The lexicon.

Attack Surface Management. Continuously discovers and inventories an organization's external-facing attack surface — domains, hosts, exposed services, shadow IT.

The chained sequence of conditions an attacker would exploit to reach a goal — vs. a list of independent vulnerabilities or misconfigurations.

A displacement pattern: "keep your stack, add us where it's blind." Sells a precise gap, not a replacement.

The existing budget line item a new vendor positions against — the money the buyer is already spending that the new spend will offset, displace, or augment.

Cloud Infrastructure Entitlement Management. Discovers and rightsizes the cloud-permissions surface — who/what has what access in AWS/Azure/GCP.

Cloud-Native Application Protection Platform. Consolidates cloud security across posture (CSPM), workload (CWPP), entitlements (CIEM), and runtime.

A displacement pattern: "we collapse several tools you already pay for into one." Trades tool sprawl + budget pressure for a single vendor relationship.

Cloud Security Posture Management. Finds and flags misconfigurations and policy violations across cloud infrastructure (AWS, Azure, GCP).

Continuous Threat Exposure Management. Gartner-coined umbrella for ongoing identification, prioritization, and validation of attack-paths and exploitable exposure.

Cloud Workload Protection Platform. Runtime protection for cloud workloads — VMs, containers, serverless — with detection, response, and exploit-prevention.

The competitive pattern by which a new vendor takes budget or surface area from an incumbent. Not the same as "competing" — displacement names which incumbent is losing what.

Data Loss Prevention. Inspects content and context across endpoints, networks, and cloud to block sensitive data from leaving the perimeter.

Data Security Posture Management. Discovers where sensitive data lives across cloud and SaaS, classifies it, and flags where it's exposed.

Endpoint Detection & Response. Records endpoint behavior, detects threats, and enables response actions on workstations and servers.

The set of conditions in an environment that a threat could exploit — vulnerabilities, misconfigurations, over-permissioned identities, exposed data, weak controls.

Governance, Risk & Compliance. Manages policies, controls, risk registers, and audit evidence — the operational layer for proving the security program works.

Identity & Access Management. Authenticates users, authorizes access, manages the lifecycle of identities (human and machine) across systems.

Identity Threat Detection & Response. Detects identity-based attacks — credential theft, MFA fatigue, lateral movement using legitimate credentials.

A displacement pattern: "buy the result, not the tool." Sells the service wrapper around the technology.

Managed Detection & Response. A vendor runs detection-and-response operations on the customer's environment as a service.

A displacement pattern: "we make your existing controls operational together." Sells the connective tissue, not the controls.

Privileged Access Management. Vaults, rotates, and gates access to privileged credentials and sessions — the keys to the kingdom.

The structural movement of cybersecurity from best-of-breed point products toward integrated platforms — Palo Alto, Crowdstrike, Microsoft, Wiz, Cisco.

Security Information & Event Management. Aggregates security logs from across the environment for correlation, alerting, and investigation.

Security Orchestration, Automation & Response. Workflow automation for incident response — connects tools into runbooks that triage and act.

Third-Party Risk Management. Assesses, monitors, and manages security risk introduced by vendors, suppliers, and other external parties.

The narrow, specific entry point a vendor uses to land — the precise problem they solve before they expand to adjacent problems.

Extended Detection & Response. Correlates signals across endpoint, network, identity, cloud, and email into a unified detection layer.