CyberArk术语

网络安全领域中使用了无数个技术术语和行业流行语。CyberArk术语在复杂术语的海洋中为您指引方向,提供易于理解的定义和可供您进一步探索的资源。

A

Access Certification

Access Certification facilitates the review of a user’s access privileges and requires a third-party to certify that the access should continue to be granted for a designated period of time.

了解更多信息

Access Certification

Access Discovery

Access discovery provides administrators with a clear picture of who has access to what applications, resources or privileges across the organization.

了解更多信息

Access Discovery

Access Management

Access management solutions are used by businesses to authenticate, authorize and audit access to on-premises and cloud-based applications and IT systems.

了解更多信息

Access Management

Active Directory (AD)

Active Directory (AD) is Microsoft’s directory and identity management service for Windows domain networks. AD is used for user authentication and authorization by a variety of Microsoft solutions like Exchange Server and SharePoint Server, as well as third-party applications and services.

了解更多信息

Active Directory (AD)

Adaptive Multi-Factor Authentication (MFA)

Adaptive MFA is a method for using contextual information and business rules to determine which authentication factors to apply to a particular user in a particular situation. Businesses use Adaptive Authentication to balance security requirements with the user experience.

了解更多信息

Adaptive Multi-Factor Authentication (MFA)

Application (App) Gateway

An app gateway is an enterprise security solution that lets users access traditional web applications hosted in corporate data centers using the same logon credentials and methods they use to access mobile apps and cloud services.

了解更多信息

Application (App) Gateway

Authentication Authorization

Authentication and Authorization solutions positively validate a user’s identify and grant permission to access applications and IT systems once verified.

了解更多信息

Authentication Authorization

B

Bot Security

Bots automate and supplement human workflows helping organizations improve business agility, reduce costs and risks, and free up staff for higher value tasks.

了解更多信息

Bot Security

C

CI/CD Pipeline

A CI/CD pipeline is a collection of tools used by developers and test engineers throughout the continuous software development, delivery and deployment lifecycle.

了解更多信息

CI/CD Pipeline

CISA Secure Software Development Attestation Form (SSDA)

The Secure Software Development Attestation Form is a requirement introduced by the Cybersecurity and Infrastructure Security Agency with OMB collaboration.

了解更多信息

CISA Secure Software Development Attestation Form (SSDA)

Cloud IAM Permissions

Cloud identity and access management (IAM) permissions let IT and security organizations control access to the resources in their cloud environments.

了解更多信息

Cloud IAM Permissions

Cloud Identity Security

Cloud identity security is the practice of implementing identity security controls to secure human and machine identities in hybrid and multi-cloud environments. Cloud migration and digital transformation have become commonplace for many modern enterprises

了解更多信息

Cloud Identity Security

Cloud Infrastructure Entitlements Management (CIEM)

Sometimes referred to as Cloud Entitlements Management solutions or Cloud Permissions Management solutions, CIEM solutions apply the Principle of Least Privilege access to cloud infrastructure and services, helping organizations defend against data breaches, malicious attacks and other risks posed by excessive cloud permissions.

了解更多信息

Cloud Infrastructure Entitlements Management (CIEM)

Cloud Security 云安全

云安全是指保护基于云的应用程序、数据和虚拟基础架构完整性的实践。该术语适用于所有云部署模型(公共云、私有云、混合云、多云)以及所有类型的基于云的服务和按需解决方案(IaaS、PaaS、SaaS)。

了解更多信息

Cloud Security 云安全

Customer Identity and Access Management (CIAM)

CIAM solutions control access to public websites and digital properties, making it easy for customers to sign up and log on to online applications and services.

了解更多信息

Customer Identity and Access Management (CIAM)

Cyber Insurance

Businesses purchase cyber insurance (also known as cybersecurity insurance) to mitigate financial loss due to cyber attacks and data breaches.

了解更多信息

Cyber Insurance

D

Data Breach 数据泄露

数据泄露是安全事件,即恶意内部人员或外部攻击者未经授权访问机密数据或敏感信息,例如病历、财务信息或个人身份信息 (PII)。数据泄露是最常见且代价最高的网络安全事件之一。

了解更多信息

Data Breach 数据泄露

Data Sovereignty

Data sovereignty is the ability of enterprises to safeguard and have full control over the personally identifiable information (PII) of any citizen or permanent resident of the country in which it operates.

了解更多信息

Data Sovereignty

Defense-in-Depth

A defense-in-depth strategy, aka a security-in-depth strategy, refers to a cybersecurity approach that uses multiple layers of security for holistic protection.

了解更多信息

Defense-in-Depth

DevOps安全

DevOps一词用于描述将软件开发 (Dev) 和 IT 运营 (Ops) 结合在一起并提高组织快速交付应用程序和服务的能力的一系列文化理念、实践和工具。DevOps 带来了新的风险和文化变革,这些变革带来了传统安全管理解决方案和实践通常无法解决的安全挑战。

了解更多信息

DevOps安全

Digital Transformation

Digital transformation refers to the process of integrating digital technology into various aspects of an organization to fundamentally change how it operates and delivers value to its customers or stakeholders.

了解更多信息

Digital Transformation

Directory Services

A directory service is a common data repository for maintaining information about network users and resources as part of their Identity Security strategy.

了解更多信息

Directory Services

DORA Act

The Digital Operational Resilience Act (DORA) Act, is a regulatory framework established by the European Union to fortify the financial sector against ICT threats.

了解更多信息

DORA Act

E

Endpoint Security 端点安全

端点安全是指保护企业网络免受内部或远程设备威胁的做法。端点即指任何供他人访问公司资产和应用程序的设备,并可能是潜在的网络安全漏洞。

了解更多信息

Endpoint Security 端点安全

Enterprise Browser

An enterprise browser is a dedicated, corporate web browser designed to give enterprises enhanced security and control over how the browser functions while ensuring a seamless browsing experience for employees

了解更多信息

Enterprise Browser

F

FedRAMP Authorization

Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that standardizes the security assessment, authorization and continuous monitoring of cloud products and services.

了解更多信息

FedRAMP Authorization

G

H

Healthcare Cybersecurity

Healthcare cybersecurity protects organizations from cyber attacks and ensures availability of medical services, integrity of patient data, and compliance.

了解更多信息

Healthcare Cybersecurity

I

Identity and Access Management (IAM)

Identity and Access Management (IAM) solutions enable administration of user identities and control of access to enterprise resources. IAM solutions ensure the right individuals have access to the right IT resources, for the right reasons, at the right time.

了解更多信息

Identity and Access Management (IAM)

Identity as a Service (IDaaS)

Identity as a Service (IDaaS) is an Identity and Access Management solution delivered in the form of a cloud-based service hosted and managed by a trusted third party. An IDaaS offering combines all the functions and benefits of an enterprise-class IAM solution with all the economic and operational advantages of a cloud-based service.

了解更多信息

Identity as a Service (IDaaS)

Identity Governance and Administration (IGA)

Identity Governance and Administration (IGA) solutions efficiently manage digital identities and access rights across diverse systems and are used by corporate information security, risk management, compliance teams and IT organizations.

了解更多信息

Identity Governance and Administration (IGA)

Identity Lifecycle Management

Identity lifecycle management refers to the process of managing the user identities and evolving access privileges of employees and contractors throughout their tenure—from day one through separation.

了解更多信息

Identity Lifecycle Management

Identity Orchestration

Learn everything you need to know identity orchestration and how it automates identity management workflows without writing custom codes or scripts.

了解更多信息

Identity Orchestration

Identity Security

Identity Security is a comprehensive solution for securing all identities– human or machine – throughout the cycle of accessing critical assets.

了解更多信息

Identity Security

Identity Threat Detection and Response (ITDR)

Identity Threat Detection and Response (ITDR) is a security discipline consisting of cyber threat intelligence, behavior analysis, tools and structured processes to enhance identity infrastructure security and accelerate the remediation of identity-centric attacks.

了解更多信息

Identity Threat Detection and Response (ITDR)

ISO

ISO stands for the International Organization for Standardization that sets standards for quality, safety, efficiency and interoperability across industries.

了解更多信息

ISO

J

Just-In-Time Access 即时访问

使用即时(JIT)访问方法,组织可以实时提升人员和非人类用户的权限,以提供对应用程序或系统的升级或细粒度升级访问权限,以便他们执行必要任务。网络安全行业分析师建议将 JIT 访问作为一种通过尽量减少常规访问来配置安全特权访问的方法。

了解更多信息

Just-In-Time Access 即时访问

K

Kubernetes

Kubernetes, also known as K8s, is a popular open-source container orchestration platform designed for cloud portability across hybrid and multi-cloud infrastructure. 

了解更多信息

Kubernetes

L

Least Privilege 最小权限

最小权限原则 (PoLP) 是一种信息安全概念,即为用户提供执行其工作职责所需的最小权限等级或许可。最小权限原则被广泛认为是网络安全的最佳实践,也是保护高价值数据和资产的特权访问的基本方式。

了解更多信息

Least Privilege 最小权限

M

Machine Identity

Machine identities are digital entities used to identify, authenticate and authorize machines, devices, and IT infrastructure that is not associated with a human.

了解更多信息

Machine Identity

Malware 恶意软件

恶意软件是任何类型的恶意软件的统称,这些恶意软件在最终用户不知情的情况下对计算机、服务器、客户端或计算机网络和基础架构造成损害或破坏。网络攻击者出于五花八门的原因来创建、使用和出售恶意软件,但最常用于窃取个人、财务或商业信息。

了解更多信息

Malware 恶意软件

MITRE ATT&CK Framework

Mitre Att&ck is an open framework for implementing cybersecurity detection and response programs that includes a global knowledge base of adversarial TTPs.

了解更多信息

MITRE ATT&CK Framework

Multi-cloud

Multi-cloud leverages two or more cloud services from more than one cloud provider. In the enterprise, multi-cloud typically refers to running enterprise applications on platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS) from multiple cloud service providers, such as Amazon Web Services (AWS), Google Cloud Platform (GCP), IBM cloud and Microsoft Azure.

了解更多信息

Multi-cloud

Multi-Factor Authentication (MFA)

Multi-Factor Authentication is a method for using contextual information and business rules to determine which authentication factors to apply to a particular user in a particular situation. Businesses use MFA to balance security requirements with the user experience.

了解更多信息

Multi-Factor Authentication (MFA)

N

NIS2 Directive

The NIS2 (Network and Information Security) Directive is a regulatory framework established by the European Union(EU) to enhance the cybersecurity of critical infrastructure and digital service providers.

了解更多信息

NIS2 Directive

NIST CSF 2.0

NIST CSF 2.0 is a new version of the original National Institute of Standards and Technology Cybersecurity Framework, help to manage and mitigate cybersecurity risks.

了解更多信息

NIST CSF 2.0

NIST SP 800-207

NIST SP 800-207 is a guidance published by the National Institute of Standards and Technology. A part of NIST SP 800 series for information security and cybersecurity.

了解更多信息

NIST SP 800-207

Non-Human Identity

Non-human Identities are digital entities used to identify, authenticate and authorize machines, devices, and IT infrastructure that is not associated with a human.

了解更多信息

Non-Human Identity

O

Operational Technology (OT) Cybersecurity

Operational Technology (OT) cybersecurity is a key component of protecting the uptime, security and safety of industrial environments and critical infrastructure.

了解更多信息

Operational Technology (OT) Cybersecurity

P

Passwordless Authentication

Passwordless Authentication is an authentication method that allows a user to gain access to an application or IT system without entering a password or answering security questions.

了解更多信息

Passwordless Authentication

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of security practices to protect cardholder data and prevent credit card fraud.

了解更多信息

PCI-DSS

Phishing Attack

A phishing attack is a social engineering tactic commonly used to steal confidential data or deliver ransomware or some other form of malware.

了解更多信息

Phishing Attack

Privileged Access Management 特权访问管理(PAM)

特权访问管理 (PAM) 是指由人员、流程和技术组成的综合网络安全策略,用于控制、监视、保护和审核整个企业 IT 环境中的所有人类和非人类特权身份和活动。组织实施特权访问管理,以防止凭据盗用和特权滥用所造成的威胁。

了解更多信息

Privileged Access Management 特权访问管理(PAM)

Q

R

Ransomware 勒索软件

勒索软件是一种旨在勒索受害者以获取经济利益的恶意软件。一旦被激活,勒索软件将阻止用户与其文件、应用程序或系统进行交互,直到支付赎金为止,通常是采用比特币之类的不可追踪的货币形式。

了解更多信息

Ransomware 勒索软件

Remote Access Security

Remote access security solutions authenticate users who are accessing business applications and IT systems from outside the private enterprise network.

了解更多信息

Remote Access Security

Remote Work Security

Remote work security safely extends business applications and services to teleworkers and nomadic users without impairing user experience or satisfaction.

了解更多信息

Remote Work Security

Robotic Process Automation 机器人流程自动化 (RPA)

机器人流程自动化 (RPA) 是一种自动化技术,可以帮助组织部分或完全自动执行标准化任务。机器人流程自动化软件机器人或“机器人”可以模仿人类行为进行工作。

了解更多信息

Robotic Process Automation 机器人流程自动化 (RPA)

S

SaaS

软件即服务 (SaaS) 是一种软件许可和分发模型,服务提供商在该模型中托管应用程序,并通过互联网将其提供给客户。
SaaS 也被称为“按需软件”、“托管软件”和“基于 Web 的软件”,它是云计算的三个主要组成部分之一,而云计算是数字转换的基本要素之一。

了解更多信息

SaaS

Secrets Management 机密信息管理

机密信息管理使组织能够一致地针对非人类身份实施安全策略。机密信息管理可确保仅经过身份验证和授权的实体可以访问跨工具栈、平台和云环境的资源。

了解更多信息

Secrets Management 机密信息管理

Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML) provides a standard way for businesses and application providers to share user authentication and authorization data and federate identity management functionality.

了解更多信息

Security Assertion Markup Language (SAML)

Security Framework

A security framework is a set of documented standards, policies, procedures, and best practices intended to enhance an organization’s security and reduce risk.

了解更多信息

Security Framework

Security Operations (SecOps)

Security Operations (SecOps) is the practice of combining internal information security and IT operations practices to improve collaboration and reduce risks.

了解更多信息

Security Operations (SecOps)

Single Sign-On (SSO)

Single Sign-On (SSO) is an authentication method that lets users access multiple applications and services using a single set of login credentials. SSO can help businesses improve user satisfaction and productivity, strengthen access security, and reduce IT operations expense and complexity.

了解更多信息

Single Sign-On (SSO)

SOC 2

SOC 2 (Service Organization Control Type 2) is a cybersecurity compliance framework developed by the American Institute of Certified Public Accountants (AICPA) that helps manage customer data within the cloud.

了解更多信息

SOC 2

Social Engineering

Social engineering is a manipulation technique aimed at tricking individuals into revealing sensitive information

了解更多信息

Social Engineering

SWIFT Compliance

The Society of Worldwide Interbank Financial Telecommunication (SWIFT) is a cooperative founded in 1973 by members of the financial community with proprietary network.

了解更多信息

SWIFT Compliance

Synthetic Identity

Synthetic identity refers to a counterfeit identity formed by combining a mix of genuine and false information, blurring the line between physical and digital characteristics that identify a human being.

了解更多信息

Synthetic Identity

What is SOC 2?

SOC 2 is a security compliance framework developed by the American Institute of Certified Public Accountants (AICPA) to securely manage customer data within the cloud.

了解更多信息

What is SOC 2?

T

Temporary Elevated Access Management

Temporary elevated access management (TEAM) access methodology helps organizations elevate privileges for human and non-human users in real time to provide granular access to an application or system in order to perform a necessary task.

了解更多信息

Temporary Elevated Access Management

Third-Party Access

Third-party access is the process of granting external vendors and service providers secure access to IT assets for maintenance, administration and management.

了解更多信息

Third-Party Access

U

User Behavior Analytics

User behavior analytics use AI and machine learning to analyze large datasets to identify security breaches, data exfiltration and other malicious activities.

了解更多信息

User Behavior Analytics

V

Virtual Directory

A virtual directory is an Identity and Access Management architectural component that gives identity consumers a consolidated and unified view of identity management information stored in multiple disparate data repositories.

了解更多信息

Virtual Directory

W

X

Y

Z

Zero Standing Privileges

Zero Standing Privileges (ZSP) is a security principle that advocates for the removal of persistent access privileges for users within an enterprise network, the next logical progression from just-in-time access.

了解更多信息

Zero Standing Privileges

Zero Trust 零信任

零信任是一种旨在保护现代数字业务环境的战略性网络安全模型。零信任的理念为:无论是处于网络界限之内或是之外,组织都不应该自动信任任何事物。零信任模型要求,在获取访问权限之前,必须首先验证试图连接到组织系统的任何人和所有事物。

了解更多信息

Zero Trust 零信任