Glossary

Cut through the cybersecurity jargon—our glossary makes complex identity and security terms clear, practical and easy to understand.

A-F
G-L
M-R
S-Z

Most popular

Identity Security

Identity Security is the discipline of protecting digital identities—human and non-human—from unauthorized access, abuse, and compromise.

Read more

New post

Cyber Insurance

Insurance designed to protect individuals or organizations from financial and operational losses caused by cyber events.

Read more

A-F

Access Management

The policies and controls that authenticate users and authorize exactly what they can do across apps, systems, and data.
Read more

Active Directory

Active Directory (AD) is Microsoft’s centralized directory service that organizes and manages user accounts, computers, groups, and other network resources, streamlining authentication, authorization, and administration in networked environments.
Read more

Adaptive Authentication

A dynamic security method that uses contextual signals like device, location, and user behavior to determine whether additional authentication is needed for access.
Read more

Adaptive Multi-Factor Authentication

A risk-based authentication system that evaluates login context using AI and machine learning, prompting for extra factors only when a request is deemed high‑risk.
Read more

Air-Gapped Network

A highly secure, physically isolated network with no external connectivity, used to safeguard highly sensitive systems in sectors like defense and critical infrastructure.
Read more

Attack Surface

The comprehensive set of digital and physical vulnerabilities and entry points through which an attacker might gain unauthorized access to a system or network.
Read more

Attack Surface Management

The ongoing process of discovering, monitoring, and reducing an organization’s vulnerabilities and exposed assets to shrink its attack surface.
Read more

Azure AD

Microsoft’s cloud-based identity and access management service offering single sign-on, multifactor authentication, and integration with on‑premises Active Directory for hybrid identity solutions.
Read more

Cloud IAM Permissions

Fine-grained, cloud-provider rules that define which identities can perform which actions on specific cloud resources.
Read more

Cloud Infrastructure Entitlements Management (CIEM)

A security discipline that discovers, rightsizes, and governs excessive permissions across multi-cloud environments to reduce identity risk.
Read more

Compromised Credential

Login details—such as usernames and passwords—that have been stolen or exposed and can be misused for unauthorized access or lateral movement attacks.
Read more

Credential Access

A stage in the cyberattack lifecycle where adversaries obtain legitimate credentials to impersonate users and bypass security controls.
Read more

Credential Stuffing

A cyberattack technique where automated tools test stolen or leaked credentials across multiple services to gain unauthorized access due to reused login details.
Read more

Credential Theft

The act of stealing login credentials through methods like phishing, malware, brute-force attacks, or data breaches, allowing unauthorized access and potential lateral movement.
Read more

Cyber Insurance

Insurance designed to protect individuals or organizations from financial and operational losses caused by cyber events, such as data breaches or attacks, through first-party and third-party coverage.
Read more

Cyber Security Compliance

Adherence to laws, regulations, and standards (e.g., HIPAA, GDPR, PCI DSS, SOX) governing how sensitive data must be handled and protected.
Read more

Directory Service

A centralized database and protocol set (e.g., LDAP, AD) that stores identities and enables authentication and lookups for networked resources.
Read more

DtHash (Okta)

An Okta dynamic token hash/identifier used in authentication workflows that, if exposed or misused, can be abused for unauthorized session access.
Read more

G-L

Honeypot Account

A decoy user account planted in a system solely to entice attackers and instantly alert the security team when accessed, enabling early breach detection.
Read more

Identity and Access Management (IAM)

A framework of policies, processes, and technologies for creating, managing, authenticating, and authorizing digital identities to ensure that the right users access the right resources at the right times.
Read more

Identity as a Service (IDaaS)

Cloud-hosted IAM delivering SSO, MFA, and user lifecycle capabilities without on-prem infrastructure.
Read more

Identity Fabric

A unified, interconnected IAM architecture that dismantles siloed identity systems to centrally coordinate provisioning, authentication, and access governance across hybrid environments.
Read more

Identity Governance and Administration (IGA)

Processes and tools that govern who should have access, certify entitlements, and automate provisioning/deprovisioning to maintain compliance.
Read more

Identity Infrastructure

The collection of systems, authentication mechanisms, and access control policies enabling secure creation, verification, and management of digital identities within an organization.
Read more

Identity Lifecycle Management

The end-to-end automation of creating, modifying, and removing digital identities and their access as people join, move, and leave.
Read more

Identity Protection

Measures and proactive monitoring aimed at safeguarding individuals’ personal data and accounts from theft, fraud, or unauthorized use.
Read more

Identity Provider

The trusted service that authenticates users and issues tokens/assertions consumed by applications for access.
Read more

Identity Security

Identity Security is the discipline of protecting digital identities—human and non-human—from unauthorized access, abuse, and compromise.
Read more

Identity Security Posture Management

The continuous process of auditing and strengthening IAM environments—such as user access, authentication methods, and entitlements—to remediate vulnerabilities and reduce identity risk.
Read more

Identity Segmentation

A cybersecurity strategy that isolates users into groups based on roles, attributes, or behavior in order to enforce least‑privilege access and minimize lateral movement risks.
Read more

Identity Threat Detection and Response

A security approach that monitors and analyzes identity‑related activities to detect credential theft, privileged misuse, or lateral movement, triggering automated and manual responses to contain threats.
Read more

Identity Threat Exposure

Security weaknesses—such as misconfigurations, outdated identity systems, or exploitable built-in features—that expose organizations to identity-based threats like credential theft, privilege escalation, or lateral movement.
Read more

Identity Verification

The process of validating that an individual is who they claim to be, often through document checks, biometrics, knowledge-based methods, or multifactor authentication, to prevent fraud and ensure secure access.
Read more

Identity Zero Trust

A security model where no identity—whether of users, devices, or apps—is inherently trusted; instead, every access request is individually verified with strong identity validation and granular controls.
Read more

Identity-Based Attack

Cyberattacks that exploit compromised credentials to misuse legitimate authentication paths, enabling attackers to evade detection and access both on‑premises and cloud resources.
Read more

Kerberoasting

A stealthy AD attack where adversaries request Kerberos Ticket Granting Service (TGS) tickets for service accounts, then crack them offline to reveal service account credentials.
Read more

Kerberos Delegation

A Kerberos mechanism that allows services to act on behalf of authenticated users to access other services, with variants—unconstrained, constrained, and resource-based—offering differing levels of security control.
Read more

Lateral Movement

A tactic used by threat actors to stealthily navigate across compromised systems within a network, escalating privileges and reaching high-value assets while avoiding detection.
Read more

M-R

Machine Identity

The digital credentials (such as certificates, cryptographic keys, and service account accounts) assigned to devices, applications, and services, enabling trusted and authenticated machine-to-machine interactions.
Read more

MFA Fatigue

A vulnerability where users become overwhelmed by constant multi-factor authentication prompts, potentially leading to inadvertent approval of fraudulent access attempts.
Read more

MFA Prompt Bombing

A targeted attack in which adversaries flood users with authentication requests to wear them down into approving false login attempts.
Read more

Microsoft Entra ID

Microsoft Entra is a suite of identity and access management (IAM) products offered by Microsoft, designed to help organizations manage and secure access to applications and resources across their digital environments.
Read more

MITRE ATT&CK Framework

A globally recognized knowledge base of adversarial tactics, techniques, and procedures used to simulate, understand, and defend against cybersecurity threats.
Read more

Multi-Factor Authentication (MFA)

A security measure requiring two or more distinct forms of identity verification—such as a password plus a token or biometric—for user authentication.
Read more

Non-Human Identity

Digital identities assigned to systems, bots, or services rather than people—like service accounts or automated agents—that require management and protection just like human identities.
Read more

Nudge Security Strategy

A behavioral approach that uses timely prompts and defaults to steer users toward secure actions without adding friction.
Read more

OIDC (OpenID Connect)

A modern identity layer atop OAuth 2.0 that standardizes user authentication and profile exchange with signed JSON tokens.
Read more

Open Authorization (OAuth)

A delegated authorization framework that lets apps access resources on a user’s behalf without sharing passwords.
Read more

Passwordless Authentication

Verifying users with phishing-resistant factors like passkeys, biometrics, or hardware tokens instead of passwords.
Read more

Principle of Least Privilege

A security principle where users and systems are granted only the minimal access levels necessary to perform their functions, limiting potential misuse or compromise.
Read more

Privilege Escalation

A type of attack in which an adversary acquires higher access controls—either by exploiting bugs or misconfigurations—to perform unauthorized operations.
Read more

Privileged Access Management (PAM)

Technologies and policies that manage and monitor elevated-level user access (e.g., administrators), enforcing strict controls and reducing security risk.
Read more

Privileged Account

An account with elevated permissions (such as administrator or root access) that allows extensive control over systems and data—making it a high-value target for attackers.
Read more

Prolific User

A user who frequently accesses multiple systems or performs numerous actions, often generating high volumes of identity activity that may require monitoring for anomalies.
Read more

PsExec

A Windows command-line tool used for executing processes on remote systems, commonly leveraged by attackers for lateral movement and remote code execution in network breaches.
Read more

Ransomware

Malicious software that encrypts an organization’s data or systems and demands a ransom to release the decryption key, often coupled with extortion tactics.
Read more

Risk-based Authentication

A dynamic authentication method that assesses contextual risk factors—such as location, device, and behavior—in real time and adjusts authentication strength accordingly.
Read more

S-Z

SAML

An XML-based standard for exchanging authentication and authorization assertions between an IdP and a service provider to enable SSO.
Read more

Service Account

A non-human identity used by applications, services, or automated processes to interact with systems—often needing stringent security oversight.
Read more

Unconstrained Delegation

A Kerberos delegation type that allows a service to act on behalf of a user to any other service, posing significant security risks if misused.
Read more

Unified Identity Protection

A consolidated security approach that provides centralized visibility and automated safeguards across all identity types—human and machine—to detect and respond to threats universally.
Read more

User Account

A digital identity representing a specific person—used to authenticate and control access to systems, applications, and data.
Read more

User Authentication

The process of verifying an individual's claimed identity (e.g., via passwords, tokens, or biometrics) before granting access to systems or resources.
Read more

Zero Trust

A cybersecurity framework that eliminates any implicit trust within a network by continuously verifying every user and device, enforcing least-privilege access, micro-segmentation, and automated threat response to proactively minimize breaches and lateral movement.
Read more

We dared to push identity security further.

Discover what’s possible.

Set up a demo to see the Silverfort Identity Security Platform in action.

Get a demo