SASE & SSE Glossary

The practice of protecting application programming interfaces from abuse, unauthorized access, and data exposure, covering authentication, rate limiting, schema validation, and runtime threat detection.

A software architecture built from the ground up for cloud environments using microservices, containerization, and elastic scaling, as opposed to legacy appliances virtualized and hosted in the cloud.

A tool that continuously monitors cloud infrastructure (IaaS, PaaS) for misconfigurations, compliance violations, and security risks by comparing resource configurations against security benchmarks and best practices.

A monitoring capability that measures end-to-end application performance from the user's perspective, identifying degradation across endpoint, network, and application layers.

A set of technologies that detect and prevent unauthorized transmission of sensitive data by inspecting content at rest, in motion, and in use against predefined and custom data patterns.

A security layer that analyzes and filters DNS queries and responses to block connections to malicious domains, prevent DNS-based data exfiltration, and disrupt command-and-control communications.

EU regulation requiring financial entities to implement comprehensive ICT risk management, incident reporting, digital operational resilience testing, and third-party risk management.

An endpoint security platform that continuously monitors endpoint activity, detects suspicious behavior, and provides investigation and response capabilities for threats that bypass preventive controls.

A cloud-delivered next-generation firewall that provides IPS, application control, and threat prevention without on-premises hardware, typically running in the provider's PoPs.

US federal law that mandates security and privacy protections for protected health information (PHI), with specific technical safeguards that SASE platforms can enforce.

The framework of policies, processes, and technologies that manages digital identities and controls what resources each identity can access across an organization's systems.

The technique by which attackers move from an initially compromised system to other systems within a network, escalating privileges and expanding access to reach high-value targets.

An authentication method requiring two or more independent verification factors (something you know, have, or are) to prove identity before granting access.

A security technique that divides a network into granular segments, enforcing least-privilege access policies between individual workloads rather than relying on broad network perimeters.

A WAN transport technology that routes traffic using short path labels rather than IP addresses, providing predictable latency and guaranteed bandwidth through provider-managed circuits.

A company that remotely manages a customer's IT infrastructure and end-user systems, increasingly delivering SASE as a managed security service with multi-tenant platforms.

A software architecture where a single platform instance serves multiple independent customer organizations (tenants) with isolated data, policies, and configurations.

A technology that enforces security policies on devices attempting to connect to a network, controlling access based on device identity, health, and compliance status.

EU directive expanding cybersecurity requirements to more sectors and imposing stricter incident reporting, risk management, and supply chain security obligations with personal liability for management.

A security discipline and set of tools that control, monitor, and audit access for accounts with elevated privileges, such as system administrators, database administrators, and service accounts.

A set of security standards for organizations that handle cardholder data, requiring network segmentation, access controls, encryption, and monitoring — all addressable through SASE.

A geographically distributed data center operated by a SASE/SSE provider where security inspection and traffic optimization occur as close to the user as possible.

A technology that executes web content in a remote, disposable environment and streams only safe rendered output to the user's browser, preventing web-borne threats from reaching the endpoint.

A security framework that dynamically creates one-to-one network connections between users and resources, making application infrastructure invisible to unauthorized users.

The use of unsanctioned applications, cloud services, and devices by employees without the knowledge or approval of the IT or security team.

A platform that aggregates, normalizes, and correlates security event logs from across the enterprise, providing real-time alerting, historical analysis, and compliance reporting.

A platform that automates security operations workflows by orchestrating actions across multiple security tools, enabling standardized incident response through predefined playbooks.

A centralized function or team responsible for monitoring, detecting, analyzing, and responding to security incidents using a combination of technology, processes, and people.

A cloud or on-premises proxy that inspects all web-bound traffic for malware, enforces URL filtering policies, and prevents data exfiltration over HTTP/HTTPS.

Curated, actionable information about current and emerging threats, including indicators of compromise (IoCs), attacker tactics, techniques, and procedures (TTPs), and contextual analysis that informs security decisions.

The process of decrypting TLS-encrypted traffic at a proxy, inspecting the plaintext content for threats and policy violations, and re-encrypting it before forwarding to the destination.

A security analytics approach that baselines normal user and device behavior, then uses statistical models and machine learning to detect anomalies indicative of compromised accounts, insider threats, or policy abuse.

A security platform that correlates telemetry across endpoints, network, cloud, email, and identity sources to detect multi-stage attacks and provide unified investigation and response.