM+.
MRR (Monthly Recurring Revenue)
Monthly subscription revenue used to measure predictable business income.
In managed services and SaaS, MRR tracks recurring customer payments and helps forecast growth. For MSPs, strong security offerings can increase retention and recurring revenue; NBUSA’s Partner Program page describes a reseller model designed to support ongoing recurring security revenue without forcing MSPs to build a full internal SOC.
MSP (Managed Service Provider)
A provider that manages IT systems for clients on an ongoing basis.
MSPs commonly deliver helpdesk, device management, backups, and network administration. Many MSPs partner with an MSSP for dedicated cybersecurity monitoring and incident response coverage. NBUSA’s Partner Program is designed for MSPs who want to offer a broader cybersecurity stack while offloading 24x7 monitoring and response.
MSSP (Managed Security Service Provider)
A provider that delivers ongoing security monitoring and managed defenses.
MSSPs handle security operations such as monitoring, threat detection, alert triage, and response guidance. Network Box USA operates as an MSSP using a unified platform approach for managed services across multiple security layers. If you want the shortest overview of how NBUSA packages managed detection and response under one platform, start with NBX and the Cybersecurity Solutions overview.
N
NDA (Non-Disclosure Agreement)
A contract restricting the sharing of confidential information.
NDAs are common in security assessments, penetration testing, and incident response engagements to ensure sensitive technical details, vulnerabilities, and client data are not disclosed. Formal security services such as Pen Testing typically operate under strict confidentiality agreements.
Network Segmentation
Separates a network into zones to limit access and reduce blast radius.
Segmentation prevents attackers from moving freely between systems after initial access. It is commonly implemented using VLANs, firewall rules, and access controls that isolate critical assets. Enforcing segmentation at the perimeter and between zones is often done using firewall platforms such as UTM+.
NGFW (Next-Generation Firewall)
A firewall with application awareness, deep inspection, and advanced threat controls.
NGFWs extend traditional firewalls by inspecting application traffic, enforcing user-based policies, and integrating IPS and threat intelligence. Network Box USA delivers NGFW capabilities as part of its managed firewall service through UTM+.
NIST
U.S. standards and guidance widely used for cybersecurity controls.
NIST publications, including the Cybersecurity Framework and SP 800 series, help organizations structure risk management, control selection, and continuous monitoring. Many compliance programs rely on centralized logging and monitoring to meet NIST-aligned requirements, commonly supported through SIEM.
NYDFS
New York cybersecurity regulations for certain financial institutions.
NYDFS regulations require covered entities to maintain a cybersecurity program, conduct risk assessments, monitor systems, and report incidents. Meeting these requirements typically depends on strong logging, documented controls, and continuous visibility through platforms such as SIEM.
O
On-Prem (On-Premises)
Systems hosted in an organization’s own facilities instead of the cloud.
On-prem environments are often used for latency, control, or regulatory reasons. Many organizations operate hybrid architectures that span on-prem and cloud systems, which increases the need for consistent visibility and policy enforcement across environments. NBUSA addresses this through unified monitoring and control described in its Cybersecurity Solutions overview.
OpEx (Operational Expenditure)
Ongoing costs to operate services, typically subscription-based.
In cybersecurity, OpEx models usually involve managed services rather than large up-front hardware purchases. This approach improves cost predictability and shifts operational burden to the provider. NBUSA’s managed platform, described on the NBX page, is designed to support OpEx-based security delivery.
P
Patch Management
The process of applying updates to fix vulnerabilities and bugs.
Patching closes known security gaps that attackers frequently exploit. A solid program includes asset inventory, prioritization (especially internet-facing systems), testing, deployment, and verification. To see practical configuration and administration guidance that supports secure operations, NBUSA maintains documentation in its User Library.
PCI DSS
A security standard for organizations that handle payment card data.
PCI DSS requires controls such as network segmentation, strong access management, logging, vulnerability management, and regular testing. Centralized logging and alert correlation through SIEM can support audit evidence and investigations, while perimeter enforcement via UTM+ helps apply segmentation and traffic controls.
Pen Testing (Penetration Testing)
Authorized testing that attempts to exploit vulnerabilities to measure risk.
Pen testing simulates real attacker techniques to validate control effectiveness and uncover weaknesses. Results should lead to actionable remediation and retesting to confirm fixes. NBUSA’s Pen Testing page explains how engagements are structured and what deliverables teams typically use for remediation.
Perimeter
The boundary between internal systems and external networks.
Traditional perimeter security focuses on controlling inbound and outbound traffic using firewalls, proxies, and gateways. Many organizations still enforce critical boundary controls, especially for internet-facing systems, using managed firewall services like UTM+, web traffic controls like SWG+, and application-layer protections like WAF+.
Phishing
Social engineering attacks that trick users into revealing data or executing actions.
Phishing commonly targets credentials, MFA approvals, and payment workflows through email, SMS, and voice calls. Email filtering and attachment scanning reduces the number of phishing attempts that reach users, which is a primary goal of MCES. Organizations also reduce successful phishing by hardening access controls and maintaining clear configuration guidance, such as the practical setup resources in the User Library.
Privilege Escalation
Gaining higher access rights than intended.
Attackers may escalate privileges through misconfigurations, credential theft, or exploits to gain administrative control. Least privilege, patching, and monitoring for abnormal admin activity reduce risk. Investigation and correlation across endpoint and log data through NBX and SIEM can help surface escalation attempts earlier.
Proxy Server
An intermediary that forwards traffic and can enforce security policies.
Proxies can filter content, log requests, and enforce outbound access rules. Secure Web Gateways often use proxy-style enforcement to control browsing and block malicious destinations. NBUSA delivers managed web access control through SWG+.
Phishing Simulation Training
Controlled phishing tests to measure and improve user awareness.
Simulated phishing campaigns help organizations identify risky behaviors and improve recognition of social engineering attempts. While training improves user behavior, it is strongest when paired with technical controls that reduce exposure, such as MCES for email filtering and SWG+ for safer browsing policies.
R
Ransomware
Malware that encrypts or locks systems to extort payment.
Ransomware commonly enters through phishing, exposed remote services, and unpatched vulnerabilities. Reducing risk requires layered controls that block delivery, limit spread, and enable rapid detection and containment. NBUSA customers typically reduce ransomware exposure with MCES for phishing prevention, SWG+ for malicious sites and downloads, perimeter controls via UTM+, and faster detection and response through NBX and SIEM.
Redundancy
Duplicate systems or paths used to reduce single points of failure.
Redundancy improves availability by ensuring services continue during hardware, software, or network failures. It is a core design principle behind high availability architectures and resilient security platforms. NBUSA emphasizes resilient service design as part of its managed approach described in the Cybersecurity Solutions overview.
REPDB
A reputation database used to block known-bad domains, IPs, or URLs.
Reputation databases aggregate threat intelligence and historical telemetry to score indicators and prevent access to malicious infrastructure. These reputation checks are commonly enforced at gateway layers such as UTM+ and SWG+ to stop threats before connections are established.
RDP (Remote Desktop Protocol)
A Windows protocol for remote interactive access to systems.
Exposed RDP is a common initial access vector for attackers and is frequently abused in ransomware campaigns. Best practices include removing direct internet exposure, enforcing MFA, limiting access paths, and monitoring for brute-force activity. Perimeter access controls such as UTM+ and detection workflows through NBX help reduce RDP-related risk.
Rootkit
Malware designed to hide itself and maintain privileged access.
Rootkits modify system components to evade detection and persist across reboots. Detecting them typically relies on behavioral monitoring, integrity checks, and rapid isolation for investigation. Endpoint telemetry and response workflows provided through NBX support identifying suspicious low-level activity.
RPO (Recovery Point Objective)
The maximum acceptable amount of data loss measured in time.
RPO defines how much data an organization can afford to lose after an incident, such as restoring from the last backup taken 15 minutes ago. Backup frequency, replication, and journaling all influence achievable RPOs. Planning for RPO is a key part of broader resilience and continuity strategies discussed in Cybersecurity Solutions.
RTO (Recovery Time Objective)
The maximum acceptable time to restore a system after disruption.
RTO focuses on how quickly services must be restored following incidents like outages or ransomware. Improving RTO typically involves redundancy, failover design, tested recovery procedures, and clear incident response workflows. NBUSA addresses operational resilience as part of its managed security and architecture approach outlined in the Cybersecurity Solutions overview.
S
SASE (Secure Access Service Edge)
Cloud-delivered networking and security controls for users and sites.
SASE commonly combines capabilities like secure web gateway controls, identity-aware access, and centralized policy enforcement for remote and distributed environments. In practice, organizations start with strong web access control and monitoring so remote users have the same protections off-network as they do on-network. NBUSA’s SWG+ page is a practical starting point for securing user web traffic, and NBX explains how detection and response workflows stay consistent across environments.
SAT (Security Awareness Training)
Training that improves employee security behavior and threat recognition.
SAT helps reduce risk from phishing, social engineering, and unsafe handling of data. Training works best when paired with technical controls that reduce exposure, such as email filtering and safer browsing policies. NBUSA reduces the volume of phishing that reaches users through MCES, and reduces web-delivered threats through SWG+.
SIEM (Security Information and Event Management)
Centralizes logs and correlates events to detect threats.
SIEM platforms ingest logs from endpoints, servers, firewalls, and cloud services to correlate signals and generate prioritized alerts. SIEM is most valuable when it is paired with a team that can triage and respond to alerts quickly. NBUSA’s SIEM page explains the platform role, and NBX provides the broader managed detection and response context.
SLA (Service Level Agreement)
A contract defining service performance commitments and responsibilities.
SLAs often define uptime targets, response times, support hours, and escalation paths. In security services, SLAs may include monitoring coverage and incident response timelines. If you are evaluating managed service expectations and what ongoing support looks like, NBUSA’s Partner Program page provides a view into how services are delivered to MSPs and their customers.
SOAR (Security Orchestration, Automation, and Response)
Automates security workflows to speed up investigation and response.
SOAR tools orchestrate actions across systems such as ticketing, endpoint tools, firewall policy, and email controls using playbooks. This reduces manual work and standardizes response for common incidents. Automated response is strongest when driven by high quality detection and correlated signals, which is why many programs start with centralized event analysis in SIEM and investigation workflows through NBX.
SOX (Sarbanes-Oxley Act)
A U.S. law requiring certain controls and reporting for public companies.
SOX compliance often drives strong access controls, logging, change management, and audit evidence for systems that impact financial reporting. Centralized logging and alerting through SIEM helps support audit trails and investigations when changes or access events need to be explained.
SQL Injection
A web attack that injects SQL commands through vulnerable inputs.
SQL injection can expose or alter databases and is often prevented by parameterized queries, input validation, and least-privilege database accounts. Application-layer request filtering can add another defensive layer for internet-facing sites; NBUSA delivers managed web application protection through WAF+.
Supply Chain Attack
Compromising vendors, software, or dependencies to reach targets indirectly.
Supply chain attacks may involve poisoned updates, compromised build systems, or vendor access abuse. Defense includes vendor risk management, code signing validation, asset inventory, and monitoring for unusual update behavior. Detecting supply-chain-driven incidents often depends on correlation across systems, which is supported by SIEM, with investigation and response workflows provided through NBX.
SWG (Secure Web Gateway)
Filters and controls web traffic to block malicious or unwanted content.
SWGs enforce acceptable use policies, block malicious URLs, and can scan downloads to reduce web-delivered malware risk. They also help reduce exposure to phishing sites and risky destinations that users might access through browsers. NBUSA delivers managed secure web gateway capabilities through SWG+.
T
Threat Intelligence
Information about adversaries, tactics, and indicators used to improve defense.
Threat intelligence includes indicators of compromise, attacker infrastructure, and observed tactics and techniques. It helps security teams update blocklists, tune detections, and prioritize defensive actions faster. At NBUSA, threat intelligence is operationalized through gateway enforcement such as UTM+ and SWG+, and through detection and correlation workflows in SIEM and NBX.
TPR (Third-Party Risk)
Risk introduced by vendors and external partners with access or data handling.
Third-party risk programs evaluate vendor security posture, contractual controls, access scope, and ongoing monitoring. This is especially important when vendors process sensitive data, connect to internal systems, or supply critical software. Visibility into access activity and incidents involving third parties is commonly supported through centralized logging and monitoring in SIEM, with investigation and response workflows handled through NBX.
U
UTM (Unified Threat Management)
A platform that combines multiple security functions into one system.
UTM typically includes firewalling, IPS, web filtering, antivirus, and sometimes VPN and application controls. Network Box USA provides managed UTM through UTM+ to reduce tool sprawl while improving coverage.
V
Vulnerability
A weakness that can be exploited to compromise systems or data.
Vulnerabilities can exist in software, configuration, identity systems, or operational processes. Managing vulnerabilities requires discovery, prioritization, patching or mitigation, and verification. Detection and prioritization are often driven by correlated telemetry and alerts, which are supported through centralized monitoring in SIEM and investigation workflows in NBX.
VPN (Virtual Private Network)
Encrypted connectivity that extends a private network over the internet.
VPNs are commonly used for remote access and site-to-site connectivity, but they often provide broad network access once connected. Many organizations reduce exposure by tightly controlling VPN entry points with perimeter security and monitoring. Network Box USA enforces VPN access and perimeter policy through managed firewall services such as UTM+, and complements this with detection and response visibility via NBX.
W
WAF (Web Application Firewall)
Protects web applications by filtering malicious HTTP/S requests.
WAFs help block common web attacks like SQL injection and XSS and can enforce rate limits and bot protections. Network Box provides managed WAF through WAF+.
X
XDR (Extended Detection and Response)
Unifies detection and response across endpoint, network, and cloud data.
XDR correlates signals from multiple security layers to improve detection quality and reduce response time. Instead of isolated alerts, related activity is investigated as a single incident. NBUSA delivers XDR-style capabilities through its NBX managed detection and response platform, with centralized event analysis supported by SIEM.
XSS (Cross-Site Scripting)
A web attack that injects malicious scripts into trusted pages.
XSS can be used to steal session tokens, manipulate page content, or perform actions as a victim user. Defenses include secure coding practices such as output encoding and Content Security Policy, along with application-layer request filtering. NBUSA provides managed application-layer protection through WAF+ to help block common XSS attack patterns.
Z
Zero Day Exploit
An exploit targeting a vulnerability before a patch or public fix exists.
Zero-day exploits are especially dangerous because defenders may not have signatures or patches available. Mitigation relies on layered controls, behavioral detection, and rapid investigation and containment. Detecting abnormal behavior and correlating signals across systems is commonly handled through NBX and centralized analysis in SIEM.
Zero Trust Architecture
A security model that continuously verifies identity, device, and context.
Zero trust removes implicit trust based on network location and instead enforces least privilege, strong authentication, and continuous verification. In practice, zero trust principles are applied through layered controls such as web access enforcement, identity-aware policy, and continuous monitoring. NBUSA’s Cybersecurity Solutions overview shows how these principles map to real operational controls.
Z-Scan
A high-speed internet scanning approach used to map exposed services.
Internet-scale scanning is commonly used for research and security validation to identify exposed ports, weak configurations, or vulnerable services. Organizations reduce risk by minimizing exposure, enforcing perimeter controls, and monitoring attack surface changes. Visibility into exposed services and unusual inbound activity is commonly supported through gateway controls like UTM+ and detection workflows in NBX.
ZTNA (Zero Trust Network Access)
Application-level access that replaces broad VPN-style network access.
ZTNA grants users access to specific applications based on identity, device health, and policy rather than placing them directly on the network. This reduces lateral movement risk and limits blast radius for compromised accounts. ZTNA concepts often complement perimeter controls such as UTM+ and continuous monitoring and response through NBX.
