GENERIC DEFINITIONS

1. Application Programming Interface (API): A set of protocols for building software applications.

2. Cloud Workload: A type of computing workload that is hosted in a cloud-based environment.

3. Cyber breach: The unauthorized access of a computer system, network, or data.

4. Firewall: A network security system that monitors and controls incoming and outgoing network traffic.

5. Firewall-as-a-Service (FWaaS): A cloud-based firewall service that provides network security to cloud-based workloads.

6. Identity Provider (IDP) Device Trust: A security mechanism that verifies the identity of devices before allowing them to access network resources.

7. Microsegmentation: A network security technique that divides a network into smaller, isolated segments for greater security.

8. Network Gateway: A device or software that connects two different networks and manages traffic between them.

9. NetSercOps: A term used to describe the combination of network security and network operations.

10. Perimeter Traffic: Network traffic that originates or is destined for a network's perimeter, such as traffic to or from the internet.

11. Policy Enforcement Point (PEP): A component of a security architecture that enforces access policies and controls access to resources.

12. Ransomware: Malware that encrypts a victim's data and demands payment in exchange for the decryption key.

13. Secure Access Service Edge (SASE): A cloud-based security architecture that incorporates several security functions, including SD-WAN, SWG, and ZTNA.

14. Single Sign-On (SSO): A mechanism that allows users to authenticate once and access multiple applications or services.

15. Security Assertion Markup Language (SAML): An XML-based standard for exchanging authentication and authorization data.

16. Security Assertion Markup Language 2.0 (SAML2): An updated version of SAML that adds new features and improved security.

17. Software-Defined Wide Area Network (SD-WAN): A type of networking technology that uses software to manage and optimize network traffic.

18. Secure Web Gateway (SWG): A security mechanism that provides web content filtering, user authentication, and other security functions.

19. Virtual Private Network (VPN): A secure, encrypted connection between two networks or devices.

20. Zero Trust Network Access (ZTNA): A security model that requires authentication and authorization for all network connections.

Note: 'MicroZAccess' & its abbreviation 'MZA' has been used across the documentation. Desktop App & Desktop Client mean the same.

Terms & Definitions in Architecture

• Multifactor Authentication: A security mechanism that requires users to provide multiple forms of identification to verify their identities.

• Identity Provider (IdP): A trusted system that authenticates and provides identity information for users. It verifies the user's identity and generates security tokens used for authentication and authorization.

• Security Posture: The overall security condition of a device or system, including its security configurations, compliance with security policies, and vulnerability to potential threats.

• Micro-Tunnels: Secure communication channels established between endpoints within the MicroZAccess network. These tunnels facilitate direct and encrypted communication, ensuring confidentiality and integrity of data.

• Least Privilege Access: A principle that restricts user access to only the resources and privileges necessary to perform their authorized tasks. It reduces the risk of unauthorized access and limits the potential damage from compromised accounts.

• Policy Administration and Enforcement: The process of defining and implementing access policies within the MicroZAccess infrastructure. It involves creating and managing rules that control user access to resources and enforcing these policies consistently.

• Forwarding Relay: A component within the MicroZAccess TURN Mediator that routes network traffic efficiently between endpoints when necessary. It improves communication performance and ensures optimal connectivity.

• Policy Engine: The central component within the MicroZAccess Orchestrator that controls the creation, management, and enforcement of access policies and data access policies. It evaluates various factors such as user identity, device posture, groups, and contextual information to determine access privileges.

• Public Key Infrastructure (PKI): A system that manages the creation, distribution, and revocation of digital certificates used for secure communication. It provides a framework for verifying the authenticity and integrity of digital identities.

• Continuous Diagnostics and Monitoring: A process that involves ongoing monitoring of network activity, user behavior, and device health. It helps detect and respond to security threats or anomalies in real-time.

• Threat Intelligence: Information about potential threats, vulnerabilities, and attack patterns gathered from various sources. It helps organizations enhance their security posture and apply proactive security measures.

• Overlay Network: A logical network built on top of an existing network infrastructure. It enables secure communication between users, devices, and resources by creating an additional layer of abstraction.

Definitions W.r.t To ZTNA:

• Posture checks: Security checks that analyze the security posture of a device before granting access to resources, ensuring that only trusted devices have access.

• Identity and Access Management (IAM): A framework of policies and technologies that ensures that the right people have access to the appropriate resources in an organization.

• Multi-Factor Authentication (MFA): A security method that requires users to provide two or more forms of authentication to access a resource, providing an additional layer of security.

• Zero Trust Security Model: A security model that assumes that all devices and users are untrusted and must be verified and authorized before accessing a resource.

• Role-Based Access Control (RBAC): An access control method that restricts access to resources based on the roles of individual users within an organization, ensuring that users only have access to the resources they need to perform their job.

• Context-Based Access Control (CBAC): An access control method that grants or denies access to resources based on the context of the access request, such as the user's location, device type, or time of day, providing more granular control over access.

• Software Defined Perimeter (SDP): A security framework that dynamically creates network segments and enforces access control policies based on user, device, and application context, improving security by creating micro-perimeters around applications.

• Cloud Access Security Broker (CASB): A security tool that monitors and enforces security policies for applications and data hosted in cloud environments, ensuring that data is secure in the cloud.