Glossary · 34 entries
Every term we use, explained.
A working glossary of the cybersecurity terms and acronyms used across this site. Useful for procurement teams who need to translate the security team's vocabulary into business language, and for anyone new to managed XDR.
- XDRExtended Detection & Response
- A security operating model that correlates signals across endpoint, network, identity, cloud, SaaS and email instead of monitoring each in isolation. XDR catches lateral movement and identity-pivot attacks that single-domain tools miss.
- mXDRManaged Extended Detection & Response
- XDR delivered as a managed service: Vijilan operates the SOC, the platform and the response playbooks. The customer keeps the policy authority; we keep the watch.
- MDRManaged Detection & Response
- Predecessor to managed XDR. Typically endpoint-focused. Vijilan does not call its own services MDR because the model is multi-domain by design; we use Managed XDR or mXDR.
- EDREndpoint Detection & Response
- Software agents that monitor and respond on individual hosts. CrowdStrike Falcon, SentinelOne, Microsoft Defender, Cortex XDR and Carbon Black are common EDRs. Vijilan ThreatRespond works on top of any EDR.
- SIEMSecurity Information & Event Management
- A central platform for ingesting, correlating and querying security events from across the environment. Modern SIEMs (CrowdStrike LogScale, Falcon Next-Gen SIEM) are index-free and scale sub-linearly with data volume.
- SOCSecurity Operations Center
- The team and tooling that monitor, investigate and respond to security events around the clock. Vijilan operates a single global 24/7 SOC out of Hallandale Beach, Florida, SOC 2 Type 2 and ISO 27001 certified.
- SOARSecurity Orchestration, Automation & Response
- Tools that automate repeatable response playbooks: isolate host, disable account, block IP. CrowdStrike Falcon Fusion SOAR is built into Falcon Next-Gen SIEM natively.
- ITDRIdentity Threat Detection & Response
- Behavioral monitoring of Active Directory, Entra ID, Okta and federated identity providers. Catches credential abuse, BEC, impossible travel, OAuth abuse and Golden Ticket attacks.
- PAMPrivileged Access Management
- Just-in-time elevation for admin accounts. Eliminates standing privilege so attackers who steal credentials cannot turn that theft into full admin access.
- NDRNetwork Detection & Response
- Behavioral monitoring of network traffic via passive sensors. Catches lateral movement, C2 channels and unmanaged device behavior that endpoint tools cannot see.
- CSPMCloud Security Posture Management
- Continuous monitoring of cloud configuration drift across AWS, Azure and GCP. Detects misconfigurations, over-permissioned roles and policy violations before they become exposure.
- CWPPCloud Workload Protection Platform
- Runtime protection for cloud compute, containers and serverless functions.
- CIEMCloud Infrastructure Entitlement Management
- Discovers and right-sizes the cloud roles and permissions assigned to identities. The most over-permissioned identity is usually the one that gets compromised.
- SSPMSaaS Security Posture Management
- Configuration drift monitoring across SaaS apps (M365, Google Workspace, Salesforce, Slack, GitHub). Detects misconfigurations, OAuth abuse and shadow SaaS.
- MTDMobile Threat Defense
- On-device and network-level threat detection for iOS and Android. Catches jailbreak / root status, sideloaded malicious apps, phishing links and risky Wi-Fi.
- AIDRAI Detection & Response
- Monitoring of AI workloads and agents: prompt injection detection, rogue-agent behavior, AI-credential abuse and shadow AI discovery.
- BECBusiness Email Compromise
- Targeted phishing or account takeover used to redirect wire transfers, intercept invoices, or impersonate executives. BEC is the #1 wire-fraud vector; the FBI tracks it at $2.7B+ annual losses.
- VECVendor Email Compromise
- BEC variant where the attacker compromises a third-party vendor's inbox and uses it to attack the vendor's customers, leveraging existing trust between organizations.
- LOTLLiving-Off-The-Land
- Attack technique that abuses legitimate built-in tools (PowerShell, WMI, certutil, curl) to avoid dropping detectable malware. Catching LOTL requires behavioral detection; signature-based AV misses it.
- APTAdvanced Persistent Threat
- A sophisticated, typically state-aligned threat actor that prioritizes long-term access over immediate impact. Examples: IRGC-affiliated MuddyWater, APT33, APT34 and Charming Kitten. See Operation Lion Surge.
- IOCIndicator of Compromise
- A specific artifact (file hash, IP, domain, registry key) that signals the presence of a known threat. IOCs are useful but reactive; Vijilan SOC complements them with behavioral detection.
- TTPTactics, Techniques & Procedures
- The behavioral fingerprint of a threat actor. More durable than IOCs because adversaries reuse TTPs even when their malware changes. MITRE ATT&CK is the canonical TTP framework.
- MITRE ATT&CKMITRE ATT&CK Framework
- A knowledge base of adversary tactics and techniques observed in the wild. Vijilan SOC maps every detection to ATT&CK so customers can see which adversary playbooks are being attempted.
- MTTRMean Time to Respond
- Average elapsed time from detection to containment. Vijilan SOC operates at ~1-minute median MTTR thanks to Praxis AI investigation and the active-containment authority granted in our engagement model.
- MTTDMean Time to Detect
- Average elapsed time from initial intrusion to security team awareness. The 2025 industry average is ~280 days; with continuous monitoring this drops to minutes.
- EPSSExploit Prediction Scoring System
- A probability score for whether a specific CVE will be exploited in the wild in the next 30 days. Better triage signal than CVSS alone; Vijilan Managed Exposure prioritizes by EPSS + asset criticality.
- CVECommon Vulnerabilities & Exposures
- The industry catalog of publicly disclosed vulnerabilities. Each CVE has a CVSS score (severity) and increasingly an EPSS score (likelihood of exploitation).
- CVSSCommon Vulnerability Scoring System
- The 0-10 severity scale assigned to each CVE. CVSS measures impact in isolation; real-world risk requires combining it with EPSS and asset context.
- NIS2Network and Information Security Directive 2
- EU cybersecurity directive that expanded scope to thousands of "essential" and "important" entities. Required member-state transposition by 2024; non-compliance penalties up to €10M or 2% of revenue.
- POPIAProtection of Personal Information Act
- South Africa's data protection law. Requires responsible parties to notify the Information Regulator and affected subjects of breaches without unreasonable delay.
- NDBNotifiable Data Breaches Scheme
- Australia's data breach notification scheme: requires notification to the OAIC and affected individuals within 30 days of an eligible data breach.
- Channel-exclusive
- A vendor model where the company sells only through partners (MSPs, MSSPs, VARs) and never directly to end customers. Vijilan is structurally channel-exclusive: if an end customer contacts us, we route to a partner.
- White-label
- Service delivery in which the underlying provider operates invisibly. The customer sees only the partner's brand on reports, dashboards and incident communications. Every Vijilan tier is white-label by default.
- NFR (Not-for-Resale)
- Free or discounted licenses that partners use on their own environment so they can experience and demo the product without selling it. Vijilan Guard is the NFR program: 90 days of free coverage that converts to a permanent NFR ladder once a partner closes their first paying client.