Tenable exposure management
Glossary
Key cybersecurity terms and definitions
Attackers don't think in silos, and neither should your cybersecurity program. Effective exposure management starts with connecting your fragmented security tools and siloed data across your entire attack surface — IT, cloud, identity, AI, and OT. When your security teams don’t have this unified view, instead of closing critical exposures that actually threaten your business, they get buried under a never-ending list of vulnerabilities and security alerts.
Tenable's Exposure Management Glossary can help you better understand key exposure management terms, from vulnerability management and cloud security to identity security, AI security, OT security, and more, so your teams can apply these core concepts for unified attack surface visibility and to take coordinated action against critical cyber risk.
To take a deeper dive into these exposure management terms, check out the Tenable Cybersecurity Guide.
Center for Internet Security (CIS)
The Center for Internet Security (CIS) is a nonprofit responsible for CIS Controls and CIS Benchmarks. The organization is known around the world for the leading role it plays in establishing best practices to help organizations secure data and IT systems.
C
CIS Benchmarks
CIS Benchmarks are best practices to help organizations secure a target system. There are 100 CIS Benchmarks that span more than 25 vent families. According to the Center for Internet Security, these benchmarks "are the only consensus-based, best-practice security configuration guides both developed and accepted by the government, business, industry, and academia."
C
CIS Critical Security Controls
CIS Critical Security Controls are best practice actions organizations can take for cyber defense and to prevent cyber attacks. The controls are considered high-priority and effective. Organizations looking to implement or mature cyber hygiene practices can use CIS Security Controls as a starting point for a cybersecurity program.
C
Cloud
Instead of operating on-premises like traditional IT, in technology, the cloud refers to services and software offered through the web. This is generally through a network of servers, many operating simultaneously around the world.
C
Cloud Access Security Broker (CASB)
A cloud access security broker (CASB) consists of hardware and/or software that serves as a link between the cloud services provider and its users. A CASB can either be cloud-hosted or on-premises and generally serves as a security policy enforcement point.
C
Cloud Application
A cloud application is software users can access in the cloud via the internet. Unlike a traditional application that might be installed directly on a computer from a disc or other hardware, a cloud application is managed by a server and not a user's computer.
C
Cloud Application Virtualization
Cloud application virtualization enables users to access a cloud application on computers other than the one an application is installed on. Generally, these applications are set up on servers and a user can access it through a remote connection.
C
Cloud Application Visibility
A cloud application vulnerability is a vulnerability within a cloud environment in which an attacker may be able to exploit a misconfiguration or other security issue to gain unauthorized access to an asset.
C
Cloud Architecture
Cloud architecture represents all of the elements that make up your cloud computing environment. Cloud architecture may look different from one organization to the next. It generally consists of a front-end component, for example, the device to access the cloud; a back-end element, for example, storage and servers; a cloud-based delivery model, for example, infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS); and a network.
C
Cloud Attack Surface
A cloud attack surface represents all of the components within and connected to a cloud environment in which an attacker could discover a security weakness and exploit it to gain unauthorized access to the environment.
C
Cloud Computing
Cloud computing consists of all of the components required to deliver cloud-based services through the web. This could include software and networks, but also hardware, storage, and more. Many organizations are moving from on-premises technologies because of the cost savings, flexibility, and scalability cloud computing offers.
C
Cloud Control Plane
A cloud control plane facilitates orchestration and management activities across a cloud computing environment, for example, items such as user and role creation, configuration guidelines, and access management.
C
Cloud Cost Containment
Cloud cost containment, which is also known as cloud cost management or cloud cost management, is a process to efficiently manage and optimize cloud computing-related expenses.
C
Cloud Detection and Response (CDR)
Cloud Detection and Response, or CDR, is a runtime-focused security capability that ingests telemetry from cloud control planes. Learn more >
C
Cloud Enablement
Cloud enablement is a process that looks at an organization's existing IT infrastructure (for example, hardware, software, and other assets), and develops a plan to create, deploy and manage either a cloud infrastructure, which could be a public, private or hybrid environment.
C
Cloud Firewall as a Service (FWaaS)
A cloud firewall filters unauthorized network traffic hosted within a cloud. It serves as a perimeter for a cloud environment. Cloud Firewall as a Service (FWaaS) is a service that operates within a cloud environment to create a barrier between your cloud resources and malicious activities.
C
Cloud Infrastructure
Cloud infrastructure represents all of the components needed to operate a cloud computing environment, for example, hardware, storage, and other resources.
C
Cloud Infrastructure Entitlements Management (CIEM)
Cloud Infrastructure Entitlements Management (CIEM) are solutions to help organizations manage access privileges for cloud environments. Also known as Cloud Permissions Management (CPM), these solutions embrace a least-privilege access approach to manage permissions related to cloud resource access.
C
Cloud Migration
Cloud migration represents the planning, development, and implementation of moving an organization's resources from a traditional IT environment, for example, hosted by on-site servers, into a cloud-computing environment. Cloud migration generally involves the movement of all or some of an organization's data, as well as other applications or services, to a cloud environment, for example, Microsoft Azure, Google Cloud Services, or Amazon Web Services.
C
Cloud Native
Cloud native is a term used to define applications built and run within the cloud. These applications are generally lightweight containers and enable the efficient deployment, as well as flexibility and scalability, across a range of environments.
C
Cloud Security
Cloud security is made up of processes, tools, resources, and policies to protect all of your data and resources stored off-premises and in the cloud. It continually assesses all of the assets within your cloud environments so you can discover and remediate vulnerabilities, misconfigurations, and other security issues to keep your organization safe.
C
Cloud Security Gateway
Cloud security gateways are also sometimes referred to as cloud access security brokers (CASB). A cloud security gateway represents the enforcement points an organization places between a cloud services environment and its consumers to enforce security policy at various points. These gateways can be either cloud-hosted or on-premises.
C
Cloud Security Posture Management (CSPM)
Cloud security posture management (CSPM) represents the tools and resources an organization may use to seek out cloud-based issues such as misconfigurations or other compliance or security risks. CSPMs generally alert security teams when they identify security or compliance issues within a cloud environment.
C
Cloud Security Tools
Cloud security tools consist of the policies, processes, procedures, technologies, and other resources an organization uses to reduce cloud security risks and identify security weaknesses.
C
Cloud Service Provider (CSP)
A cloud service provider (CSP) provides cloud-based services, for example, cloud-computing infrastructure, applications, storage, and other services. Some well-known CSPs include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
C
Cloud Vulnerability
A cloud vulnerability is a security weakness, for example, a misconfiguration or other security issue, that an attacker may be able to exploit to gain access to your cloud-based environment.
C
Cloud Workload Protection Program (CWPP)
A cloud workload protection program (CWPP) is a program that helps secure and manages workloads within and across cloud environments. CWPP approaches cloud security from a workload level, not at a typical endpoint perspective.
C
Cloud Workload Segmentation
Cloud workload segmentation is a process that creates rules to govern and manage access and services between different cloud workloads.
C
Cloud-Based Delivery Model
A cloud-based delivery model represents the way cloud computing services are delivered. Determining which model is best for an organization depends on a range of unique factors; however, there are three common cloud-based delivery models, IaaS, PaaS or SaaS.
C
Cloud-Native Application Protection Platform (CNAAP)
A cloud-native application protection platform (CNAAP) is a type of cloud security architecture that helps protect cloud applications from development through production. There are several benefits of adopting a CNAAP; for example, more visibility into cloud-based environments and earlier detection of cloud-based risks.
C
Common Weakness Enumeration (CWE)
A Common Weakness Enumeration (CWE) is a unified language used to address software vulnerabilities that might exist in development, code, design, or within architecture. The MITRE Corporation manages the CWE database and each CWE reflects a security weakness type. It's different from a CVE, which is a known instance of a specific vulnerability.
C
Compliance
In terms of privacy and security, compliance refers to an organization's ability to demonstrate it meets a set of specific requirements or standards that are managed or overseen by a third party. For example, healthcare organizations must demonstrate data security and privacy requirements through HIPAA audits.
C
Compliance as a Service (CaaS)
Compliance as a Service (CaaS) is often overseen by a managed service provider (MSP), which supports organizations by ensuring they're meeting requirements for specific compliance mandates.
C
Compliance Framework
A compliance framework outlines specific requirements or guidelines an organization must meet to demonstrate it's in compliance with a specific set of mandates or other requirements. There is a range of compliance frameworks available today that cover a gamut of the industry, state, federal and other requirements, for example, privacy frameworks, security frameworks, risk management frameworks, and others.
C
Computer Security
Computer security may also be referred to as information security or cybersecurity. Computer security encompasses all of the processes, tools, and resources used to protect computer systems, for example, your network or other environments, from potential breaches or other security issues.
C
Configuration
In information security, configuration refers to how systems, for example, hardware, software, or applications, are set up and managed.
C
Configuration Control
Configuration control refers to the processes used to manage any changes made to hardware or software within a computing environment.
C
Configuration Management
Configuration management establishes processes that ensure approved, consistent approaches are used when changes are made to a computing environment's functionality and performance.
C
Container
A container is a type of virtualized operating system. It packages an application and all of its needed components, for example, its libraries, as a run-time environment.
C
Container Environment
A container environment ensures containers have access to important resources, for example, information about the container and other objects, as well as the filesystem that includes the container image and its related volumes.
C
Container Image
A container image is a file of executable code that enables an application to run. It cannot be changed and helps ensure consistent deployment across any environment type.
C
Container Image Tag
A container image tag is a specific release or version of an application hosted inside of a container (for example, 14.04).
C
Container Registry
A container registry is a storage location for container images. Container registries enable developers and continuous integration (CI) systems to store pushed containers.
C
Container Security
Container security encompasses all the people, tools, and resources an organization uses to secure containers to ensure applications perform as intended.
C
Content Delivery Network (CDN)
A content delivery network (CDN) is a group of servers, which are generally in different geographical locations, that work together to deliver web content. It helps make content delivery faster by storing the content in areas closer to users.
C
Continuous Deployment
Continuous deployment is a development practice where operations (or DevOps) automatically push successfully tested builds to production environments. Continuous deployment makes this test builds immediately available.
C
Continuous Deployment (CD) System
A continuous deployment system enables monitoring for successful builds that have passed tests, which can then move into production environments. Essentially, a CD system automates successful build deployment.
C
Continuous Integration
Continuous integration is a process that enables developers to integrate code into a shared source control repository, routinely, as authorized changes occur.
C
Continuous Integration (CI) System
A continuous integration system monitors source control commits, such as merged pull requests in GitHub, to automatically trigger a build (to test) when there is a change in source control.
C
Continuous Integration and Continuous Deployment (CI/CD) System
Continuous integration and continuous deployment system monitor source control commit, such as merged pull requests in GitHub, to automatically trigger a build (to test) when there is a change in source control. When the build and test phase is successfully completed, the successful builds are pushed to production environments. This automates the deployment of a successful build.
C
Continuous Network Monitoring
Continuous network monitoring, for example with Nessus Network Monitor, enables non-intrusive insight into assets throughout all environments to discover vulnerabilities, traffic and bandwidth issues, misconfigurations, and other security issues.
C
Credential Stealing
Credential stealing is a type of cyber-attack where a threat actor obtains a user's identity, for example, username and password, to attempt unauthorized access into a system or network.
C
Credential Stuffing
In credential stuffing, an attacker will use automated tools to inject lists of stolen credentials, for example, username and password, to attempt unauthorized access into a system or network.
C
Credentialed Scan
A credentialed scan, also known as an authenticated scan, uses system privileges to conduct a deep evaluation of an asset. It's different from a non-credentialed (or unauthenticated) scan, which provides a higher-level look at vulnerabilities and other issues through exposed ports, protocols, and other services.
C
Cross-Site Request Forgery (CSRF)
OWASP defines cross-site request forgery as an attack that "forces an end user to execute unwanted actions on a web application in which they’re currently authenticated."
C
Cross-Site Scripting (XSS)
Inserting malicious code on websites to target visitors.
C
CVE
CVE is an abbreviation for Common Vulnerabilities and Exposures, which is managed by the MITRE organization. It's a database of common, publicly disclosed computer flaws and security issues such as vulnerabilities.
C
CVSS Score
A CVSS score stands for the Common Vulnerability Scoring System. It enables organizations to evaluate security vulnerabilities and numerically score them to determine which may pose the greatest risk for an organization and ultimately drive prioritization and remediation processes.
C
Cyber Attack
A cyber attack, also known as a cyber breach, happens when an unauthorized user, often referred to as a hacker, attempts to gain unauthorized access to an asset, system, or network. While motivations vary from attack to attack, often common goals include disabling access, damaging, exfiltrating, encrypting data, or facilitating other attacks.
C
Cyber Defense
Cyber defense is a strategy organizations use to prevent cyber attacks.
C
Cyber Exposure
Pioneered by Tenable, Cyber Exposure is a discipline that helps organizations see, predict and act on cyber risks across the entire attack surface. Built on principles of risk-based vulnerability management, Cyber Exposure management best practices introduce a common risk-focused and metric-based language that everyone understands—from security and IT Ops to executive leadership and key stakeholders.
C
Cyber Exposure Gap
A Cyber Exposure gap represents the vulnerabilities, misconfigurations, and other security issues an organization should find, prioritize and mitigate or remediate to mature its cybersecurity posture.
C
Cyber Exposure Lifecycle
The Cyber Exposure lifecycle is a framework organization can use to continuously assess the health and security of their cybersecurity program. Organizations that apply the Cyber Exposure lifecycle to their cybersecurity program should be better enabled to answer questions such as: where is the organization exposed? Where should the organization prioritize based on risk? Is the organization reducing exposure over time? How does the organization compare to its peers?
C
Cyber Exposure Score (CES)
Tenable’s Cyber Exposure Score (CES) is an objective measure of cyber risk, automatically calculated based on threats discovered vulnerabilities pose, the probability attackers may leverage the vulnerability, the criticality of the affected asset, and the predicted impact if the attack is successful.
C
Cyber Hygiene
Cyber hygiene is a term used to define all of the processes and practices an organization takes to establish, manage, improve and maintain security standards to protect assets, users and data.
C
Cyber Risk
Cyber risk is a term used for any potential damages an organization may face should it be compromised by a cyber attack. NIST defines cyber risk as "the risk of depending on cyber resources (i.e., the risk of depending on a system or system elements that exist in or intermittently have a presence in cyberspace)." NIST says that risk may include, "risk of financial loss, operational disruption, or damage, from the failure of the digital technologies employed for informational and/or operational functions introduced to a manufacturing system via electronic means from the unauthorized access, use, disclosure, disruption, modification, or destruction of the manufacturing system."
C
Cyber Risk Management
Cyber risk management includes all of the practices an organization uses to discover, analyze, protect, respond to and recover from any potential cybersecurity vulnerabilities or threats.
C
Cyber Threats
Cyber threats are weaknesses an organization may have that an attacker could potentially exploit to gain unauthorized access to systems or data. As enterprises evolve, so does the cyber threat landscape, which can include vulnerabilities, misconfigurations, or other security issues created by assets, users, or other network and system components.
C
CyberScope
CyberScope is a platform an organization can use to manage reporting related to the Federal Information Security Management Act (FISMA). The United States Depart of Homeland Security (DHS) mandates CyberScope for this reporting.
C
Cybersecurity
Cybersecurity represents all of the practices and processes an organization uses to secure all of its assets and data from a potential cyber attack. CISA defines cybersecurity as, "the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information."
C
Cybersecurity Lifecycle
There are five stages of a cybersecurity lifecycle based on NIST's Cybersecurity Framework: Identify, Protect, Detect, Respond and Recover. An organization can use the voluntary framework as a guideline to establish cybersecurity best practices.
C
Cybersecurity Risk
Cybersecurity risk represents vulnerabilities and other security issues an organization may have that could potentially result in unauthorized access to any of its systems, networks, or data.
C
Tenable One
Request a demo
The world’s leading AI-powered exposure management platform.
Thank You
Thank you for your interest in Tenable One.
A representative will be in touch soon.
Form ID: 7469
Form Name: one-eval
Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments
Form Wrapper ID: one-eval-form-wrapper
Confirmation Class: one-eval-confirmform-modal
Simulate Success