Below is our helpful glossary to demystify the world of cyber security.

Access Control Mechanism

Security measures designed to detect and deny unauthorised access and permit authorised access to an information system or a physical facility.

Advanced Persistant Threat (APT)

A cyber attack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies. Typically conducted by an adversary with sophisticated levels of expertise and significant resources – frequently associated with nation-state players. These attacks tend to come from multiple entry points and may use several attack vectors (e.g. cyber, physical, deception).


An individual, group, organisation, or government that conducts (or intends to conduct) detrimental activities.

Amazon Web Services (AWS)

Amazon Web Services is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis.


Software that is designed to detect, stop and remove viruses and other kinds of malicious software.


Something of value. This could be a person, structure or facility, information, systems and resources, materials, processes, relationships, or reputation.


An individual, group, organisation, or government that executes an attack. A party acting with malicious intent to compromise an information system

Attack signature

A characteristic or distinctive pattern that can help link one attack to another, identifying possible actors and solutions


The process of verifying the identity or other attributes of an entity (user, process, or device).


Malware which is placed on a system to provide attacker access. The malware is designed to allow attackers to execute commands on the local system.

Blue Team/Red Team/White Team

The defence group in a mock cyber security attack. The Blue Team defends the enterprise’s information systems while the Red Team attacks. These mock attacks typically take place as part of an operational exercise established and monitored by a neutral group, the White Team.


Malware which typically provides similar access to an infected system as a botnet, but instead all infected machines that are connected to the same botnet variant receive the same commands.

Brute force attack

An attack in which computational power is used to automatically enter a vast quantity of number combinations in order to discover passwords and gain access.


Something of value. This could be a person, structure or facility, information, systems and resources, materials, processes, relationships, or reputation.

Cipher Block Chaining (CBC)

In a cipher block chaining process, data is encrypted in specific blocks, and each block is dependent on the blocks before it for decryption. The process uses something called an initialization vector to help tie these blocks of encrypted data together.

Computer Network Defense (CND)

Cybersecurity measures for protecting networks against cyber attacks and intrusion.

Cyber Essentials

A UK Government-backed self-assessment certification that helps you protect against cyber attacks while also demonstrating to others that your organisation is taking measures against cyber crime.

Data Encryption Standard (DES)

Data Loss Prevention (DLP)

A security strategy and related programs to prevent sensitive data from passing a secure boundary.

Data Quality (DQ)

Data quality refers to the state of qualitative or quantitative pieces of information. There are many definitions of data quality, but data is generally considered high quality if it is "fit for [its] intended uses in operations, decision making and planning".

Denial of Service (DOS)

This is a type of cyber attack that prevents the authorised use of information system services or resources, or impairs access, usually by overloading the service with requests.

Distributed Denial of Service (DDOS)

A denial of service technique where multiple systems are used to perform the attack, overwhelming the service.

Domain Controller (DC)

A domain controller is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain.

Domain Named Systems (DNS)

Resolves names to numbers – URL – DNS changes to IP Address – Goes in following stages – URL, DNS Resolver, Root Server Look up, TLD Server Lookup and then provides the IP Address for the address initially served via URL.


A piece of malware solely designed to download and execute a further piece of malware, often to further mask the true malware from detection.

Drive by Download

Unintentional download of malicious software. Usually taken advantage of security flaws such as out of date software etc.

Dynamic Host Configuration Protocol (DHCP)

The Dynamic Host Configuration Protocol is a network management protocol used on Internet Protocol networks, whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on the network, so they can communicate with other IP networks.


A collective term for internet-capable computer devices connected to a network – for example, modern smartphones, laptops and tablets are all endpoints.

Endpoint Detection & Response (EDR)

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a cyber technology that continually monitors and responds to mitigate cyber threats

Enhanced User Monitoring (EUM)

EUM is a monitoring and detection service for the threats posed by high-risk insiders.

Error Correction Code (ECC)

In computing, telecommunication, information theory, and coding theory, an error correction code, sometimes error correcting code, (ECC) is used for controlling errors in data over unreliable or noisy communication channels. The central idea is the sender encodes the message with redundant information in the form of an ECC. The redundancy allows the receiver to detect a limited number of errors that may occur anywhere in the message, and often to correct these errors without retransmission.


Espionage is a motive, where an attacker monitors activities of a target, stealing secret information, which may provide information relating to national security, or highly confidential information. This typically provides an advantage to the attacker, whereby decisions can be made which reflect the knowledge learnt through espionage. Espionage is typically conducted by high-capability attackers, who may be nation-state sponsored, typically seeking information from government, military, political and educational sources.

Extended Detection & Response (XDR)

XDR allows clients to start to automate remedial actions around their key security infrastructure. For example, by applying the XDR service to an endpoint solution we can detect an issue on an endpoint and then use our Orchestration and Collaboration Platform to perform remedial actions, such as isolate the endpoint or block a misbehaving process, all automatically. This approach means that at risk endpoints can be quickly and at any time of day taken off the network before they can cause damage.

File Transfer Protocol (FTP)

The File Transfer Protocol is a standard network protocol used for the transfer of computer files between a client and server on a computer network. FTP is built on a client-server model architecture using separate control and data connections between the client and the server.

General Data Protection Regulations (GDPR)

European legislation designed to prevent the misuse of data by giving individuals greater control over how their personal information is used online.

Governance, Risk Management and Compliance (GRC)

Three aspects of organisational management that aim to ensure the organisation and its people behave ethically, run the organisation effectively, take appropriate measures to mitigate risks and maintain compliance with internal policies and external regulations.


Using a mathematical algorithm to disguise a piece of data.

Honeypot (honeynet)

A decoy system or network that serves to attract potential attackers, protecting actual systems by detecting attacks or deflecting them. A good tool for learning about attack styles. Multiple honeypots form a honeynet.

Identity Access Management (IAM)

Identity access management (IAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. Identity and access management systems not only identify, authenticate, and authorize individuals who will be utilizing IT resources, but also the hardware and applications employees need to access. Identity and access management solutions have become more prevalent and critical in recent years as regulatory compliance requirements have become increasingly more rigorous and complex.

Incident response plan

A predetermined plan of action to be undertaken in the event of a cyber incident.

Indicators of Compromise (IOC)

Indicators of compromise (IOCs) are “pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.” Indicators of compromise aid information security and IT professionals in detecting data breaches, malware infections, or other threat activity. By monitoring for indicators of compromise, organizations can detect attacks and act quickly to prevent breaches from occurring or limit damages by stopping attacks in earlier stages.

Industrial Control System (ICS)

An information system used to control industrial processes or infrastructure assets. Commonly found in manufacturing industries, product handling, production and distribution.

Information Theft

This is where an attacker seeks to acquire sensitive information, such as customer details, intellectual property or business-critical information. This is the primary method where profits can be made, as sensitive information can often be sold to a high price to an interested party, or used directly for profit.


Malware which collects information from an infected machine, sending it back to the attackers. This can include passwords, keystrokes and other sensitive information.

International Domain Names (IDN)

Internationalised Domain Names (IDNs) enable people around the world to use domain names in local languages and scripts. IDNs are formed using characters from different scripts, such as Arabic, Chinese, Cyrillic or Devanagari.

International Organization for Standardization

An independent body that develops voluntary industry standards, including two major information security management standards: ISO 27001 and ISO 27002.

Intrusion Detection System (IDS)

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

ISO 27001

The gold standard in information security management systems (ISMS), demonstrating the highest level of accreditation.

IT Service Management (ITSM)

IT Service Management tools facilitate the tasks and workflows associated with the management and delivery of quality IT services.


A type of software or hardware that tracks keystrokes and keyboard events to monitor user activity.


A malicious program which subsequently loads a further piece of malware on the system, often done using abnormal techniques to increase stealth. Whilst similar to a downloader, a loader does not need to download further payloads from the Internet.


Criminally controlled adverts. Redirects you to Malware injection which infects the system.


Short for malicious software. Any viruses, Trojans, worms, code or content that could adversely impact organisations or individuals.

Man-in-the-middle Attack (MitM)

Cyber criminals interpose themselves between the victim and the website the victim is trying to reach, either to harvest the information being transmitted or alter it. Sometimes abbreviated as MITM, MIM, MiM or MITMA.

Managed Detection & Response (MDR)

Managed Detection and Response is a managed cyber security service that monitors for suspicous our anomolous behaviour on a device or network and provides remediation actions to mitigate these threats. MDR enhances your ability to detect and respond to cyber threats faster and more accurately, thus reducing risk to your business and improving your security posture

Managed Security Service Provider (MSSP)

An managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include security monitoring, threat intelligence, security testing, vulnerability management, intrusion detection and incident response services.


The steps taken to minimise and address cyber security risks.

National Cyber Security Centre (NCSC)

Part of GCHQ. A UK government organisation set up to help protect critical services from cyber attacks.

Network Detection & Response (NDR)

NDR uses network traffic analysis to provide improved network traffic visibility that in turn delivers rapid investigation and threat detection

NIST Cyber Security Standard (NIST)

A framework used in the U.S. to help businesses prepare their defence against cyber crime.

Orchestration & Collaboration Platform (OCP)

The Orchestration & Collaboration Platform is a Talion service offering that ingests the alert data from the customer's SIEM and applies Talion's playbooks to correlate multiple alerts into single security cases. OCP then enriches the security case with contextual information from other sources directly relating to the event, thus allowing the analyst to make faster and better decisions.

Password Attacks

Brute Force Attacks (using computer programme), Dictionary Attacks (a programme that uses dictionary words only), Keylogger Attacks (using a programme to monitor keys entered which will show the users password).


The element of the malware that performs the malicious action – the cyber security equivalent of the explosive charge of a missile. Usually spoken of in terms of the damaging wreaked.

Penetration Testing

A test designed to explore and expose security weaknesses in an information system so that they can be fixed.


Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication. Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.


Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.

Remote Access Trojan (RAT)

RAT, sometimes called creepware, is a type of malware that controls a system through a remote network connection. While desktop sharing and remote administration have many legal uses, "RAT" connotes criminal or malicious activity. A RAT is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software and other anti-virus software.

Rogue Software

Portrays there is a virus on the computer. Prompts users to obtain fake anti virus protection.


Code that is designed to hide its presence or the presence of another application residing on the system, typically using relatively undocumented low-level functions to do so. They often interact with core services on the system, which can give them the ability to manipulate data and evade common anti-virus software.


Sabotage can be another factor, where an attacker’s goal is the destruction, defamation or blackmail of the target. This can be used to attack competition, or damage an organisation’s reputation. The attackers may often be emotionally-linked to the cause, and as such can be considered highly-motivated to achieve their end goals.


A program whose sole purpose is to scare a user into purchasing a service. It typically comes with a user interface which imitates anti-virus software, requesting money to remove malicious code.

Secure Shell (SSH)

SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

Security Information & Event Monitoring (SIEM)

Security Information and Event Management (SIEM) is a software solution that aggregates and analyses activity from many different resources across your entire IT infrastructure. SIEM collects security data from network devices, servers, domain controllers, and more. SIEM stores, normalises, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organisations to investigate any alerts.

Security monitoring

The collection of data from a range of security systems and the correlation and analysis of this information with threat intelligence to identify signs of compromise.

Security Operation Centre (SOC)

A security operations center is a specialised security unit that can we internal to an organisation or outsources. It monitors for security risks and takes actions to mitigate them. It comprises the three building blocks people, processes, and technology for managing and enhancing an organisation's or multiple organistions security postures.

Security policy

A rule or set of rules that govern the acceptable use of an organisation’s information and services to a level of acceptable risk and the means for protecting the organisation’s information assets.

Security Posture

An organization's security posture (or cybersecurity posture) is the collective security status of all software, hardware, services, networks, information, vendors and service providers.

Service Orchestration, Automation & Response (SOAR)

Service Orchestration, Automation & Response refers to technologies that enable organisations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.

Social engineering

Manipulating people into carrying out specific actions or divulging information that is of use to an attacker. Manipulation tactics include lies, psychological tricks, bribes, extortion, impersonation and other type of threats. Social engineering is often used to extract data and gain unauthorised access to information systems, either of single, private users or which belong to organisations.


Malware that infects a system and is subsequently used to send spam. Attackers are then able to sell the service to others, gaining money from others utilising their bots to distribute malware and phishing.

Spear Phishing

Spear phishing is a cyber attacks that aims to extract sensitive data from a victim using a very specific and personalised message designed to look like it’s from a person the recipient knows and/or trusts.

Tactics, Techniques and Procedures

The behavior of an actor. A tactic is the highest-level description of this behavior, while techniques give a more detailed description of behavior in the context of a tactic, and procedures an even lower-level, highly detailed description in the context of a technique.

The Onion Router (TOR)

Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays in order to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace the Internet activity to the user: this includes visits to Web sites, online posts, instant messages, and other communication forms.

Threat Actor

The agent behind the threat: a malicious actor who seeks to change, destroy, steal or disable the information held on computer systems and then exploit the outcome.

Threat Coverage Model or Modelling (TCM)

Talion's Threat Coverage Modelling (TCM) tool has been designed with the MITRE with ATT&CK model at its heart. Using the work from our Tactics, Techniques and Procedures (TTP) group, TCM helps our customers understand their security monitoring coverage in the context of the methods a cyber attacker would use.

Threat Hunting

Threat Hunting is the practice of proactively searching for threats on a network by detecting anomalies in normal user and network behaviour.

Trojan horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorisations of a system entity that invokes the program.

Two-factor authentication (2FA)

The use of two different components to verify a user’s claimed identity. Also known as multi-factor authentication.

User and Entity Behaviour Analytics (UEBA)

User and entity behavior analytics is a type of cyber security process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns

Virtual Private Network (VPN)

A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.


A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.

Vulnerability Management Service (VMS)

Vulnerability Management Service helps customers implement a vulnerability discovery capability without the need for software, hardware, or staff.

Water-holing (watering hole attack)

Setting up a fake website (or compromising a real one) in order to exploit visiting users.


Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives.


Malicious code which is self-replicating, attempting to infect any computer it touches.


Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit.

I'm ready
Request a more in-depth demo.
Discuss your cyber security needs
Fill in the form below and one of our team will be in touch to arrange your demo.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Send us a message

Give us a brief description of what you’re looking for and we’ll put you in touch with the best person.