Glossary

Key terms and concepts used throughout Serpentine documentation.

A

Asset Graph: A continuously updated representation of all security-relevant entities (devices, users, applications, data stores) and their relationships within an organization's environment.
Attack Path: A sequence of vulnerabilities, misconfigurations, or excessive permissions that an attacker could chain together to reach a target asset. Serpentine's Offense module identifies and validates these paths.

Blast Radius: The potential scope of damage if a specific vulnerability is exploited or control fails. Calculated by analyzing the asset graph to determine what an attacker could access from a compromised starting point.

Compliance Drift: The gradual degradation of security controls between audit periods. Traditional compliance is point-in-time; Serpentine provides continuous validation to prevent drift.
Continuous Validation: The practice of regularly testing security controls through automated offensive techniques, rather than relying on periodic assessments or assumed configurations.
Control: A security measure implemented to protect assets, enforce policies, or meet compliance requirements. Examples include firewall rules, access controls, encryption, and monitoring.
Control State Contradiction: A situation where a security control is documented or configured but doesn't function as intended. Example: a firewall rule that should block traffic but has an exception that permits it.

Decision Intelligence: Serpentine's capability to provide context-aware recommendations by analyzing the security graph, historical data, and organizational priorities to guide response actions.
Detection: The identification of security events, anomalies, or threats through monitoring, log analysis, and behavioral analysis. One of Serpentine's four core modules.
DORA: Digital Operational Resilience Act. EU regulation establishing requirements for ICT risk management, incident reporting, resilience testing, and third-party risk management for financial entities.

Evidence: Artifacts that demonstrate a security control's existence and effectiveness. In Serpentine, evidence is collected automatically and linked to compliance requirements in the security graph.

Governance: The framework of policies, procedures, and controls that guide security decisions and ensure compliance. One of Serpentine's four core modules.
Graph-Based Security: An architectural approach where security data is stored as interconnected nodes and relationships rather than isolated records, enabling complex queries about how entities relate to each other.

Hardening: The process of reducing attack surface by applying security configurations, removing unnecessary services, and implementing defensive measures. One of Serpentine's four core modules.

NIS2: Network and Information Security Directive 2. EU directive expanding cybersecurity requirements to more sectors and introducing stricter supervisory measures and enforcement.

Offense: The practice of testing security controls through controlled attack simulations. One of Serpentine's four core modules, providing continuous validation of defensive measures.
OSINT: Open Source Intelligence. Information gathered from publicly available sources to assess external attack surface, leaked credentials, or threat actor activity.

Policy-as-Code: Security policies defined in machine-readable formats that can be automatically enforced, tested, and version-controlled alongside infrastructure code.
Posture: The overall security state of an organization, including the effectiveness of controls, presence of vulnerabilities, and compliance status.

Security Graph: Serpentine's unified data model that connects assets, vulnerabilities, controls, compliance requirements, and validation results into a queryable knowledge graph.
Security Substrate: The foundational layer of Serpentine's architecture that ingests, normalizes, and correlates data from all sources into the unified security graph.
Sovereignty: Control over where data is stored and processed, typically to meet regulatory requirements like GDPR. Serpentine offers EU-sovereign deployment options.

Telemetry: Data collected from security tools, infrastructure, and applications that provides visibility into the environment's state and activity.

Validation: The process of confirming that a security control actually works as intended, typically through testing rather than configuration review alone.
Validation Loop: Serpentine's core workflow: detect issues → harden defenses → validate with offense → govern continuously. Each step informs the others through the security graph.