As businesses rely more and more on cybersecurity services and solutions, mastery of key concepts is becoming essential. This detailed glossary provides IT professionals with a better understanding of fundamental concepts to enable them to make informed decisions.
Protection and access control
Bastion host
A bastion is a dedicated server that serves as a secure entry point to the corporate network. Similar to a security gateway, it filters and controls all external access to internal resources. This architecture strengthens security by creating a monitored buffer zone between the Internet and sensitive systems.
Firewalls
The firewall is the network's first line of defence. It analyses incoming and outgoing traffic in real time according to precise rules. New generation firewalls (NGFW) incorporate advanced features such as deep packet inspection, intrusion detection and application filtering.
Network micro-segmentation
This technique involves dividing the network into isolated, controlled zones. Each segment can have its own security rules, limiting the spread of potential threats. This "zero-trust" approach assumes that no zone is totally secure and requires systematic authentication.
Multi-factor authentication (MFA)
Multi-factor authentication is a security method that requires at least two distinct proofs of identity to access a system. These factors generally fall into three categories: something you know (password), something you have (smartphone) and something you are (fingerprint).
Role-based access control (RBAC)
RBAC is an authorisation management model that assigns access rights according to the user's role in the organisation. Permissions are grouped by role rather than distributed individually, simplifying administration and reducing the risk of errors in assigning access rights.
Virtual Private Network (VPN)
A VPN creates a secure, encrypted communication tunnel between two points on the Internet. It enables remote users to access corporate network resources as if they were physically connected to it, while protecting the confidentiality of transmitted data and masking the originating IP address.
Identity and key management
IAM (Identity and Access Management)
IAM centralises the management of identities and access rights. It defines who can access which resources, when and how. This system is crucial for applying the principle of least privilege and guaranteeing traceability of access.
HSM (Hardware Security Module)
The HSM is a highly secure physical device dedicated to protecting cryptographic keys. Resistant to physical intrusion attempts, it guarantees the integrity of critical cryptographic operations such as electronic signatures or encryption of sensitive data.
KMS (Key Management Service)
A cloud solution for centralised management of cryptographic keys, KMS automates the creation, rotation and deletion of keys. It simplifies data encryption while ensuring high availability and complete traceability.
Identity federation (SAML, OAuth)
Identity federation is a system that enables users to access several applications or services with a single set of credentials. It relies on standardised protocols such as SAML (Security Assertion Markup Language) or OAuth to securely share authentication information between different organisations while preserving the confidentiality of identification data.
Privileged Access Management (PAM)
PAM is a set of processes and technologies for securing, controlling and monitoring access to high-privilege accounts within an organisation. It includes features such as automatic password rotation, logging of privileged sessions and temporary allocation of access rights.
Incident monitoring and response
SIEM (Security Information and Event Management)
The SIEM aggregates and analyses security logs from the entire infrastructure in real time. It correlates events to detect suspicious behaviour and alert teams. This global view enables security incidents to be identified quickly and responded to effectively.
SOAR (Security Orchestration, Automation, and Response)
The SOAR automates responses to common security incidents. It integrates the various security tools and coordinates their actions. This orchestration reduces the time taken to respond to threats and frees teams from repetitive tasks so that they can concentrate on complex incidents.
BAS (Breach & Attack Simulation)
The BAS reproduces attack scenarios in a controlled and continuous manner. It automatically tests the defences in place by simulating real attacker techniques. These tests enable weaknesses to be proactively identified before they are exploited.
Endpoint Detection and Response (EDR)
EDR is an advanced security solution that continuously monitors endpoints (workstations, servers, mobile devices) to detect and respond to sophisticated threats. It combines behavioural data collection, real-time analysis and response automation. Unlike traditional antivirus solutions, EDR provides complete visibility of the attack chain, detection of behavioural anomalies and the ability to carry out in-depth investigations. Automated response capabilities enable you to quickly isolate a compromised workstation or block the spread of a threat.
Data protection and business continuity
DLP (Data Loss Prevention)
DLP monitors and controls sensitive data flows. It identifies, traces and blocks attempts to leak information, whether accidental or malicious. These tools apply to data in motion, at rest and in use.
Virtualisation infrastructures
Virtualisation makes it possible to create isolated and flexible IT environments. It optimises the use of physical resources by sharing them securely between several virtual systems. This technology is fundamental to the cloud and facilitates disaster recovery.
PCA/PRA/PUPA
These complementary plans ensure the resilience of the organisation:
- The Business Continuity Plan (BCP) defines the procedures for maintaining essential services in the event of a crisis.
- The Disaster Recovery Plan (DRP) details the restoration of systems after a major incident
- The Emergency and Business Continuity Plan (PUPA) combines these aspects in a global approach
Encryption systems
Encryption systems transform readable data into encrypted format using complex mathematical algorithms. Symmetric encryption uses a single key to encrypt and decrypt, ideal for large volumes of data. Asymmetric encryption, which uses public/private key pairs, is particularly suitable for secure exchanges.