Glossaire CyberArk

Access Certification facilitates the review of a user’s access privileges and requires a third-party to certify that the access should continue to be granted for a designated period of time.

Access discovery provides administrators with a clear picture of who has access to what applications, resources or privileges across the organization.

Access management solutions are used by businesses to authenticate, authorize and audit access to on-premises and cloud-based applications and IT systems.

The ACME Protocol (Automated Certificate Management Environment) automates the issuing and validating domain ownership of certificates, enabling the seamless deployment of PKI with no need for manual intervention.

Active Directory (AD) is Microsoft’s directory and identity management service for Windows domain networks. AD is used for user authentication and authorization by a variety of Microsoft solutions like Exchange Server and SharePoint Server, as well as third-party applications and services.

Adaptive MFA is a method for using contextual information and business rules to determine which authentication factors to apply to a particular user in a particular situation. Businesses use Adaptive Authentication to balance security requirements with the user experience.

Increasingly, malware is being designed specifically to steal SSL/TLS keys and certificates for use in communications fraud and data exfiltration.

Agentic AI systems perform advanced functions such as independently executing decisions and automating actions, accelerating innovation and driving efficiency. With complex architectures and autonomous applications having more human-like behaviors, Agentic AI demands clear process and robust security frameworks to ensure safe adoption.

An app gateway is an enterprise security solution that lets users access traditional web applications hosted in corporate data centers using the same logon credentials and methods they use to access mobile apps and cloud services.

Attackers use encrypted communications to bypass security, deliver malware, and steal data. Learn how to mitigate and protect against encrypted threats.

Authentication and Authorization solutions positively validate a user’s identify and grant permission to access applications and IT systems once verified.

Bots automate and supplement human workflows helping organizations improve business agility, reduce costs and risks, and free up staff for higher value tasks.

cert-manager automates certificate issuance and renewal in Kubernetes, secures machine identities, reduces outages, and enables Zero Trust and DevSecOps.

Certificate Authorities help verify entities and manage the lifecycle of digital certificates to ensure secure communications and prevent identity fraud.

What is a certificate chain, what are the 3 key components, and how do certificate chains work? Learn all this, plus how to troubleshoot common issues!

Certificate enrollment refers to the process by which a user requests a digital certificate to use as a machine identity on a public-facing system, application, API, container or cluster.

Ensure security, prevent outages, and streamline SSL management with automated certificate management. Optimize your infrastructure today!

Certificate pinning strengthens security by blocking unauthorized connections and preventing MITM attacks. Learn how it works and best practices today!

Certificate validation and verification is the process a web browser performs to ensure a certificate can be trusted.

A CI/CD pipeline is a collection of tools used by developers and test engineers throughout the continuous software development, delivery and deployment lifecycle.

The Secure Software Development Attestation Form is a requirement introduced by the Cybersecurity and Infrastructure Security Agency with OMB collaboration.

Cloud identity and access management (IAM) permissions let IT and security organizations control access to the resources in their cloud environments.

Cloud identity security is the practice of implementing identity security controls to secure human and machine identities in hybrid and multi-cloud environments. Cloud migration and digital transformation have become commonplace for many modern enterprises

Sometimes referred to as Cloud Entitlements Management solutions or Cloud Permissions Management solutions, CIEM solutions apply the Principle of Least Privilege access to cloud infrastructure and services, helping organizations defend against data breaches, malicious attacks and other risks posed by excessive cloud permissions.

Discover what is code signing, how code signing works, and how machine identity security protects your code signing credentials from cybercriminals.

From physical servers to virtualization and now containers, see how application deployment has evolved for better efficiency, scalability, and portability.

CIAM solutions control access to public websites and digital properties, making it easy for customers to sign up and log on to online applications and services.

Businesses purchase cyber insurance (also known as cybersecurity insurance) to mitigate financial loss due to cyber attacks and data breaches.

La sécurité du cloud fait référence à la protection de l'intégrité des applications, des données et de l'infrastructure virtuelle hébergées dans le cloud.  Ce terme s'applique à tous les modèles de déploiement dans le cloud (cloud public, privé, hybride, multi-clouds) et à tous les types de services et de solutions à la demande (IaaS, PaaS, SaaS) dans le cloud.

Data sovereignty is the ability of enterprises to safeguard and have full control over the personally identifiable information (PII) of any citizen or permanent resident of the country in which it operates.

A defense-in-depth strategy, aka a security-in-depth strategy, refers to a cybersecurity approach that uses multiple layers of security for holistic protection.

Is AWS or Azure the best DevOps cloud solution for you? Compare pipelines as code, code building tools, and Azure vs. AWS code deploy to find out!

Discover the types, uses, and validity of digital certificates. Understand their role in authentication, security, and software trust across desktop and mobile.

The Digital Signature Algorithm is a Federal Information Processing Standard for digital signatures. It facilitates the authentication of digital messages or documents by ensuring that signatures are valid and unaltered.

Digital transformation refers to the process of integrating digital technology into various aspects of an organization to fundamentally change how it operates and delivers value to its customers or stakeholders.

A directory service is a common data repository for maintaining information about network users and resources as part of their Identity Security strategy.

DNS traffic blocking is a network management process that prevents access to specific websites or internet services based on their domain names.

The Digital Operational Resilience Act (DORA) Act, is a regulatory framework established by the European Union to fortify the financial sector against ICT threats.

A TLS downgrade attack tricks the client and server into using older protocols or insecure parameters for encrypting the information in transit.

Une fuite de données est un incident de sécurité au cours duquel des acteurs internes malveillants ou des attaquants externes parviennent à accéder de façon non autorisée à des données confidentielles ou à des informations sensibles comme des dossiers médicaux, des informations financières ou des informations à caractère personnel. Les fuites de données font partie des incidents de cybersécurité les plus anciens et les plus coûteux.

DevOps est un terme utilisé pour décrire un ensemble de philosophies culturelles, de pratiques et d'outils de développement logiciel (Dev) et d'opérations informatiques (Ops), pour augmenter la capacité des organisations à fournir des applications et des services très rapidement. Le DevOps présente de nouveaux risques et des changements culturels qui posent des problèmes de sécurité impossibles à résoudre en s'appuyant sur des solutions de gestion de la sécurité et des pratiques traditionnelles.

An enterprise browser is a dedicated, corporate web browser designed to give enterprises enhanced security and control over how the browser functions while ensuring a seamless browsing experience for employees

La sécurité des terminaux fait référence à la protection des réseaux d'entreprise contre les menaces issues des terminaux sur site ou distants. Un terminal est un appareil qui fournit un point d'entrée vers les actifs et les applications de l'entreprise et qui représente une vulnérabilité de cybersécurité potentielle.

Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that standardizes the security assessment, authorization and continuous monitoring of cloud products and services.

FIDO2 is an open authentication standard developed by the FIDO Alliance, an organization with the mission to develop open, scalable authentication standards.

Field Level Encryption (FLE) allows a developer to selectively encrypt individual fields of a document on the client-side before it is sent to the server—keeping the encrypted data private from the providers hosting or anyone accessing the database. 

Healthcare cybersecurity protects organizations from cyber attacks and ensures availability of medical services, integrity of patient data, and compliance.

Learn how homomorphic encryption enables computations on encrypted data, preserving privacy while allowing secure data analysis in cloud storage.

Identity and Access Management (IAM) solutions enable administration of user identities and control of access to enterprise resources. IAM solutions ensure the right individuals have access to the right IT resources, for the right reasons, at the right time.

Identity as a Service (IDaaS) is an Identity and Access Management solution delivered in the form of a cloud-based service hosted and managed by a trusted third party. An IDaaS offering combines all the functions and benefits of an enterprise-class IAM solution with all the economic and operational advantages of a cloud-based service.

Identity Governance and Administration (IGA) solutions efficiently manage digital identities and access rights across diverse systems and are used by corporate information security, risk management, compliance teams and IT organizations.

Identity lifecycle management refers to the process of managing the user identities and evolving access privileges of employees and contractors throughout their tenure—from day one through separation.

Learn everything you need to know identity orchestration and how it automates identity management workflows without writing custom codes or scripts.

Identity Security is a comprehensive solution for securing all identities– human or machine – throughout the cycle of accessing critical assets.

Identity Threat Detection and Response (ITDR) is a security discipline consisting of cyber threat intelligence, behavior analysis, tools and structured processes to enhance identity infrastructure security and accelerate the remediation of identity-centric attacks.

Intelligent privilege controls are security measures designed to manage access to enterprise resources based on real-time risk assessments and contextual factors.

ISO stands for the International Organization for Standardization that sets standards for quality, safety, efficiency and interoperability across industries.

Grâce à la méthodologie d'accès « juste à temps », les organisations peuvent augmenter les privilèges des utilisateurs humains et machines en temps réel pour fournir un accès à privilèges élevé et granulaire à une application ou un système pour réaliser une tâche requise. Les analystes du secteur de la cybersécurité recommandent l'accès juste à temps en tant que méthode sécurisée de provisioning des accès à privilèges en réduisant les accès en attente.

Kubernetes, also known as K8s, is a popular open-source container orchestration platform designed for cloud portability across hybrid and multi-cloud infrastructure. 

Le principe du moindre privilège fait référence à un concept de sécurité dans lequel on accorde à un utilisateur le niveau d'accès (ou les permissions) minimum requis pour accomplir son travail. Le principe du moindre privilège est largement considéré comme une pratique exemplaire en matière de cybersécurité et constitue une étape fondamentale dans la protection de l’accès privilégié aux données et aux actifs de grande valeur.

Un logiciel malveillant (ou malware) est un type de programme conçu pour endommager ou nuire à un ordinateur, serveur, client, réseau informatique, une infrastructure sans que les utilisateurs finaux ne s'en aperçoivent. Les cybercriminels créent, utilisent et vendent des logiciels malveillants pour différentes raisons, mais ils sont généralement utilisés pour dérober des informations personnelles, financières ou commerciales.

Machine identities secure trust and confidentiality with digital certificates, just as people do with usernames and passwords. Read on to learn more!

Machine identity security safeguards digital trust by protecting machine identities, preventing breaches, securing cloud growth, and ensuring compliance.

Successful MITM attacks gain the trust of communicating parties by impersonating a trusted website and eavesdropping on secure conversations.

Mitre Att&ck is an open framework for implementing cybersecurity detection and response programs that includes a global knowledge base of adversarial TTPs.

Secure multiple domains with a single Multi Domain SSL certificate. Reduce costs, streamline management, and enhance security for all your web properties.

Multi-cloud leverages two or more cloud services from more than one cloud provider. In the enterprise, multi-cloud typically refers to running enterprise applications on platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS) from multiple cloud service providers, such as Amazon Web Services (AWS), Google Cloud Platform (GCP), IBM cloud and Microsoft Azure.

Multi-Factor Authentication is a method for using contextual information and business rules to determine which authentication factors to apply to a particular user in a particular situation. Businesses use MFA to balance security requirements with the user experience.

The NIS2 (Network and Information Security) Directive is a regulatory framework established by the European Union(EU) to enhance the cybersecurity of critical infrastructure and digital service providers.

NIST CSF 2.0 is a new version of the original National Institute of Standards and Technology Cybersecurity Framework, help to manage and mitigate cybersecurity risks.

NIST SP 800-207 is a guidance published by the National Institute of Standards and Technology. A part of NIST SP 800 series for information security and cybersecurity.

Non-human Identities are digital entities used to identify, authenticate and authorize machines, devices, and IT infrastructure that is not associated with a human.

Operational Technology (OT) cybersecurity is a key component of protecting the uptime, security and safety of industrial environments and critical infrastructure.

See how CyberArk prevents devastating website outages, often caused by improperly managed machine identities and expired certificates, with automation!

La gestion des accès à privilèges (PAM) fait référence à une stratégie de cybersécurité complète, qui englobe les personnes, les processus et les technologies, et qui vise à contrôler, superviser, sécuriser et auditer toutes les identités et les activités à privilèges, humaines et non humaines, dans tout l'environnement informatique d'une entreprise. Les organisations mettent en œuvre la gestion des accès à privilèges pour se protéger contre les menaces que constituent le vol d'identifiants et l'utilisation mal intentionnée des privilèges.

Passwordless Authentication is an authentication method that allows a user to gain access to an application or IT system without entering a password or answering security questions.

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of security practices to protect cardholder data and prevent credit card fraud.

A phishing attack is a social engineering tactic commonly used to steal confidential data or deliver ransomware or some other form of malware.

In phishing, malicious actors trick people into going to a website and entering private information into a form. They might impersonate a major company, like a bank or PayPal.

PKI, or public key infrastructure, is the framework of encryption and cybersecurity. PKI secures client-server communications. How? Let's find out!

Your guide to the most common PKI management mistakes, and how your team can strategically avoid them to keep client-server communications secure.

Privileged entitlements management is the practice of securely managing high-risk entitlements (also known as permissions, access rights or privileges) to access sensitive data, resources and services.

L'automatisation des processus par la robotique (RPA) est une technologie d'automatisation qui aide les organisations à automatiser entièrement ou partiellement certaines tâches normalisées. Les robots d'automatisation des processus par la robotique, ou « bots », sont capables d'imiter les actions des humains pour accomplir leur travail.

Un rançongiciel (ou ransomware) est un type de logiciel malveillant conçu pour extorquer de l'argent aux victimes. Une fois activé, le rançongiciel empêche les utilisateurs d'interagir avec leurs fichiers, leurs applications ou leurs systèmes jusqu'au paiement d'une rançon, qui prend généralement la forme d'une monnaie intraçable de type Bitcoin.

Remote access security solutions authenticate users who are accessing business applications and IT systems from outside the private enterprise network.

Remote work security safely extends business applications and services to teleworkers and nomadic users without impairing user experience or satisfaction.

Understand how root certificates establish trust in code signing. Explore their role in verifying authenticity through a chain of trust to prevent fraud.

RSA encryption secures machine identities and prevents cyber threats with asymmetric cryptography. Strengthen your security strategy with the right tools today!

La gestion des secrets permet aux organisations d'appliquer de façon homogène les politiques de sécurité pour les identités des machines. La gestion des secrets offre l'assurance que les ressources issues de tous les outils, plateformes et environnements cloud sont uniquement accessibles à des entités authentifiées et autorisées.

Les SaaS (logiciels en tant que service) correspondent à un modèle de licence et de distribution de logiciels pour lequel le fournisseur de services héberge les applications et les met à disposition des clients via Internet. Également appelés « logiciels à la demande », « logiciels hébergés » ou « logiciel Web » les SaaS font partie des trois composants principaux du cloud computing, l'un des piliers de la transformation digitale.

SASE merges security and networking into a cloud-based framework for seamless, secure access. See how it strengthens your organization’s security today!

Learn how SCP protocol securely transfers files over SSH, combining encryption and authentication to protect data in transit while the preserving file.

Security Assertion Markup Language (SAML) provides a standard way for businesses and application providers to share user authentication and authorization data and federate identity management functionality.

A security framework is a set of documented standards, policies, procedures, and best practices intended to enhance an organization’s security and reduce risk.

Security Operations (SecOps) is the practice of combining internal information security and IT operations practices to improve collaboration and reduce risks.

Strengthen key and certificate security with frameworks, audits, and best practices to prevent risks and ensure compliance. Enhance your security strategy now!

Self-signed certificates offer flexibility, but they come with security and trust risks. See how to manage them effectively and strengthen your security!

Session hijacking lets attackers steal active sessions to impersonate users and access sensitive data. Learn key attack methods and how to stay safe!

Single Sign-On (SSO) is an authentication method that lets users access multiple applications and services using a single set of login credentials. SSO can help businesses improve user satisfaction and productivity, strengthen access security, and reduce IT operations expense and complexity.

SOC 2 is a security compliance framework developed by the American Institute of Certified Public Accountants (AICPA) to securely manage customer data within the cloud.

Social engineering is a manipulation technique aimed at tricking individuals into revealing sensitive information

Learn how SPIFFE standardizes secure workload identity in dynamic environments, enables zero-trust authentication and solves the "bottom turtle" problem.

SSH (Secure Shell) encrypts remote access, secures file transfers, and protects network infrastructure. Explore how SSH keys strengthen authentication.

An SSL Certificate encrypts data, ensures authentication, and boosts trust. See how it protects websites, prevents attacks, and enhances cybersecurity.

Explore how cipher suites secure network traffic with SSL/TLS, their key components, vulnerabilities, and best practices to enhance your organization's security.

SSL stripping attacks downgrade HTTPS to HTTP, exposing user data to interception. Learn how cybercriminals exploit this and how to protect against it.

Strict SSL enhances security by validating server authenticity and protecting against man-in-the-middle attacks, ensuring safe connections with valid certificates.

The Society of Worldwide Interbank Financial Telecommunication (SWIFT) is a cooperative founded in 1973 by members of the financial community with proprietary network.

Symmetric encryption uses a single secret key, while asymmetric encryption relies on a public-private key pair for secure communication. See how this impacts security!

Synthetic identity refers to a counterfeit identity formed by combining a mix of genuine and false information, blurring the line between physical and digital characteristics that identify a human being.

TEA is a security concept that enhances access control by managing when, how much, and under what conditions users or systems can access resources.

Temporary elevated access management (TEAM) access methodology helps organizations elevate privileges for human and non-human users in real time to provide granular access to an application or system in order to perform a necessary task.

Third-party access is the process of granting external vendors and service providers secure access to IT assets for maintenance, administration and management.

Learn all about certificate lifecycle management, why it matters, the 6 stages of the TLS certificate lifecycle, and the impact automation will have!

Expired certificates can be dangerous for your network. Learn why they expire so easily without automation and the steps you can take if this happens.

Outdated protocols, weak ciphers, and expired certificates can expose TLS to attacks. See how to mitigate these risks and strengthen your cybersecurity!

TLS certificates authenticate websites and encrypt data to ensure secure connections. Learn how they protect online interactions to enhance security!

See how TLS decryption enhances security visibility, threat detection, and compliance while mitigating risks. Learn methods, best practices, and more!

Understand the TLS handshake process, common connection errors, and how to solve them. Learn how to prevent outages with better certificate management!

TLS/SSL offloading reduces connection latency, improving page loading speeds and user experience as well as introducing additional security checks for malware.

Understand how TLS/SSL ports secure data, their key roles in network communication, and why HTTPS is essential for security and compliance. Upgrade your defenses now!

A trust store is a collection of root certificates that are trusted by default and are maintained by the companies that make operating systems and web browsers.

User behavior analytics use AI and machine learning to analyze large datasets to identify security breaches, data exfiltration and other malicious activities.

A virtual directory is an Identity and Access Management architectural component that gives identity consumers a consolidated and unified view of identity management information stored in multiple disparate data repositories.

Wildcard certificates simplify management, but pose major risks if not properly secured. Learn about the benefits and dangers before implementing.

Workload identity enhances Kubernetes security, automates authentication, and strengthens zero trust compliance. Explore best practices now!

An X.509 certificate is a type of TLS/SSL certificate which uses the X.509 standard and contains a public key and the identity of a hostname, organization or individual.

L'accès Zero Trust est un modèle stratégique de cybersécurité conçu pour protéger l'environnement numérique des entreprises modernes. L'accès Zero Trust est centré sur la conviction que les entreprises devraient systématiquement ne jamais faire confiance à quoi que ce soit, ni à l'intérieur et ni à l'extérieur de leur périmètre réseau. Selon les modèles Zero Trust, tous les éléments et toutes les personnes qui tentent de se connecter aux systèmes d'une organisation doivent d'abord être vérifiés avant qu'un accès leur soit accordé.

Zero Standing Privileges (ZSP) is an identity security principle that advocates for the removal of all persistent privileges for users within an enterprise’s estate. Practically, Zero Standing Privileges is a progression from the concept of just-in-time access.