Glossary of security terms


App embedded networking

App embedded networking is an approach where the application controls the network. Network SDKs enables applications to get zero trust , software defined perimeter security and high performance from any internet connection. Apps are able to spin up private, application-specific networks accessible from any internet connection.


Authorize before connect is a protocol used to validate the identity of anyone who attempts to gain access to a network so as to establish secure connection. Each endpoint uses X where all requests must be authenticated before the connection is permitted. Strong authorization is required and other endpoints are denied access to the overlay network. This authenticate before-connect security paradigm is becoming a best practice with advocates including the Cloud Security Alliance (“Software Defined Perimeter”), US Defense Information Systems Agency (“black cloud”), and Google (“Beyond Corp”).

Bootstrapping Trust

Bootstrapping trust is a concept that gives the ability to create chains of trust and allows distributed systems to scale without having to reconfigure each node every time the system grows or shrinks.
Here is how OpenZiti provides Bootstrapping trust.

Certificate Authority

Certificate authority is a trusted entity that signs, stores, revokes and issues digital certificates that are used to secure the communication in a network. This ensures the validity of each other's identities and authorities in order to help secure connections over the internet for organizations and users. CAs are commonly used in signing certificates in HTTPS to validate the authenticity of a domain or a website.


Cloud refers to the virtual ecosystem to store and access any data, shared resources, etc. It's a remote server where services are delivered over the internet. It allows anyone to share and use digital resources via networks and without physical restrictions. Read here how NetFoundry helps accelerate cloud migration by connecting & scaling without complex VPNs or private circuits.

Cloud Migration

Cloud migration refers to the process of transferring business assets, resources, applications, operations, and infrastructure to the cloud. It could also refer to moving from one cloud to another.
Cloud migration became a trend during the pandemic and in this digital transformation era. The goal is for businesses to be more flexibile and agile as well as to easily adapt to fast moving technology innovations.
Cloud migrations made simple with NetFoundry.

Container Security

Container security is a vital process implemented to secure containerised applications and other resources. It means protecting container hosts, application layers, platform, infrastructure, etc which will help mitigate risks and reduce vulnerabilities on attack surfaces.


Cybersecurity is a collaborative term that includes policies, practice, measures to protect computer systems, users and organizations against unauthorized access or attacks. It's typically carried out in programs to enforce security in the whole organization. The purpose is to identify vulnerabilities and mitigate risks in order to avoid any losses.
Here's how NetFoundry helps businesses improve protection from cyber threats while maintaining business velocity

DDoS (Distributed Denial-of-Service)

E2E encryption is a communication method that prevents third parties and potential eavesdroppers from being able to read data and secretly modify it other than the true sender and recipient. Only the endpoints are capable of decrypting and reading the message. This security method can help secure data against cyber attacks.


DevOps is a unified term for development and operations. It aims to shorten the software development lifecycle where applications and services are delivered faster using combined philosophies, practices and tools. With the rise of companies shifting to multi-cloud strategy, DevOps is becoming a culture that encourages both teams to work together in order to innovate faster and for customers to get the best value.
Automation, Agility, Simplicity & Secure DevOps with NetFoundry Zero Trust


DevSecOps is a collaborative practice that involves development, security, and operations. It introduces security in all phases of the software development process and integrates a shared responsibility throughout the entire lifecycle. It enables continuous integration and delivery to scale and innovate faster.
Watch this video to know how NetFoundry implements DevSecOps by taking DevOps Tooling To The Dark Side


Domain Name System (DNS) is the decentralised naming system for computers, laptops, smartphones and other resources connected via the internet. It acts as a directory of the internet which matches the domain name with their corresponding IP addresses. This helps us reach the correct sites without memorizing a string of numbers.

E2E Security

E2E encryption is a communication method that prevents third parties and potential eavesdroppers from being able to read data and secretly modify it other than the true sender and recipient. Only the endpoints are capable of decrypting and reading the message. This security method can help secure data against cyber attacks.


Endpoint refers to devices such as laptops, smartphones, IoT devices, and other resources that connects to a network. Any devices connected to a network that exchange data are considered endpoints. Endpoints could be an entry point for malicious actors and cyberattacks which is why businesses implement security strategies to protect endpoints from such threats.
Read to know how NetFoundry helps secure any endpoint.

Hybrid Cloud

Hybrid cloud is an IT architecture that combines public cloud and private cloud or on premise infrastructure. It blends the best parts of on-premises and cloud storage systems which results in a unified and flexible distributed computing environment. It helps in moving workloads freely between public and private clouds.

IaC(Infrastructure as Code)/IaC Security

Infrastructure as code refers to process of provisioning and managing cloud resources as well as automating deployment process via codifying the cloud infrastructure. IaC security refers to the practice of securing the configurations and deployments in the apps, cloud, and infrastructure. It aims to detect, correct and prevent security challenges within the IaC.


Identity is a token or identifier claimed in the cyber space used for an individual, organization, application, electronic device etc. Each identity is unique within a given scope. Networks and systems rely on these identities in order to allow or deny access and ensure security across the whole organization. NetFoundry utilizes x509 to implement identity within our overlay network. This is done via a process called bootstrapping trust. NetFoundry also has integrations to external identity providers such as Azure and Microsoft Active Directory.

IoT (Internet of Things)

Internet of Things (IoT) refers to any devices or resources connected to the internet. Some examples of IoT devices are smartphones, smart watches, smart TVs, IP cameras and a lot more. This means every connected device gathers data and sends it through the internet for processing.

IIoT (Industrial Internet of Things)

Industrial IoT (IIoT) refers to the use of network connected devices and applications to manage, optimise and automate processes in industrial settings such as manufacturing, energy, transportation, etc. It involves strong focus on big data analytics, machine learning, and machine to machine communication which help enterprises to have better reliability and efficiency in their operations.

Least-Privilege Access

Least-Privilege Access refers to a security concept wherein a user is given the minimum level of rights needed for a certain role or task. Every process, program, user must only be able to access necessary resources and information. Minimum access is granted only for its legitimate purpose. This is considered a cybersecurity best practice that is enforced to protect high value data and assets from unauthorized access and misuse.

Link Security

Link security is a technique used in communications security where all traffic are encrypted and decrypted at every stage or node until its final destination. The goal is to prevent traffic analysis and reduce the risk for human errors.


Micro-segmentation is a network security method that is best used to reduce the attack surface and stop data breaches by managing network access between workloads. With this technique, network administrators can uniquely identify each resource and define necessary control of data traffic. Micro-segmentation is also considered as the foundation when implementing a zero trust approach for application workloads in the cloud and data centers.

Multi Factor Authentication(MFA)

MFA stands for Multi Factor Authentication. It is a type of authentication that requires two or more verification factors before they are able to access online accounts, applications, resources and etc. It is a core component of a strong Identity and Access Management policy which aims to enhance the organization's security and decrease the likelihood of a successful cyberattack. Explore how NetFoundry provides Multi Factor Authentication Posture Check

Mutual Transport Layer Security (mTLS)

Mutual Transport Layer Security (mTLS) is a method of mutual or two-way authentication which is often used in the Zero Trust security framework to verify both parties using their public/private key pair. This ensures that both directions between the client and the server are secure and trusted. It also helps secure APIs and eliminate security vulnerabilities.

Multi-Access Edge Computing (MEC)

Multi-Access Edge Computing (MEC) is a network architecture concept that aims to significantly reduce latency and network congestion as well as improve customer experience by bringing technology resources closer to the end user. It provides cloud computing capabilities and an IT service environment at the edge of the network moving away from datacenters for better network operations and application delivery. Explore NetFoundry Zero Trust Edge WAN for Azure MEC.


Multi-cloud means multiple public clouds or a combination of several different public and private clouds. It refers to the distribution of workloads, applications, software, assets across different environments. This is also a prominent strategy for enterprises wanting to accelerate in the digital transformation era. Multi-cloud drives innovation, better resilience, flexibility and optimized performance. Learn how NetFoundry Zero Trust Multi-cloud networking facilitates connections from anywhere to anywhere, replacing VPNs and MPLS.


MITRE is best known as MITRE ATT&CK. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. It is a framework and repository of globally recognized tactics and techniques used by security teams and organizations. This could have different meanings depending on context but simply put, it is a knowledge base collected from real world cyberattacks that defines procedures, tactics and techniques. It is commonly used as a foundation in developing threat models and methodologies to enhance cybersecurity defenses and gain insights on the attack behaviors. Read how bad actors identify and research ransomware targets

Operational Technology (OT) Security

OT security refers to the practice of securing the full stack of industrial hardware and software systems, processes, and networks from attacks. It aims to monitor, detect, and control the critical infrastructure, devices, processes, and events.


OpenZiti is a free and open source project focused on bringing zero trust to any application. The project provides all the pieces required to implement or integrate zero trust into your solutions:
1. The overlay network
2. Tunneling Applications for all operating systems
3. Numerous SDKs making it easy to add Zero Trust concepts directly into your application
Ziti makes it easy to embed Zero Trust, programmable networking directly into your app. With Ziti you can have Zero Trust, high performance networking on any Internet connection, without VPNs.

Policy As Code

Policy-as-Code is a popular method of writing codes using a high level language to manage, control and automate policies. Policies are decoupled from the app, service etc so any changes can be done independently without affecting the other components. Policy as code is usually enforced in application security testing. It has critical benefits in improving security operations, compliance and data managegement, etc.

Port Scan

Port scan is the method of checking the network ports and recording the status whether it is open, closed, or filtered. This helps identify security policies within a network as well as it's vulnerabilities. Port scan is also considered as a useful step for cyber attackers when planning an attack. It gives them essential information about the target environment including potential weak entry points.

Posture Check

Posture check is a way to get clearer visibility on the company's cybersecurity strength by assessing critical resources such as software, hardware, services, networks, data , etc. It helps organizations evaluate their strengths and weaknesses then be able to refine their cybersecurity defenses. Posture check is vital in building a long term security strategy and aid in mitigating risks and threats. Here's how NetFoundry creates and manages Posture Checks

Purdue Model ICS Security

Purdue Model ICS Security is an architecture model designed for the industrial network segmentation. It is used to divide the ICS architecture into two zones - Information Technology (IT) and Operational Technology (OT) then group the system components into distinct layers. This helps in securing both IT and OT networks and preventing lateral movement and lateral infection.

Remote Access

Remote access enables authorized users to access systems, applications and resources from anywhere outside the organization via a network connection. It allows end users to be productive such as utilizing internal applications, file sharing, mail services through their company network regardless of location. This is widely enforced on remote and hybrid work setup and is expected to stay for a long time. Adopting a secure remote access has been a priority for almost every organization. NetFoundry Remote Access For Business Continuity Management.

Remote Access Virtual Private Network

Remote Access VPN is a solution that uses encryption along with other security measures to secure connection between remote workers and the company network . It works by creating a virtual "private" tunnel to send encrypted data back and forth over the public internet. This means remote employees will be given access to their company's network from home or anywhere that has internet access. It allows users to access company data and resources securely as if they are in the office.

Software Defined Perimeter

Software defined perimeter (SDP) is a security model that provides necessary access to company resources based on identity. Network boundary is based on software instead of hardware. It is considered a VPN alternative that makes the servers and other infrastructure invisible from the outside and prevents unauthorized access. Regardless of where users are and whether assets are in the cloud or on-premises, SDP works by granting connection requests only to those verified users and devices to reduce risks to endpoints. Unshackle Your Network with NetFoundry.

Secure Remote Access

Secure Remote Access is a collaborative term for security solution, practices, and technologies that are used to protect the network, applications and other resources from any potential risks. It also allows employees to securely manage and access corporate data and systems regardless of their location.

Serverless Security

Serverless refers to a cloud native development model that enables developers to create and deliver apps without managing servers. Servers are abstracted away from app development while deploying code as functions. The goal is to speed up the development process. Serverless security is an approach to add another layer of protection applied directly to the applications by securing the code functions. It also focuses on boosting security policies, posture and behavioral protection.

SSH - Secure Shell Protocol

SSH is a security protocol that every developer and administrator utilizes for connectivity to computers and servers. It provides a secure shell for login from one computer to another. SSH needs access to the SSHD port before starting the authentication process which requires the port to be exposed to the network, exposing it to attack. SSH also allows access via public key cryptography meaning an administrator can log onto the machine and “add a key” to a file that grants a user access. After a user leaves the company or becomes no longer authorized to access a server - this key needs to be removed from the system in order to deny access to the machine.
Read this article that explains how you can transform you your SSH connection with NetFoundry ZSSH - ZERO TRUST SSH

VoIP - Voice over Internet Protocol

VoIP is an acronym for voice over internet protocol which encapsulates a set of software and hardware protocols which facilitate the reception and transmission of real-time voice communication over the internet. In simpler terms, VoIP is a digital system that enables users to communicate over the internet and not the conventional wired Public Switched Telephone Network (PSTN.)VoIP provides end-users with powerful performance and enhanced features and thus has achieved widespread adoption by business and enterprises to cater to large call volumes, remote users, etc.
Learn how NetFoundry can help mitigate DDOS and DOS attacks on VoIP

VPC - Virtual Private Cloud

A virtual private cloud (VPC) is an isolated private cloud environment that is normally secured and hosted inside another cloud. This cloud that hosts the VPC is a public cloud. VPC environments are utilized by enterprises for testing and execution of applications, hosting and maintaining websites and for creation and maintenance of databases. In essence virtual private cloud or VPC is a technique for cloud resource-sharing. VPC will ensure security and data operations throughput like a private cloud, even if you use any crowded public cloud environment. In simpler terms, VPC retains bandwidth in a occupied and busy public cloud environment. Thus, VPC reserves a certain percentage from the public cloud’s computing power for exclusive use. Therefore, it is possible to gain data isolation that is typically available in a private cloud environment along with the scalability and flexibility of a public cloud.
Here is a look at how the introduction of VPC (Virtual Private Cloud) transformed the virtual cloud.

VPN - Virtual Private Network

A virtual private network can be defined as a technology that facilitates creation of a secure and encrypted connection on top of an unprotected network(i.e. Internet). This helps in extending/connecting local private networks to one another over a public network.VPNs are extensively used by governments, organizations and businesses of all sizes to safeguard themselves from data interception when establishing remote connections.


Webhook is a function in web development that is driven by events rather than requests. These are automated messages sent from apps to a unique URL. It is considered as reverse APIs as they put the responsibility of communication on the server, rather than the client. Webhooks can also be used to trigger Infrastructure-as-code workflows.
Zero Trust meets webhook security - explore with NetFoundry.


x.509 is a standard format for public key certificates that is widely used in internet protocols for authenticated and encrypted web browsing, digital signatures, client authentication, etc. Each certificate has a private key that can generate encryption and can only be decrypted by its public key pair. x.509 also enables organizations to have role-based access and designated certificate attributes. It can be used as an authentication method replacing passwords for different resources.

Zero Trust

The basic definition of Zero Trust is a cybersecurity paradigm that encapsulates identity verification and explicit permission for all entities(end-users, computing device, web service, or network connection) irrespective of the fact that they are part of the network. Essentially assuming no trust on them. Zero Trust is an approach by which we try to make things secure by design. With that principle as our North Star, the architectural aspects become rather simple, and in fact are widely used in other areas of cybersecurity: Zero Trust and its principles are recognized as a core foundation for modernizing security to counter cyberattacks.

Identify, authenticate and authorize before data flows are permitted. All doors (e.g. firewalls) are closed to all other flows, or even invisible to other flows, even if those flows are considered “inside” or “internal” (this concept is where the Zero Trust label is derived from…don’t trust networks, firewalls, etc.). This is particularly important in a supply chain because any vulnerability, anywhere in the supply chain, can cascade throughout the chain if we don’t take this approach.

Even for properly authorized data flows, only grant least privileged access. This can be at a the level of an individual application, or at the granularity of a specific service within an application. This helps isolate or contain any damage (we should assume that any architecture can and will be breached). This is again incredibly important in a supply chain. Most vendors or business partners in a supply chain do not need access to entire VPNs or networks. Restricting this access by definition restricts the ability of any infections (ransomware etc.) to spread.

Prioritize visibility, controls and policies. This includes eliminating infrastructure and configurations which block our visibility, as well as processes and org cultures such as DevOps, SecOps, DevSecOps and NetOps which put security into the heart of our development and delivery lifecycle (the ultimate degree of secure by design).
Explore NetFoundry Simplified Zero Trust

Zero Trust Architecture

Zero Trust Architecture is the architecture or structure devised to apply zero trust principles in a setup or enterprise environment. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) describes Zero Trust Architecture as “An enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan.”
Use NetFoundry to immediately solve your most important cybersecurity vulnerabilities

Zero Trust Network Access

Zero Trust Network Access (ZTNA) describes a set of controls and configurations that takes security to the next level, to deal with the changes and evolutions of networks today. There are many definitions of ZTNA. The USA National Institute of Standards and Technology (NIST) publication 800-207 provides a very good one, with multiple architectures, and other information. Zero trust architectures advocate that we can no longer trust access just because it is "inside" our network. Today, our networks are more diverse and distributed than ever before, extending into multiple clouds, multiple geographies, and must be accessible by remote users connecting from anywhere over any connection (often unsecure). All of this makes maintaining the security of network operations of a business very difficult. Managing updating/patching and 24x7 monitoring of the security of all our information assets and legacy network systems is complex. Complexity increases the chance of oversights and mistakes that can be exploited by attackers.
Discover how NetFoundry Zero Trust Network Access (ZTNA) prevents the spread of ransomware and other malware.

Zero Trust Application Access

Zero-trust application access (ZTAA) is a vital part of a SASE framework which depends on the zero trust security model. ZTAA is application-centric where it provides targeted application protection from cybersecurity threats. It grants users access onto specific applications that matches their risk profile and company role.
Zero-trust application access enables organizations to give custom access to employees via agent or directly from their browser. It also provides better visibility and centralized traffic monitoring as well as users activities.

Zero Trust Edge

Zero Trust Edge is based on zero-trust network security principles which uses the ZTNA model for user authentication and device connection. It brings networking and security technologies together regardless of the users location both on-premise and in the cloud. This is a widely used strategy especially for organizations that has hybrid / remote workforce and wants to move away from VPN.


Ziggy is our OpenZiti Project's mascot. Ziggy is designed based on Italian pasta called 'ziti'. Ziggy is the type of pasta who is happy to share his secrets with trusted people. He can help to give your app superpowers by embedding zero trust directly into your application using OpenZiti.
Learn more about Ziggy.


"Zitification" or "zitifying" is the act of taking an application and incorporating a Ziti SDK into that application. Once an application has a Ziti SDK incorporated into it, that application can now access network resources securely from anywhere in the world provided that the computer has internet access: NO VPN NEEDED, NO ADDITIONAL SOFTWARE NEEDED.
Explore Zitifications here.