Application Programming Interface (API) is a software intermediary that allows a vast array of unrelated software products to integrate and interoperate with other software and data. APIs also allow developers to add features and functionality to software by utilizing a rich array of other developers’ APIs.
Extensions are small software programs that customize the browsing experience. They enable users to tailor browser functionality and behavior to individual needs or preferences, can improve security, and make certain aspects of web surfing generally easier. For example, Chrome Web Store offers close to 200,000 extensions broken done by themes (e.g., accessibility, productivity, shopping, etc.).
Bring Your Own Device (BYOD) is a corporate policy that permits employees to use their own personal devices (laptop, tablet, mobile) for work-related purposes, thus requires the organization to enable access to corporate assets, sensitive data and SaaS application without compromising security and privacy.
Conditional access is the protection of content by requiring certain criteria to be met before granting access to the content. Organizations use identity-related information and actions to enforce access to specific corporate data or applications.
A corporate device is usually a computer used by the employee for daily operations but is owned by the organization. It has controls and management enforced according to the IT and security policies.
Chromium is an open-source browser project, maintained and supported by Google since 2008, that serves as a foundation for many of the modern browsers, such as Google Chrome, Microsoft Edge and TalonWork. As an open project, many people contribute to the feature set and stability of Chromium, yet the browser companies create their own unique version of browsers based on the Chromium infrastructure.
Data leakage is the unauthorized transmission of data from within an organization to an external destination or recipient. Data leakage is usually a result of an accidental breach, an ill-intentioned employee or malicious intent. Organizations are constantly looking to add more control and policies to secure their data.
A genral terms that reflect the changes in modern organizations in which employees are scattered in different settings and locations and no longer reside in designated company offices and are engaged via many forms of employment (contactor, part-time, partner, etc.).
Data Loss Prevention (DLP) is a strategy that aims to ensure users do not send confidential or sensitive information outside of the enterprise, by enforcing a set of active prevention methods across devices (desktops, laptops, mobiles, servers). DLP solutions can automatically block, quarantine or encrypt sensitive data as it leaves the endpoint.
Endpoint Detection & Response (EDR) is computer software aimed at protecting the individual device. It typically aggregates data, such as external communications, user logins, process execution and analyzes it to discover anomalies and malicious activity. EDR enables security teams to investigate and respond to incidents, providing in-depth visibility and threat prevention.
A browser with built-in security and management capabilities that was created with the purpose of serving the visibility and control needs of the corporate world, compared to other known browsers that were built for consumers and with focus on personal usage.
An identity provider is an authentication service that stores and verifies user identity. It is typically a cloud-hosted service that integrates with additional security mechanisms, such as single sign-on (SSO) and Multi-Factor Authentication (MFA) providers to establish a critical layer of security between users and organizations.
A security risk that originates from within the organization involves a misuse of access to extract internal corporate data. An insider threat typically involves a current or former employee who has access to sensitive information due to their job function or has a privileged account with permission to access restricted information.
A non-corporate device (laptop, tablet, mobile) does not belong to an organization and therefore does not adhere to any specific security policy or compliance regulations. Thus, even though it is used for work, it is not monitored, controlled or secured by the organization. Every organization chooses its most suitable way to allow those devices to access corporate assets needed by employees, without compromising security.
A patch is a software update package that should be applied to an application or to an operating system in order to update it to solve a security vulnerability, improve performance or fix a bug. Software patches are often referred to as a major source for security concern since many of the breaches occur via security patches that were known but were never applied, in what is known as ‘patch fatigue’.
Policy enforcement is the process of managing network and application connectivity, access, and use according to one or more policies defining the conditions under which access is allowed. This allows organizations to tightly control which users and devices will be granted access and which type of actions are allowed.
A user that is authorized, and therefore, trusted, to perform security-relevant functions that ordinary users are not authorized to perform. The typical privileged user is a system/IT administrator responsible for managing IT and security infrastructure and can perform actions such as Installing/removing systems.
Remote Browser Isolation (RBI) is a virtual browser technique that provides an additional security layer against browser-borne threats. RBI uses proxy setting to route the suspicious traffic outside of the corporate environment and renders Internet content in an isolated cloud environment, using pixel streaming or DOM rewriting, to provide a “mirrored” and safe Internet page.
An employee who does not reside within corporate premises and requires access to corporate resources and applications from afar in an effective and secure manner.
Browser extensions have been known to be hacked and injected with malware, often without any warning to the user. Rouge extension may take advantage of active browser sessions to perform unauthorized actions, may intercept the browser traffic for all kind of purposes and manipulate the user experience.
Software as a Service (SaaS) applications are the modern way of enabling access to services over the Internet without the need to install and maintain the software itself. SaaS applications have become the main tools through which employees, local and remote, execute their daily operations and as such securing their access has become a major IT focus.
Shadow IT is the common term for using information technology systems, devices, software, applications, and services without explicit IT department approval, thus creating a parallel IT infrastructure that is not managed by corporate IT department and as such becomes a security hazard.
Single Sign On (SSO)
Single Sign on is an authentication method that enables users to securely log in to multiple applications and websites, by using just one set of credentials, thus simplifying access without the need to re-enter authentication factors.
TalonWork is the proprietary browser created by Talon Cyber Security. TalonWork leverages the Chromium open-source project feature set to offer an enterprise-grade browser that is pre-built with multiple security and management layers. The TalonWork browser gives customers the deep security visibility and control they need over their SaaS applications access in a simplified and cost-effective manner.
Total Cost of Ownership (TCO) is a financial estimate intended to help calculate and determine the overall direct and indirect expenses related to the delivery of a certain product or a service and to assess the long-term value of a purchase to a company or individual.
Third party contractors
A general term describing a variety of business entities working with an organization on a temporary basis and providing specialized services of some sort (e.g., consulting, creative, legal, etc.). Contractors can be individuals or vendors. The main challenge with third-party contractors is how to balance their need for corporate application and data access vs. securing and controlling their access.
Virtual Data Infrastructure (VDI) is a technology that refers to the use of virtual machines to provide and manage virtual desktops. VDI hosts desktop environments on a centralized server and deploys them to end-users on request. Using VDI, remote workers access a complete desktop and its applications. VDI is known to have a high cost for its deployment and ongoing maintenance.
Virtual Private Network (VPN) establishes a protected network connection when using public networks. Via the VPN, user’s data traffic is routed through an encrypted virtual tunnel that disguises the IP address and makes its location invisible to potential external attacks. When working remotely, installing and configuring a VPN client on the device ensures secure data access to the company’s network and reduces the risk of data leakage.
Extended Detection & Response (XDR) is a general term for security software products that collect and correlate data across multiple security layers (e.g., email, endpoint, server, cloud, network) and allows for an improved threats analysis and faster response times.
Zero Day refers to a software vulnerability that poses an immediate cyber risk due to the fact that it can be exploited before a fix can be applied, mainly because the vendor is unaware of its existence or because a patch is not yet available. Many of the ‘successful’ breaches occur due to zero-day attacks.
Zero Trust is a security framework that aims at minimizing the risk of remote access in the modern IT world. Its slogan is: “never trust – always verify”. Zero Trust constantly checks the identity and integrity of devices without respect to location, and provides access to applications and services based on the confidence level of device identity and device health in combination with user authentication.