Cloud-native security lexicon
Understanding common cybersecurity terms, tools, and technologies can seem daunting. As the security industry introduces new acronyms almost daily, this cybersecurity glossary will cover important cloud security terms to help you keep up.
%201.svg){kind=logo}
A
Agentic AI: Agentic AI is a form of artificial intelligence designed to perform real-time actions independently of users to complete a specific goal. It works autonomously by making decisions, adapting, learning, and taking action. Agentic AI ingests data for contextual visibility and then acts. For example, Sysdig agentic AI filters out noise, triages findings, and performs actions without requiring constant user input.
AI security: AI security is a two-fold process: using AI to improve enterprise defenses through behavioral analysis, threat detection, and triaging incidents for users, and securing AI tools from attackers. Enterprises can use AI security to flag anomalous behavior, observe network traffic and tool usage to develop a security baseline, and perform actions to prevent or mitigate cyberattacks before they become data breaches.
C
Cloud detection and response: CDR is the continuous security monitoring of cloud infrastructure and services for suspicious or malicious behavior. CDR enhances visibility into cloud systems, secures sensitive data from threats, and enables security teams to more quickly respond to attacks. CDR reduces mean-time-to-resolution, improving security outcomes for security teams.
Cloud infrastructure entitlement management: CIEM is a centralized process that secures identities and entitlements in the cloud. CIEM monitors your cloud to manage user and machine access to assets and determine whether those users have appropriate privileges and prevent those that don't from gaining access or elevating privileges. CIEM ensures regulatory compliance by enforcing least privilege access and automatically taking action to suspend or revoke access across a multi-cloud environment.
Cloud-native security: Cloud-native security is the tools, practices, and technologies used to protect complicated modern cloud enviroments and workloads, including containers and microservices. Cloud service providers, such as AWS, GCP, and Azure, offer cloud-native security tools designed to protect their individual cloud environments. This simplifies cloud security for enterprises using just one CSP, but increases complexity in multi-cloud deployments. Third-party cloud security tools can help bridge the gap between the different cloud environments.
Cloud-native application protection platform: CNAPP is an end-to-end cloud security solution that consolidates several disparate cloud security tools and technologies into one complete platform. CNAPPs commonly include cloud security posture management, cloud workload protection, cloud infrastructure entitlement management, infrastructure as code, and data protection capabilities to protect an organization in the cloud.
Container security: Container security is the tools, practices, and technologies used to protect containerized applications from threats and vulnerabilities across the entire container lifecycle. Common container security threats include malware and insecure privileges. Container security can enforce least privileged access; scan for malware and vulnerabilities within a container, image, or registry; and monitor the container runtime environment for threats.
Cloud security posture management: CSPM provides continuous monitoring of cloud enviroments for vulnerabilities, misconfigurations, and compliance violations. CSPMs establish security posture by scanning cloud environments, including IaaS, PaaS, and SaaS, for security risks and helping prioritize risk so security teams can focus on the vulnerabilities or misconfigurations that are the most pressing. Sysdig CSPM provides critical runtime insights so security teams can prioritize and address their most significant cloud risks.
Cloud workload protection platform: CWPP is a security solution designed to protect workloads, both in the cloud and on premises for hybrid cloud deployments. CWPP provides real-time security of containers, virtual machines, serverless functions and other cloud workloads. It improves visibility of workloads within the cloud and inventorying them so security teams know about everything occurring in their cloud deployments. CWPP provides vulnerability management, runtime protection, and auditing capabilities.
D
Dark AI: Dark AI is the emerging security threat of cyberattackers using artificial intelligence tools for malicious activity, including generative AI and large-language models. This threat worries security practitioners because it enables malicious actors to strenghen social engineering campaigns, optimize attacks against network and security tools, and speed up the volume of cyberattacks. Dark AI usage makes it more difficult for security teams to identify suspicious or anomalous behavior before an attack impacts them.
F
Falco: Falco is an open source cloud-native runtime security tool designed to protect cloud environments, containers, Kubernetes, and more. It can provide increased visibility to identify and monitor anomalous behavior, detect performance issues, and find misconfigurations. Falco uses rules, alerts, and plugins to monitor system calls to ensure everything is working correctly.
K
Kubernetes security: Kubernetes security is the approach to protecting the entire Kubernetes stack from risks and malicious behavior. Security tools and technologies need to protect every part of the Kubernetes stack, including the node, API, network, pod, and data. Managing Kubernetes security at scale requires tools that can scan for misconfigurations, role-based access control, and container image vulnerabilities and functionality and analyze application and audit logs for suspicious behavior.
R
Runtime security: Runtime security is the technology for end-to-end protection of applications and running processes from threats and exploits. It actively monitors applications in containers, serverless functions and cloud instances for malicious activity and mitigates identified threats. Unlike static analysis, runtime security can discover zero-day exploits by monitoring for signs of an attack in progress.
V
Vulnerability management: Vulnerability management is the continuous process of discovering vulnerabilities and misconfigurations, so security teams can reduce an enterprise's risk exposure. The vulnerability management lifecycle involves assessing and identifying potential vulnerabilities and risks, evaluating and prioritizing discovered vulnerabilities, remediating and mitigating vulnerabilities, and scanning again to reassess vulnerabilties.
W
Wireshark: Wireshark is an open source network protocol analyzer. The tool can diagnose network issues, inspect real-time traffic, and detect security vulnerabilities. With Wireshark, users can troubleshoot latency and connectivity issues, analyze suspicious activity, and debug protocols to assist in new application development.