Glossary

    A
  • Alibaba Cloud
    Cloud computing platform that provides cloud computing services to online businesses and Alibaba's own e-commerce ecosystem.
  • Amazon S3
    Amazon Simple Storage Service (Amazon S3) - an object storage service offering industry-leading scalability, data availability, security, and performance.
  • ARM
    Microsoft® Azure Resource Manager. Technology to administer assets using Resource Group.
  • ARM template
    Azure Resource Manager template is a block of code that defines the infrastructure and configuration for your project
  • ARN
    Amazon Resource Names (ARNs) uniquely identify AWS resources. They are required to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.
  • AWS
    Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services.
  • AWS Lambda
    A serverless compute service that lets you run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes.
  • AWS Security Group
    Acts as a virtual firewall that controls the traffic for one or more instances in AWS. Security Groups are associated with network interfaces.
  • AWS Security Hub
    A service that provides a comprehensive view of the security state of your AWS resources. Security Hub collects security data from AWS accounts and services and helps you analyze your security trends to identify and prioritize the security issues across your AWS environment.
  • AWS VPC
    AWS Virtual Private Cloud. A private cloud that exists in the public cloud of Amazon. It is isolated from other Virtual Networks in the AWS cloud.
  • Azure
    Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®.
  • Azure account
    The email address that you provide when you create an Azure subscription is the Azure account for the subscription. The party that’s associated with the email account is responsible for the monthly costs that are incurred by the resources in the subscription. When you create an Azure account, you provide contact information and billing details, like a credit card. You can use the same Azure account (email address) for multiple subscriptions. Each subscription is associated with only one Azure account
  • Azure Subscription
    A logical entity in which we can provision and consume Azure resources. Subscription acts as a barrier inside of which all of our resources are pooled together and it helps us divide the cost. Azure Subscription can be part of a single tenant and one parent management group. It can be a post-paid or pre-paid credit carrying subscription.
    • C
  • CNAPP
    Cloud-Native Application Protection Platform - a cloud-native security model that encompasses Cloud Security Posture Management (CSPM), Cloud Service Network Security (CSNS), and Cloud Workload Protection Platform (CWPP) in a single holistic platform.
  • Container
    A lightweight and portable executable image that contains software and all of its dependencies. Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling.
  • Container Registry
    A collection of repositories used to store and access container images.
  • Container Runtime
    Software that is responsible for running containers.
  • CRI-O
    A tool that lets you use OCI container runtimes with Kubernetes CRI. CRI-O is an implementation of the Container runtime interface (CRI) to enable using container runtimes that are compatible with the Open Container Initiative (OCI) runtime spec.
  • CVE
    The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.
  • CVSS
    The Common Vulnerability Scoring System is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS indicates the severity of an information security vulnerability and is an integral component of many vulnerability scanning tools
    • D
  • DaemonSets
    DaemonSet ensures a copy of a Pod is running across a set of nodes in a cluster. Used to deploy system daemons such as log collectors and monitoring agents that typically must run on every Node.
  • Docker
    Docker (specifically, Docker Engine) is a software technology providing operating-system-level virtualization also known as containers.
    • E
  • EBS
    Elastic Block Storage (EBS) Volume hosts virtual data in segments. It's like a storage disk with the ability to contain various sizes of data. These virtual storage devices usually replicate within one AWS region to increase their availability.
  • EC2
    Amazon EC2 - A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon data centers.
  • ECS
    Amazon Elastic Container Service (ECS) - a fully managed container orchestration service that helps you deploy, manage, and scale Docker containers running applications, services, and batch processes.
  • EKS
    Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS and on-premises.
    • G
  • GCP
    Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube.
    • H
  • Helm
    A Kubernetes deployment tool for automating creation, packaging, configuration, and deployment of applications and services to Kubernetes clusters.
  • Helm Chart
    A package of pre-configured Kubernetes resources that can be managed with the Helm tool. Charts provide a reproducible way of creating and sharing Kubernetes applications. A single chart can be used to deploy something simple, like a memcached Pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.
    • I
  • IAM
    Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations.
    • J
  • JSON
    JavaScript Object Notation. A lightweight data interchange format.
    • K
  • KMS
    AWS Key Management Service (AWS KMS) - A managed service that simplifies the creation and control of encryption keys that are used to encrypt data.
  • kubectl
    Command line tool for communicating with a Kubernetes cluster's control plane, using the Kubernetes API. You can use kubectl to create, inspect, update, and delete Kubernetes objects.
  • Kubernetes
    Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts.
  • Kubernetes API
    The application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster.[-] Kubernetes resources and "records of intent" are all stored as API objects, and modified via RESTful calls to the API. The API allows configuration to be managed in a declarative way. Users can interact with the Kubernetes API directly, or via tools like kubectl.
    • M
  • machine learning
    The process of using mathematical models to predict outcomes versus relying on a set of instructions. This is made possible by identifying patterns within data, building an analytical model, and using it to make predictions and decisions. Machine learning bears similarity to how humans learn, in that increased experience can increase accuracy.
  • Microsoft Azure
    Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®.
  • multi-tenant
    Tenants that access other services in a shared environment, across multiple organizations, are considered multi-tenant.
    • N
  • NoSQL
    Set of nonrelational database technologies-developed with unique capabilities to handle high volumes of unstructured and changing data. NoSQL technology offers dynamic schema, horizontal scaling, and the ability to store and retrieve data as columns, graphs, key-values, or documents.
    • O
  • OCI
    Oracle Cloud Infrastructure - cloud computing platform offered by Oracle Corporation.
    • P
  • pod
    The smallest and simplest Kubernetes object. A pod represents a set of running containers on your cluster. A pod is typically set up to run a single primary container. It can also run optional sidecar containers that add supplementary features like logging. Pods are commonly managed by a Deployment.
  • Private cloud
    A model of cloud computing where the infrastructure is dedicated to a single user organization.
  • Public cloud
    A cloud deployment model where computing resources are owned and operated by a provider and shared across multiple tenants via the Internet.
    • R
  • RBAC
    Role-Based Access Control - Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
  • RDS
    Relational Database Service (RDS) - A web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.
  • ReplicaSets
    A ReplicaSet (aims to) maintain a set of replica Pods running at any given time.
  • ReplicationControllers
    A workload resources that manage a replicated application, ensuring that a specific number of instances of a Pod are running.
  • REST API
    Also known as RESTful API - an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services.
    • S
  • S3 buckets
    A bucket is a container for objects stored in Amazon S3 (Amazon Simple Storage Service).
  • Security Group
    A set of access control rules that acts as a virtual firewall for your virtual machine instances to control incoming and outgoing traffic.
  • ShiftLeft
    The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed.
  • SQS
    Reliable and scalable hosted queues for storing messages as they travel between computers.
  • SSO
    Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications.
  • StatefulSets
    Manage the deployment and scaling of a set of Pods, and provide guarantees about the ordering and uniqueness of these Pods.
    • T
  • Terraform
    An infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share.
    • U
  • User Center
    The Check Point User Center offers single sign-on management for all your Check Point needs: Manage Accounts & Products Get Support Offers License Products Open & manage your Service Requests Access Downloads and product documentation Search Technical Knowledge Center