Table of contents

Entry level

Basic definitions about the cybersecurity to give enough knowledge to understand the terminology

📌 Internet access security

Refers to a range of features that aim to protect a user’s online connection from intrusions. This includes various kinds of encryption and authentication mechanisms safeguarding the confidentiality and integrity of the exchanged traffic.

📌 Network access control

Governs users' and devices' admission to a private network and its resources. It provides a clear overview of every device connected to your network and allows its access management through security policy enforcement. For instance, according to your security policy, only authenticated users may enter the network, denying connections without authorization.

📌 Network management

An application or a set of applications that allow network administration and management. Each individual component can be configured in real-time to improve performance, reliability, and security requirements.

📌 Cloud application access

An private app access implementation in which the user connects to a cloud-hosted app directly instead of being tunneled through the company's internal networks. In essence, it’s a method to outsource application access, increase security and drive its costs down.

📌 Zero trust

A security framework that requires strict identity verification when accessing a network's perimeter. It also requires continuous reauthorization from users that are already inside the network. This approach eliminates implicit trust and is rooted in the “trust none, verify all” principle for cybersecurity risks prevention.

Medium level

More comprehensive definitions about the cybersecurity tool solutions to give enough knowledge to understand the products, the key differences and the technical details

📌 Secure Web Gateway (SWG)

A barrier that prevents unauthorized traffic from entering an organization’s network. It applies and enforces security policies within user-initiated online traffic blocking malware, filtering out harmful URLs, etc.

📌 Cloud Access Security Broker (CASB)

A connection tool that acts as an intermediary between cloud service users and cloud service providers. It enforces security policy enforcement in cloud infrastructure ensuring that the same security policies apply in the cloud as well as on-premise to ensure full organizational compliance.

📌 Business VPN

Protects your company’s network and enables workers to safely access the company’s resources while working remotely. Secures all internet traffic with powerful encryption.

📌 Firewall as a Service (FWaaS)

A cloud-based network traffic barrier that includes advanced threat protection, web filtering, intrusion prevention systems, and DNS security. It blocks any detected threats to protect the company's network security. Compared to traditional hardware firewalls it provides flexible scalability and advanced next-generation firewall capabilities.

📌 Zero Trust Network Access (ZTNA)

Is a set of technologies enabling secure internal apps access for remote users under a Zero Trust framework. Data access is granted only on a case-by-case basis limiting its scope via a trust broker. It builds on the concept “trust none, verify all” concept evaluating entities inside and outside security perimeters.

📌 SASE

A fully cloud-based architecture that offers Wide Area Network capabilities with additions like Secure Web Gateway, Cloud Access Security Broker, Firewall as a service, and/or Zero Trust Network Access. Their combination provides centralized orchestration of security policies preventing threats and reducing cybersecurity risks.

Pro level

The most technical and functional definitions for professionals to give enough knowledge to independently understand, compare and choose the best solutions and features

📌 Network segmentation

A process of dividing a network into smaller sections or subnets. It allows to compartmentalize of sub-networks and uniquely tailors security policies based on the exchanged data sensitivity and other involved risks. Acting as a fail-safe mechanism for cases when a hacker gets inside the network, it limits its access capabilities, mitigating the potential damage.

📌 Endpoint security

The approach to securing endpoints like laptops, desktops, and mobile devices, used to connect to the central network. It uses ongoing monitoring to detect any malicious indicators and allows it to instantly respond to emerging threats. Such security systems can be deployed either on the network or in the cloud.

📌 Multi-layer authentication

Also known as multi-factor authentication, it’s an authentication method when identity is only confirmed after passing two or more verification stages. For instance, after passing a password check the user can be asked to scan a fingerprint or enter a code sent to their phone.

📌 Smart Remote Access

It acts as a virtual LAN facilitating communication between endpoints as if they were encompassed within a single network. This makes it possible to easily share server and system access and enables endpoint-to-endpoint sharing.

📌 Cloud LAN

A LAN virtualization that uses the internet as the main method of the delivery of its services. It brings benefits of on-demand service, broad network access, and resource consolidation allowing to easily share files and secure them from external threats.

📌 DNS filtering

A method to restrict internet access to select websites or their types using the Domain Name System. When enabled, the DNS filter will analyze every DNS query sent by the user to check if it doesn’t violate predetermined policies. If a particular DNS address is blacklisted, the user will instead be shown an error screen.

📌 Site-to-site

One of the VPN routing methods that connect two separate networks. It's a cheaper alternative to private MPLS circuits leveraging the public internet’s infrastructure. This method is most frequently used when connecting branches of corporate networks in different locations.

📌 Deep-packet inspection

A form of network traffic analysis that extracts metadata, code payloads, and other data from exchanged data packets. It provides a full content overview in a monitored network checkpoint allowing sophisticated network policing by blocking malware, and content policy violations.