We frequently update our glossary with terms that may be used in our products and in our industry in general.


  • Anomaly Detection

    Anomaly detection identifies network intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.

  • Attack Signature

    These signatures reflect patterns in system or network activity that signal a possible virus or hacker attack. IPS and firewalls use these signatures to distinguish between legitimate and potentially malicious activity.

  • Botnet

    Botnet is generally used to refer to a collection of compromised machines harboring worms, Trojan horses, or backdoors under a common command and control infrastructure. A botnet's originator can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.

  • DDoS Protection

    DDoS protection is provided by any form of hardware and/or software that prevents DDoS attacks or DoS attacks from affecting network traffic and internet operations.

  • Denial of Service (DOS) attacks

    Denial of Service (DoS) attacks are designed to hinder or completely stop the normal functioning of a website, network, server or other resource. A Distributed Denial of Service attack, aka DDoS, differs from a DoS only in method. A DoS is conducted from one computer or server, whereas a DDoS is a DoS organized to occur simultaneously from a large number of computers or servers.

  • Distributed Denial of Service

    Distributed Denial of Service is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high- profile web servers, the attack aiming to cause the hosted web pages to be unavailable on the internet.

  • Distributed Denial of Service (DDoS) attack

    A Distributed Denial of Service Attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

  • Enterprise network security

    Security products to protect enterprise networks from intrusions, attacks and viruses.

  • Internal threat

    Network security threats that happen within the perimeter of an enterprise. Most security threats today are comprised of inside-the-perimeter or internal threats.

  • Internal threat protection

    The technology to protect the inside of an enterprise from botnets, DDoS, zombies, worms, viruses and unauthorized introduced unknowingly or intentionally.

  • Network Behavior Anomaly Detection

    Behavior-based anomaly detection compares a profile of all allowed application behavior to actual network traffic. Any deviation from the profile is flagged as a potential attack. Behavior anomaly detection has the potential to detect attacks of all kind – including "unknown" attacks on custom code.

  • Network Intrusion Detection

    Network intrusion detection identifies inappropriate, incorrect, or anomalous activity. Network intrusion detection systems that operate on a host to detect malicious activity on that host are called host-based intrusion detection systems, and intrusion detection systems that operate on network data flows are called network intrusion detection (ID) systems.

  • Network Intrusion Detection Prevention

    Network intrusion detection prevention is enabled by any form of hardware and/or software that detects inappropriate, incorrect, or anomalous activity.

  • Network security solution

    Security solution to protect the network from intrusions, attacks and viruses.

  • Network security technology

    Security products to protect the network from intrusions, attacks and viruses.

  • Packet floods

    Form of DDoS attack that causes Internet hosts to be unable to stop dealing with packets addressed to them. Once a host's network link becomes congested, IP routers respond to the overload by dropping packets arbitrarily, which causes a decline or stoppage in Internet service.

  • Threat remediation

    The technology required to stop a threat – an intrusion, an attack or a virus from proliferating in the network.

  • Trojans

    Trojan horses are malicious programs that damage the host system upon installation. The main distinction between viruses, worms and Trojans is that Trojans do not self-replicate.

  • Worms

    Worms are computer programs that replicate independently, but do not infect other files. Today worms use all available means of replication including LANs, the Internet, email, IRC channels, file-sharing networks, mobile phones and other transport channels.

  • Zero day attack

    Network attacks that take advantage of software vulnerabilities for which there are no available fixes. These attacks are initiated the moment the vulnerabilities are exploited by black hat hackers.

  • Zombie

    A zombie computer or a zombie for short, is a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a Trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way.