Cybersecurity Glossary

Plain-English definitions for the security terms behind HailBytes SAT and HailBytes ASM. Skim it, link it, or use it to settle internal debates about what “attack surface” actually means.

Attack Surface Management (ASM)

The discipline of continuously discovering, inventorying, and monitoring the externally reachable assets an organization exposes to the internet — subdomains, IPs, ports, services, certificates, and the vulnerabilities on each. ASM differs from a one-shot pen test in that it runs continuously and surfaces drift as the attack surface changes. HailBytes ASM is reNgine deployed as a managed service in your AWS or Azure account.

Breach & Attack Simulation (BAS)

Automated platforms that emulate adversary techniques (lateral movement, privilege escalation, data exfiltration) against your own environment to test detection and response. BAS overlaps with red-team exercises but is continuous and developer-friendly. Distinct from phishing simulation, which targets people rather than infrastructure controls.

Bug Bounty

A program in which a company pays external researchers for responsibly disclosed vulnerabilities. Bug-bounty hunters lean heavily on continuous reconnaissance to find scope drift — new subdomains, exposed admin panels, forgotten staging environments — before defenders do. See bug-bounty recon tutorial.

Continuous Monitoring

Running scans, enumerations, or training cycles on a recurring schedule rather than at a single point in time. The premise is that attack surfaces and human risk both drift between point-in-time assessments, and the gap between assessments is where breaches happen.

CVE (Common Vulnerabilities and Exposures)

The public catalog of disclosed software vulnerabilities, each with a unique CVE-YYYY-NNNNN identifier maintained by MITRE. ASM tools fingerprint software versions on discovered assets and cross-reference CVEs to flag known-vulnerable services.

DMARC, SPF, DKIM

Three DNS-based email authentication standards that work together to prevent spoofing of your sending domain. SPF lists which IPs are allowed to send for your domain; DKIM cryptographically signs outgoing mail; DMARC tells receivers what to do when SPF or DKIM fails (and where to send reports). Configuring all three is a prerequisite for phishing-simulation deliverability — see the SMTP setup tutorial.

ELv2 (Elastic License v2 / Source Available)

A non-OSI license that lets users read, modify, and redistribute source code for any purpose except offering the software as a hosted service that competes with the original vendor. HailBytes ships under an ELv2-style source-available model: customers get full source visibility for security review and self-hosting, vendors can’t resell the platform as their own SaaS.

HIPAA

U.S. law (Health Insurance Portability and Accountability Act) requiring organizations handling protected health information (PHI) to maintain administrative, physical, and technical safeguards. Security awareness training and documented phishing-simulation programs are common evidence for HIPAA Security Rule §164.308(a)(5).

ISO 27001

International standard for information-security management systems. Annex A control A.7.2.2 (now A.6.3 in the 2022 revision) explicitly requires regular awareness, education, and training on information security — phishing-simulation completion records satisfy auditors.

Marketplace (AWS / Azure)

Cloud-vendor procurement platforms (AWS Marketplace, Azure Marketplace) that let buyers deploy software with one click and have charges flow through their existing cloud bill. For enterprise buyers this collapses procurement from weeks to minutes — charges count toward AWS EDP or Azure MACC commits. See HailBytes on the marketplaces.

MSSP (Managed Security Service Provider)

A firm that operates security functions on behalf of clients — commonly a SOC, vulnerability management, log monitoring, and increasingly compliance-bundle services. MSSPs increasingly bundle phishing simulation and ASM into client retainers; see the MSSP playbook.

NIST CSF (Cybersecurity Framework)

U.S. National Institute of Standards and Technology framework organizing cybersecurity activities into Identify, Protect, Detect, Respond, and Recover. The PR.AT (Awareness & Training) function maps directly to security-awareness programs; CSF 2.0 added the Govern function in 2024.

OIDC / SSO

OpenID Connect — the modern identity-federation protocol layered on OAuth 2.0 — is how most enterprise apps now implement single sign-on. HailBytes SAT and ASM both support per-tenant OIDC for enterprise and MSSP multi-client deployments.

OSINT (Open-Source Intelligence)

Intelligence collected from publicly available sources — DNS records, certificate transparency logs, code repositories, social media, leaked credential dumps. ASM platforms are essentially automated OSINT pipelines pointed at a target’s known seed domains.

PCI-DSS

Payment Card Industry Data Security Standard, mandatory for organizations that store, process, or transmit cardholder data. Requirement 12.6 explicitly mandates a formal security awareness program with documented evidence of completion — phishing-simulation results count.

Pen Test (Penetration Test)

A point-in-time, scoped, authorized attempt by a tester to compromise a target environment using adversary techniques. Pen tests produce a deliverable report and typically run quarterly or annually; ASM fills the visibility gap between engagements.

Phishing Simulation

Sending fake but realistic phishing emails to your own employees to measure click-through rates, train reflexes, and produce evidence for compliance audits. A mature program uses templates that mirror the threat actors actually targeting the org, varies difficulty, and pairs sends with post-click training.

Post-Click Training

The training experience an employee sees the moment they click a simulated phishing link — typically a short interactive lesson explaining what tipped off the email, with a quiz to confirm comprehension. Post-click is the highest-retention moment in a phishing program because the employee is already primed. See SAT post-click tutorial.

Reconnaissance (Recon)

The first phase of any offensive engagement: enumerate everything you can about a target before attempting to exploit anything. External recon includes subdomain enumeration, port scanning, technology fingerprinting, and content discovery. Why teams burn 40 hours setting it up.

Red Team / Blue Team

Red team = offensive; blue team = defensive. A red-team exercise is goal-oriented (e.g., “exfiltrate the customer database”), broader-scoped, and longer-duration than a pen test. Purple-team engagements have red and blue teams collaborate to test specific detection gaps in real time.

Security Awareness Training (SAT)

Programs that train employees to recognize and resist social-engineering attacks — primarily phishing, but also smishing, vishing, pretexting, and physical tailgating. Modern SAT platforms combine recurring video/lesson modules with simulated attacks. HailBytes SAT deploys via cloud marketplace as a self-hosted phishing-simulation platform.

Shadow IT

Software, services, or assets used inside an organization without IT or security’s knowledge or sanction — a forgotten staging server, a marketing-team SaaS subscription, an acquired company’s leftover infrastructure. ASM is the primary tooling category for finding shadow IT externally.

SIEM (Security Information and Event Management)

Centralized log-aggregation and correlation platforms (Splunk, Elastic, Sentinel, Chronicle, etc.) that ingest events from across the environment to produce alerts and audit trails. ASM and SAT both emit structured findings that feed SIEM correlation rules — see SIEM integration tutorial.

SOC 2

An AICPA audit framework certifying that a service organization meets controls across the Trust Services Criteria (security, availability, processing integrity, confidentiality, privacy). The Common Criteria (CC) include awareness training (CC2.2), and most B2B procurement now requires a clean Type II report.

Spear Phishing

Targeted phishing aimed at a specific individual, role, or small group, using personal or organizational context to raise plausibility. Whaling is spear phishing aimed at C-suite executives. Mature SAT programs run executive-targeted simulations on tighter cycles — see executive spear-phishing tutorial.

Subdomain Enumeration

Discovering subdomains of a target domain through DNS brute-forcing, certificate-transparency log scraping, search-engine dorking, and passive-DNS feeds. The practical purpose is to find forgotten or unsanctioned hosts that defenders aren’t actively monitoring. Continuous subdomain monitoring tutorial.

Vulnerability Scanning

Automated probing of hosts and services to identify known vulnerabilities — CVEs, misconfigurations, exposed admin interfaces, weak TLS, default credentials. Distinct from pen testing in that scanners do not exploit; they fingerprint and report.

White Label

A go-to-market arrangement in which a service provider rebrands a vendor’s product as its own when delivering it to clients. For HailBytes, white labeling means swapping the logo, favicon, email-from name, and support URL on a per-tenant basis — standard MSSP practice for SAT and ASM.
{{ partial "newsletter-cta.html" . }}