NewCore Glossary

Active Directory is a centralized directory service that stores and manages user identities, computer objects, and access policies within enterprise networks. It is the identity backbone of most corporate environments, controlling authentication and authorization across internal systems and applications.

API Security is the practice of protecting APIs from unauthorized access and abuse through authentication, authorization, rate limiting, and monitoring. APIs are the new attack surface — they enable programmatic access that bypasses traditional user-centric security controls.

ABAC is an access control model where access decisions are based on attributes of the user, the resource, and the context of the request. Instead of assigning permissions to roles, ABAC evaluates the user's attributes and environment to determine whether access is allowed.

Account Takeover is when an attacker gains unauthorized control of a user account. It can result from phishing, credential stuffing, brute force, or social engineering — any technique that compromises the account's authentication credentials.

Audit Logging is the practice of recording identity events and access decisions in immutable logs. Audit logs track who accessed what, when, and why — creating a historical record of identity decisions that can be reviewed for compliance, incident investigation, and security analysis.

Anomaly Detection is a technique that identifies unusual patterns in identity behavior — logins from unusual locations, access to unusual resources, or timing patterns that deviate from normal. It uses historical baseline data to flag deviations that might indicate compromise or abuse.

AI-Powered Attacks are attacks that use artificial intelligence and machine learning to improve targeting, evasion, or exploitation. They include phishing emails optimized to evade filters, credential cracking accelerated by neural networks, and social engineering conversations generated by language models.

The Agentic Workforce refers to AI agents and autonomous systems that perform work tasks independently, without human intervention. As AI agents take on more responsibilities, they become entities with identity and access needs comparable to human employees.

AI Agent Authorization is the system that determines what resources and actions an AI agent can access and perform. It extends authorization concepts from human users to AI agents, requiring decisions about privilege scope, time limits, and approval workflows.

Biometric Authentication uses unique physical or behavioral characteristics — fingerprints, facial recognition, iris scans, or voice patterns — to verify a user's identity. It is a possession factor that is harder to compromise than knowledge factors because biometric data cannot be forgotten or easily guessed.

A Brute Force Attack is an attempt to gain access by trying many password or credential combinations in rapid succession. Attackers use automated tools to test credentials until they find one that works, relying on weak passwords or misconfigured rate limiting.

A Cryptographic Key is a unique secret value used to encrypt, decrypt, sign, or verify information. In authentication, cryptographic keys prove possession — proving that a user has access to a specific secret that only they should know.

A Certificate Authority is a trusted organization that issues digital certificates and digitally signs them to verify the identity of the certificate holder. It is the root of trust in PKI — its signature on a certificate says 'I have verified this identity, and I bind this public key to it.'

Continuous Verification is the practice of constantly evaluating whether a user and their session remain authorized, instead of verifying once at login and then assuming authorization for the entire session. It monitors behavior, context, and risk factors throughout the user's session and revokes access if conditions change.

Credential Stuffing is an attack where attackers use stolen username-password pairs from one breach to attempt login on other accounts. It exploits password reuse — the reality that users use the same password across multiple services.

A directory is a database that stores and organizes identity data like usernames, attributes, group memberships, and access rules. It is the foundational system that identity platforms query to answer 'who is this person and what are they allowed to do.'

A Digital Certificate is a digitally signed document that binds a public key to an identity (user, server, or device). It is issued by a Certificate Authority and serves as proof that the holder of the corresponding private key is the entity listed in the certificate.

Distributed Trust Architecture is a NewCore approach that replaces single points of trust with a model where no single entity holds absolute authority. Trust is distributed across multiple parties, making the system more resilient and preventing any single compromise from unlocking the entire system.

Device Trust is the practice of verifying that a device is secure and compliant before granting it access to resources. It evaluates factors like OS patches, security software, and hardware integrity to determine whether the device is trustworthy.

Delegated Identity is the practice of granting a service or agent the ability to act on behalf of a user. Instead of the user providing their credentials, the service receives authorization to act as the user, using delegation tokens that are scoped and time-limited.

Federation is the practice of delegating authentication and authorization decisions to a trusted external identity provider instead of managing credentials locally. It allows users to access multiple applications using a single set of credentials, verified by a single trusted authority.

FIDO2 is an open authentication standard that enables passwordless, phishing-resistant authentication using cryptographic keys on hardware tokens or devices. It is the foundation for modern authentication that is both more secure and more user-friendly than passwords.

GDPR (General Data Protection Regulation) is a European regulation that governs how personal data is collected, processed, and protected. It requires organizations to implement data protection by design, obtain consent for data processing, and give individuals rights to access and delete their data.

IAM encompasses the policies, processes, and technologies that manage how identities are created, stored, authenticated, and authorized across an organization. It is the operational discipline that translates 'who works here and what can they do' into enforced, auditable access control.

An Identity Provider (IdP) is the system that authenticates users' identities and issues tokens or assertions that prove their identity to applications. It is the trusted broker that sits between a user and the applications they access, responsible for verifying 'you are who you claim to be.'

Identity Lifecycle Management covers the entire journey of an identity from creation through active use to deprovisioning — managing provisioning, updates, access changes, and removal as people join, change roles, and leave the organization.

IGA is the discipline of continuously monitoring, reviewing, and certifying that access decisions are still valid and aligned with policy. It ensures identities and their permissions stay controlled and auditable throughout their lifecycle.

Identity Provisioning is the process of creating user accounts and granting appropriate access rights when someone is hired, transferred, or onboarded into a new role. It translates HR data and role definitions into working access across all systems.

An Identity Graph is a unified, structured view of all identity relationships — linking users to their accounts, roles, groups, attributes, and systems they can access. It maps the connections that define who someone is across the entire organization.

Identity Deprovisioning is the process of removing user accounts and revoking access rights when someone leaves the organization, changes roles, or no longer needs specific permissions. It is the operational counterpart to provisioning that should undo access as quickly as provisioning grants it.

Identity Sprawl occurs when an organization maintains multiple disconnected identity systems, platforms, and data sources that don't communicate or synchronize. This fragmentation creates inconsistent identity data, duplicate accounts, and governance blind spots across the organization.

An Insider Threat is a security risk posed by people with legitimate access to systems and data — employees, contractors, or partners who use that access maliciously or negligently. Insider threats range from deliberate data theft to unintentional exposure caused by carelessness.

ITDR is a security capability that monitors identity systems and user behavior to detect compromises, anomalies, and attacks. It combines threat detection with automated or guided response to stop identity-based attacks before they cause damage.

Identity Attack Surface is the sum of all identity entry points and systems that attackers can target. It includes user accounts, service accounts, credential storage, identity platforms, and any system involved in authentication or authorization decisions.

Identity Governance is the organizational discipline of defining, implementing, and enforcing identity policies. It ensures identity decisions align with business objectives, regulatory requirements, and security best practices.

Incident Response is the process of detecting, investigating, and remediating security incidents. It includes containment to stop ongoing attacks, investigation to determine impact, and remediation to remove the attacker and restore systems.

Identity Risk is the likelihood and potential impact of identity-based attacks or access control failures. It encompasses the risk of account compromise, privilege escalation, lateral movement, and unauthorized access.

JIT Access grants privileges only when needed and only for the duration required. Instead of standing privilege that lasts indefinitely, JIT access is temporary, time-limited, and revoked automatically when the request is completed.

A JWT is a compact, self-contained token that carries claims about a user or entity in a structured format. It is digitally signed, allowing recipients to verify that the token is authentic and has not been modified.

Kerberos is an authentication protocol that uses time-limited tickets to allow clients and servers to authenticate each other over untrusted networks without sending passwords. It is the foundation of enterprise network authentication within Active Directory domains.

LDAP is a standardized protocol for querying and updating directory services like Active Directory. It allows applications to look up user information, group memberships, and attributes from a centralized directory.

Lateral Movement is the technique attackers use to move from one compromised system to other systems within a network. After gaining initial access, attackers use harvested credentials, misconfigurations, or vulnerabilities to access additional systems without leaving the network.

MDM is a system that manages, monitors, and secures mobile devices accessing corporate resources. It enforces policy on devices to ensure only compliant endpoints can access identity-protected applications and data.

MFA is an authentication method that requires users to provide multiple forms of verification — typically something they know (password), something they have (phone), or something they are (biometric) — before granting access. It is the primary defense against credential compromise.

MFA Fatigue is a condition where users are prompted for MFA verification repeatedly or unexpectedly, leading them to approve prompts without thinking or to disable MFA entirely. It is a vector for account takeover where attackers weaponize the authentication system itself.

Never Trust, Always Verify is the core principle of Zero Trust security — the assumption that no identity or device is trustworthy by default, and all access requests must be verified regardless of the source. It rejects the historical 'trust but verify' model and makes verification mandatory for every decision.

Orphaned Accounts are user accounts that exist in systems but are no longer actively managed or monitored. They typically belong to users who have left the organization or changed roles, but whose access was never properly deprovisioned.

An OTP is a temporary code that is valid for a single authentication attempt and then expires. OTPs can be generated by an app on the user's device (software-based) or issued via SMS or email, and they serve as a second factor in MFA schemes.

OAuth 2.0 is an authorization protocol that allows users to grant third-party applications access to their resources without sharing passwords. It enables delegation of access and is widely used for social login and API authorization.

OpenID Connect (OIDC) is an authentication layer built on top of OAuth 2.0 that adds identity verification. It allows applications to verify the identity of end users and obtain profile information in an interoperable way.

Passkeys are cryptographic credentials that replace passwords entirely, using public key cryptography to authenticate users. They exist on devices the user owns and can be synced across devices, making authentication both more secure and more convenient than passwords.

Passwordless Authentication is any authentication method that does not require users to remember or type a password. It replaces passwords with factors like cryptographic keys, biometrics, or possession-based factors that are harder to compromise.

Phishing-Resistant MFA is authentication that is resistant to phishing attacks by design — typically cryptographic methods like FIDO2 that are scoped to the legitimate domain and cannot be tricked into using credentials on a fake site. It moves away from knowledge and SMS factors that users can be socially engineered to share.

PAM is a system and set of practices that secure, manage, and audit access to privileged accounts and systems. It ensures that privileged credentials are used only by authorized people, for authorized purposes, and that every privileged action is logged and reviewable.

PKI is a system of policies, processes, and technologies that creates, issues, stores, and revokes digital certificates and cryptographic keys. It establishes trust by binding identities to public keys, enabling secure communication and authentication.

Post-Quantum Cryptography refers to cryptographic algorithms that are believed to be resistant to attacks by quantum computers. As quantum computing advances, current encryption methods will become vulnerable, making post-quantum algorithms essential for long-term security.

Phishing is a social engineering attack where attackers trick users into revealing credentials, downloading malware, or visiting fake websites. It exploits human psychology rather than technical vulnerabilities, making users the attack vector.

Privilege Escalation is a technique where an attacker gains higher-level permissions than their current account holds. They might exploit a vulnerability to become an administrator, trick a privileged user into delegating access, or access abandoned privileged credentials.

PCI DSS (Payment Card Industry Data Security Standard) is a compliance framework that requires organizations handling credit cards to implement security controls. It mandates authentication, encryption, access control, and regular security testing.

A Risk Engine is a system that analyzes identity behavior and context to calculate the risk of granting or allowing access. It evaluates factors like login location, device posture, time of access, and behavior anomalies to make real-time access decisions.

RBAC is an access control model where permissions are assigned to roles, and users are assigned to roles. It simplifies access management by grouping related permissions together, making it easier to grant and revoke access based on job function.

Secrets Management is the practice of securely storing, rotating, and accessing sensitive credentials like API keys, database passwords, and cryptographic keys. It ensures secrets are never hardcoded, logged, or exposed, and are accessible only to authorized processes.

SSO is a system that allows users to authenticate once with an identity provider and then automatically access multiple applications without re-entering credentials. It centralizes authentication decisions while simplifying the user experience.

SAML (Security Assertion Markup Language) is the protocol that passes authentication and authorization data between an identity platform and the applications it secures. It is the backbone of enterprise SSO — the mechanism that answers 'who is this user, and what can they access?' at every login, across every application.

Secure Split Key (SSK) is a NewCore approach that splits cryptographic signing authority across multiple parties so that no single entity holds the complete key needed to authorize access. It distributes trust instead of concentrating it, making authorization decisions cryptographically transparent and verifiable.

SCIM (System for Cross-Domain Identity Management) is a protocol that standardizes how identity information is synchronized between systems. It provides a common API for provisioning and deprovisioning users, groups, and other identity data across multiple applications.

Security First Architecture is a NewCore principle that prioritizes security as a foundational design requirement rather than an afterthought. It treats every architectural decision — from how systems communicate to how users authenticate — as a security decision first and an engineering decision second.

SOC 2 is a compliance framework that evaluates how service organizations manage security, availability, and confidentiality. It includes assessment of identity and access controls, and SOC 2 Type II reports require continuous monitoring over a defined period.

A Service Account is a non-human account used by applications, processes, or services to access resources and perform actions. Service accounts need credentials like any user account but lack the interactive elements of human accounts.

2FA requires exactly two distinct authentication factors from different categories — typically a password (something you know) and a second factor like SMS, app-based codes, or hardware keys (something you have or are). It is a foundational step above single-factor authentication.

TOTP is a software-based OTP that generates codes at regular time intervals, typically 30 seconds, using a shared secret and the current time. Authenticator apps like Google Authenticator and Microsoft Authenticator generate TOTP codes without requiring a server connection.

Token Theft is an attack where an attacker steals authentication or authorization tokens, which can then be used to impersonate the token's legitimate owner. Tokens can be stolen from memory, logs, network traffic, or local storage.

Visual MFA is an authentication method that presents users with a visual context or pattern that they must validate or interact with to complete authentication. It is a NewCore innovation that combines familiarity with security by leveraging visual memory and recognition instead of requiring users to type codes.

WebAuthn is a web standard that enables web applications to register and authenticate users using FIDO2 credentials or biometrics. It provides a common interface between browsers and authentication hardware or software.