ThreatQuotient Glossary of Cybersecurity Terms


API – Application Programming Interface
An application programming interface (API) is code that enables two software programs to communicate.
ASRG – Automotive Security Research Group
A non-profit initiative to promote the development of security solutions for automotive products.


CDR – Cloud Detection and Response
Cloud detection and response delivers consolidated visibility and data-driven analytics to detect, investigate, and mitigate threats in the cloud.
CTI – Cyber Threat Intelligence
Threat intelligence, also known as cyber threat intelligence (CTI), is information gathered from a range of sources about current or potential attacks against an organization.


DXL – Data Exchange Layer
The data link layer is the protocol layer in a program that handles how data moves in and out of a physical link in a network.


EDR – Endpoint Detection and Response
Endpoint detection and response (EDR) is a system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and fascilitating a quick response to discovered or potential threats.
EPP – Endpoint Protection Products
An Endpoint Protection Product is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.


IPS – Intrusion Prevention System
An intrusion prevention system (IPS) is a cybersecurity tool that examines network traffic to identify potential threats and automatically take action against them.
IR – Incident Response
An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency.


KPI – Key Performance Indicator
Key performance indicators (KPIs) are quantifiable business metrics that corporate executives and other managers use to track and analyze factors deemed crucial to the success of an organization.


MDR – Managed Detection and Response
Managed detection and response (MDR) services are a collection of network-, host- and endpoint-based cybersecurity technologies that a third-party provider manages for a client organization.
MSSP – Managed Security Service Provider
A managed security service provider (MSSP) is an IT service provider that sells security services to businesses.
MTTD – Mean Time to Detection
Mean time to detect (MTTD) is a measure of how long a problem exists in an IT deployment before the appropriate parties become aware of it.
MTTR – Mean Time to Respond
Mean Time to Respond/Remediate (MTTR) is the amount of time it takes an organization to neutralize an identified threat or failure within their network environment.


NDR- Network Detection and Response
Network Detection and Response (NDR) is a cybersecurity technology that enables organizations to monitor network traffic for malicious actors and suspicious behavior, and react and respond to the detection of cyber threats to the network.
NGFR – ​​Next-Generation Firewalls
A next-generation firewall (NGFW) is part of the third generation of firewall technology that can be implemented in hardware or software.


RaaS – Ransomware-as-a-Service
Ransomware as a service (RaaS) is a subscription-based business model that enables affiliates to launch ransomware attacks by accessing and using pre-developed ransomware tools.
ROI – ​​Return on Investment
Return on investment, or ROI, is a mathematical formula that investors can use to evaluate their investments and judge how well a particular investment has performed compared to others.


SaaS – Software-as-a-Service
Software as a service (SaaS) is a software distribution model in which a third-party provider hosts applications and makes them available to end users over the internet.
SEIM – Security Event and Incident Management
SEIM – Security Intelligence Event Management
Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system.
SEIM – Security Intelligence Event Management
Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system.
SOA – Security Orchestration and Automation
SOAR – Security Orchestration, Automation and Response
Security orchestration, automation and response, or SOAR, is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance.
SOC – Security Operations Center
A security operations center (SOC) is a command center facility for a team of information technology (IT) professionals with expertise in information security (infosec) who monitors, analyzes and protects an organization from cyber attacks.


TDIR – Threat Detection, Investigation and Response
Threat Detection, Investigation and Response (TDIR) is a risk-based approach to mitigate cybersecurity threats and to more efficiently detect threats.
TDR – Threat Detection and Response
Threat detection and response (TDR) is the process of identifying potential threats and reacting to them before they impact the business.
TDRO – ThreatQ TDR Orchestrator
ThreatQ TDR Orchestrator is the industry’s first solution to introduce a simplified, data-driven approach to SOAR, and TIP that accelerates threat detection and response across disparate systems, resulting in more efficient and effective security operations.
TIP – Threat Intelligence Platform
A threat intelligence platform automates the collection, aggregation, and reconciliation of external threat data, providing security teams with the most recent threat insights to reduce threat risks relevant for their organization.
TQI – ThreatQ Investigations
ThreatQ Investigations is the industry’s first cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response.
TQX – ThreatQ Data Exchange
ThreatQ Data Exchange makes it simple to set up bidirectional sharing of any and all of your intelligence data within the ThreatQ platform and scale sharing across many teams and organizations of all sizes.
TTP – Tactics, Techniques and Procedures
Tactics, Techniques and Procedures (TTP) describes the behavior of a threat actor and a structured framework for executing a cyberattack. The actors can range from hacktivists and hobbyist hackers to autonomous cybercriminals, underground rings and state-sponsored adversaries.


UTM – Unified Threat Management
Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks.


VM – Vulnerability Management
Vulnerability management is a pro-active approach to managing network security.
VP – Vulnerability Prioritization
Vulnerability prioritization is the process of identifying vulnerabilities and prioritizing their remediation based on potential impact, exploitability, and other contextual factors such as asset information, severity, business-critical impact, and threat intelligence.


XDR – eXtended Detection & Response
Extended Detection and Response (XDR) is a more comprehensive threat detection and response capability that’s now a common offering of most cybersecurity providers. This cloud-native, cloud-scalable security solution can unify and transform multiple telemetry sources.