Cybersecurity Glossary

A

ASA (Adaptive Security Appliance)

Cisco’s legacy firewall platform that preceded the Firepower Threat Defense (FTD). ASA provides stateful firewall capabilities, VPN services, and basic intrusion prevention. Many organizations are migrating from ASA to FTD for advanced threat detection.

ACL (Access Control List)

A set of rules that filter network traffic by permitting or denying packets based on source/destination IP, port, or protocol. ACLs are fundamental to firewall and router security configurations.

B

BeyondCorp

Google’s implementation of Zero Trust architecture. Instead of relying on a corporate network perimeter, BeyondCorp shifts access controls from the network to individual users and devices, making every access request fully authenticated and authorized.

C

CASB (Cloud Access Security Broker)

A security enforcement point between cloud users and cloud service providers. CASBs provide visibility, compliance, data security, and threat protection for cloud applications like Microsoft 365, Salesforce, and Google Workspace.

CSPM (Cloud Security Posture Management)

Tools and practices that continuously monitor cloud infrastructure for misconfigurations, compliance violations, and security risks across AWS, Azure, GCP, and other cloud platforms.

CVE (Common Vulnerabilities and Exposures)

A standardized system for identifying and cataloging publicly known security vulnerabilities. Each CVE entry includes an ID number, description, and references. Example: CVE-2024-12345.

D

DLP (Data Loss Prevention)

Security tools and strategies that prevent sensitive data from being leaked, stolen, or accidentally shared outside an organization. DLP monitors data in motion, at rest, and in use.

Duo (Cisco Duo)

Cisco’s multi-factor authentication and zero trust access platform. Duo verifies user identity and device health before granting access to applications, supporting push notifications, biometrics, and hardware tokens.

E

EDR (Endpoint Detection and Response)

Security solutions that continuously monitor endpoints (laptops, servers, mobile devices) for suspicious activity, enabling rapid threat detection, investigation, and automated response.

EPP (Endpoint Protection Platform)

Traditional endpoint security that provides anti-malware, device control, and personal firewall capabilities. EPP focuses on prevention, while EDR adds detection and response.

F

FTD (Firepower Threat Defense)

Cisco’s next-generation firewall platform combining traditional firewall capabilities with advanced threat detection, IPS (Snort), URL filtering, and malware protection in a unified image.

FMC (Firewall Management Center)

Cisco’s centralized management platform for Firepower devices. FMC provides policy configuration, event monitoring, reporting, and analysis across all managed firewalls. Available as on-premises or cloud-delivered (cdFMC).

G–H

GBP (Group-Based Policy)

A micro-segmentation approach that assigns security policies based on user or device group membership rather than IP addresses. Cisco TrustSec uses Security Group Tags (SGTs) to implement group-based policy.

I

IDS/IPS (Intrusion Detection/Prevention System)

Network security systems that monitor traffic for malicious activity. IDS detects and alerts; IPS actively blocks threats. Cisco’s Snort engine powers IPS in Firepower devices.

ISE (Identity Services Engine)

Cisco’s network access control platform that provides centralized policy management, device profiling, guest access, and BYOD support. ISE is a cornerstone of zero trust architectures.

L

Lateral Movement

A technique attackers use to move through a network after gaining initial access, hopping between systems to reach high-value targets. Micro-segmentation is a primary defense against lateral movement.

M

MFA (Multi-Factor Authentication)

A security method requiring two or more verification factors to gain access: something you know (password), something you have (phone/token), or something you are (biometrics). MFA is considered a baseline requirement for zero trust.

Micro-Segmentation

A security technique that divides a network into small, isolated segments to limit lateral movement. Unlike traditional VLAN-based segmentation, micro-segmentation can enforce policies at the workload level.

N

NAC (Network Access Control)

Security solutions that enforce policies on devices connecting to a network. NAC checks device health, user identity, and compliance before granting access. Cisco ISE is a leading NAC solution.

P

PIX (Private Internet Exchange)

Cisco’s original firewall platform, discontinued in favor of the ASA and later FTD. The PIX introduced many concepts still used in modern firewalls.

S

SASE (Secure Access Service Edge)

A cloud architecture that converges networking (SD-WAN) and security (SSE) into a single cloud-delivered service. SASE provides secure access to applications regardless of user location.

SGT (Security Group Tag)

A label assigned to network traffic by Cisco TrustSec that enables group-based access control. SGTs allow security policies based on user/device identity rather than IP addresses.

SIEM (Security Information and Event Management)

Platforms that collect, correlate, and analyze security event data from across an organization’s infrastructure. SIEM provides real-time monitoring, alerting, and compliance reporting.

Snort

An open-source intrusion prevention system originally created by Martin Roesch. Snort 3.0 powers Cisco Firepower with multi-threaded architecture, enabling higher throughput and more flexible rule writing.

SSE (Security Service Edge)

The security component of SASE, delivering secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA), and firewall-as-a-service from the cloud. Cisco Secure Access is Cisco’s SSE solution.

SWG (Secure Web Gateway)

A security solution that filters web traffic to protect users from malicious websites, enforce acceptable use policies, and prevent data exfiltration through web channels.

T

Talos (Cisco Talos)

Cisco’s threat intelligence organization — one of the world’s largest commercial threat research groups. Talos analyzes threats, discovers vulnerabilities, and provides intelligence that feeds into all Cisco security products.

TrustSec (Cisco TrustSec)

Cisco’s solution for software-defined segmentation using Security Group Tags (SGTs). TrustSec classifies traffic based on identity and applies group-based policies across the network without requiring IP-based ACLs.

V

VLAN (Virtual Local Area Network)

A logical subdivision of a network at Layer 2 that groups devices regardless of physical location. VLANs were the original approach to network segmentation but lack the granularity of modern micro-segmentation.

X

XDR (Extended Detection and Response)

A security platform that correlates data across endpoints, networks, cloud, and email to detect, investigate, and respond to threats holistically. Cisco XDR integrates with both Cisco and third-party tools for unified threat visibility.

Z

Zero Trust

A security framework based on the principle “never trust, always verify.” Zero Trust assumes no user, device, or network is inherently trustworthy and requires continuous verification for every access request. It’s a philosophy, not a single product.

ZTNA (Zero Trust Network Access)

A security model that provides secure remote access to applications based on identity and context, replacing traditional VPNs. ZTNA grants access per-application rather than providing broad network access.