At Vehere, we believe that understanding cybersecurity begins with understanding the language. This glossary is a resource for cyber-analysts, IT professionals, and security leaders—whether in national defense or enterprise security—who need clarity on core terms shaping the future of cyberspace protection. As threats evolve, so must our vocabulary.
Explore the glossary below for quick definitions of key cybersecurity concepts, tools, and threats—trusted by those who defend Fortune 500 infrastructures and national assets alike.
Entity Behavior Analytics (EBA) is a next-generation cybersecurity approach that uses machine learning, statistical models, and advanced analytics to monitor and understand how non-human actor such as servers, cloud resources, IoT devices, applications, and service accounts normally behave.
An Intrusion Prevention System (IPS) is a network security solution that detects and blocks known and unknown threats in real time. Unlike Intrusion Detection Systems (IDS), which only monitor and alert, IPS tools are proactive and automated, capable of disrupting malicious traffic as it traverses the network.
Network packet capture is the process of recording data packets as they travel across a network. It is used to troubleshoot performance issues, monitor traffic, and detect security threats.
Packet Capture (PCAP) is the process of intercepting and logging network traffic as it passes through a digital network. At its core, PCAP records the raw data packets, the smallest units of communication across networks, allowing administrators, analysts, and security tools to analyze them for performance monitoring, troubleshooting, and threat detection.
Security Information and Event Management is a cybersecurity solution that helps organizations detect, investigate, and respond to security threats in real time. SIEM works by collecting and analyzing data (logs and events) from across an organization’s IT infrastructure like firewalls, servers, applications, and endpoints.
A Security Operations Center (SOC) is a centralized unit responsible for managing an organization’s information security. It combines people, processes, and technologies to protect digital assets through continuous monitoring, threat detection, and incident response. Think of the SOC as the nerve center of your organization’s cybersecurity posture, a command center where skilled analysts oversee real-time threats and orchestrate swift defensive actions.
Anomaly detection is the process of identifying data points, events, or patterns that deviate significantly from what is considered normal or expected behavior. These unusual observations are often referred to as anomalies.
Behavioral analytics is the study of user and system activity patterns over time. It analyzes what users typically do, when they log in, what files they access, what commands they run and then watches for abnormal behavior that could indicate a threat.
Heuristic analysis is a cybersecurity detection method that focuses on uncovering malicious activity by evaluating programs, files, or network behaviors for suspicious characteristics or actions, rather than just matching them to a database of known malware signatures.
Hybrid Network Monitoring is an approach that combines on-premises network monitoring and cloud-based monitoring into a single, integrated solution. This ensures that organizations can see every part of their network from internal traffic between servers (east–west) to traffic entering or leaving the network (north–south), without blind spots.
Learn how lateral movement enables stealthy attacks and how Machine Learning and Network Detection & Response (NDR) help detect and stop them in real time.
Machine Learning (ML) is a powerful subset of Artificial Intelligence (AI) that enables systems to learn from data, identify patterns, and make intelligent decisions without being explicitly programmed.
Network Detection and Response (NDR) is a cybersecurity solution that continuously monitors network traffic in real time to detect malicious activities.
Signature-based detection is a foundational method in cybersecurity used to identify and mitigate malicious threats based on unique identifiers or “signatures.” These signatures are distinctive patterns, such as byte sequences, code fragments, command strings, or behavioral footprints that are characteristic of specific malware, attack methodologies, or vulnerabilities.
The MITRE Framework, more formally known as MITRE ATT&CK, is a globally accessible knowledge base of cyber adversary tactics, techniques, and procedures (TTPs) based on real-world observations. It was developed by the MITRE Corporation, a U.S.-based nonprofit that operates federally funded research and development centers (FFRDCs). The framework helps cybersecurity professionals understand how attackers behave, enabling them to build better detection, defense, and response strategies.