FORESCOUT SECURITY FOR HEALTHCARE IOT - EXCLUSIVE NETWORKS
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
ForeScout Security for Healthcare IoT
Agenda
1. IoT Trends in Healthcare
2. Types of Healthcare Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
2
Agenda
1. IoT Trends in Healthcare
2. Types of Healthcare Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
3
Exponential Growth In IoT Devices
It took 25 years It will take only 5 more
to connect 10B years to connect 30B
devices devices
20B of which will be
IoT devices
Healthcare will be a
leading IoT adopter
Source: Gartner IoT, PC and Mobile device forecast 2015; ABI research
Reference acronym glossary at the end of presentation 4
Other Healthcare Trends
Fast Adoption of M&A HIPAA and
IoT Activity HITECH
Security team is becoming a key business partner
5
Popular IoT Use Cases in Healthcare Asset Management Patient Monitoring Medical Device Integration Work Flow Optimization Reference acronym glossary at the end of presentation 6
Benefits of Healthcare IoT: Real Life Examples
Intelligent IoT wearables that
Using wearables, iPads measured heart rate,
and apps to integrate info Ochsner St. respiration rate etc reduced
from patients wearables Health Joseph mortality rate by 35% and
into hospitals EHR hospital stay by half a day
system Mercy
Using Google Glass to enter Dignity Aventura Real-time patient tracking
patient information reduced Health Hospital cut emergency department
EHR charting by 80% hold times by 68%
PwC, GE, Beckers Hospital Review, Mobile Health News
Reference acronym glossary at the end of presentation 7
Agenda
1. IoT Trends in Healthcare
2. Types of Healthcare Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
8
Types of Cyberattacks
Distributed Denial of Service (DDoS) is an attack in which
a master program sends data heavy traffic from multiple A vulnerability in the system
systems to few targeted servers and cripples them, usually that bypasses normal
mission critical servers security authentications to Malicious software that is
enter a system used to disrupt operations,
gather or modify sensitive
information
DDoS
Attacker secretly
Backdoor relays/ alters the
communication
Malware between two systems
Man in the middle
Ransomware
Software vulnerability
A type of malicious software
Some systems run on outdated or designed to block access to a
unsupported software that have computer system until a sum
vulnerabilities that are hard to patch of money is paid 9
Reference acronym glossary at the end of presentation
Healthcare is a Prime Target for Cyberattacks
2016: Summary of Reported Cyberattacks Across US Healthcare Systems
450: Total reported
breach incidents
27 Million: Patient
607: Average days to
records were stolen detect breach caused
by insider
$402: Cost of per capita 400%: Increase in
data breach; highest ransomware attacks with
nearly half of them in the
among all industries Healthcare sector
Source: HIPAA Journal, Beazley, IBM-Ponemon, Beckers Hospital Review 10Healthcare has Highest Per Capita Cost of Breach
Media $177
Uses of a medical record include filing
fraudulent insurance claims, obtaining
Education $220 prescription medication, opening
credit accounts, and filing for fictitious
government medical care
Financial $264
Healthcare $402
IBM Ponemon report: Cost of a data breach 11
Reference acronym glossary at the end of presentationAgenda
1. IoT Trends in Healthcare
2. Types of Healthcare Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
12Many New Devices Will be Vulnerable to Attacks
By 2020:
20+ Billion
Unmanaged
Connected
Less than 10% of new devices connecting to the
corporate environment will be manageable through
66%
Devices
traditional methods of all networks will have an
IoT security breach by 2018
Unmanaged
Devices
Managed
Devices
2010 2012 2014 2016 2018 2020
Source: Gartner, BI Intelligence, Verizon, ForeScout
Reference acronym glossary at the end of presentation 13Internet of Medical Things Are Very Diverse
They have different processing capabilities, operating systems and form factors
Patient Vitals Monitor Pulse Oximeter Smart Infusion Pump Portable ECG Monitor
And many
more
Telemed Tablet Smart Wearable Smart Pill Bottle
Reference acronym glossary at the end of presentation 14Real Life Examples of Vulnerabilities
FDA has issued warning that the Hospira Symbiq Infusion System can be hacked
remotely from a hospital’s network, enabling an unauthorized user to alter
infusion of critical patient therapies. So when infected, these devices can put
patient health at risk.
Security researchers found that thousands of “critical medical systems” are
vulnerable and exposed online. Most medical devices are running Windows XP or
XP service pack two and generally don’t have antivirus making them easy
targets.
https://www.healthitoutcomes.com/doc/fda-issues-alert-medication-infusion-pump-hacking-alert-0001
https://www.wired.com/2017/03/medical-devices-next-security-nightmare/
Reference acronym glossary at the end of presentation 15Facilities Upgrade is Bringing in IoT Devices
As Well
DISASTROUS
Cause irreversible
damage
Illegal remote Tampering with
monitorig temperature controls
DISRUPTIVE
Disrupt corporate and
operational
processes.
Spying via video Accessing classified Snooping on calls
and microphone information
DAMAGING
Enable information Obtaining user Extracting Wi-Fi
stealing credentials credentials to carry
out further attacks
Source: ForeScout IoT Enterprise Risk Report
Reference acronym glossary at the end of presentation 16An Example of IoT Device Risks DISASTROUS
IP-Connected Security Systems
Many use proprietary radio Disable camera to allow physical
frequency technology that lack break in.
authentication and encryption.
Hijack camera to spy on employees
usage of computers, passwords,
applications, designs.
Attackers can form radio signals
to send false triggers and Use as launching point for DDoS
access system controls. attacks.
User compute capability to ex-filtrate
large amounts of datas.
Reference acronym glossary at the end of presentation 17Healthcare Regulations
Regulatory mandates will be harder to meet with the introduction of insecure IoT devices
HIPAA
PCI
CIS
HITECH
HITRUST
NIST
18Agenda
1. IoT Trends in Healthcare
2. Types of Healthcare Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
19Many IoT Devices Are Vulnerable
Many IoT Many IoT
Many IoT Many IoT
devices run on devices lack
devices cannot devices cannot
outdated or basic security
host an agent be patched
unsupported features
software
ForeScout’s agentless solution helps overcome these limitations
Reference acronym glossary at the end of presentation 20See
Many IoT devices are invisible to the traditional security systems
Manageable with an Non-
Agent Traditional/IoT
Computing
Devices
Who are you?
Who owns the device?
What type of device?
Antivirus
Network out-of-date
Devices Where/how are you
Vulnerability connecting?
Applications Broken agent
AGENTLESS What is the device
hygiene?
CONTINUOUS See with
IoT
Visible Not Visible
21
Reference Acronym Glossary at the end of presentationControl
Less Privileged
Access
Quarantine
Notify
Comply
POLICY-DRIVEN Restrict
Guest
AUTOMATED Network
Data Center
Corporate
Network
Reference acronym glossary at end of presentation. 22Orchestrate
ATD EMM EDR/EPP ITSM NGFW SIEM VA
VENDOR OPTIONS
Share Contextual Automate Automate
Insights Workflows Response Actions
BREAK DOWN SILOS
MAXIMIZE EXISITING
INVESTMENTS
*As of April 2017
23
Reference Acronym Glossary at the end of presentationSecurity Benefits of a ForeScout Solution
IDC interviewed 7 ForeScout customers, and on an average, benefits were
24% 24% more devices discovered
18% 18% more devices in compliance
Faster
Time To
Value
42% 42% reduction in network-related breaches
38% 38% reduction in device-related breaches
IDC Paper: https://www.forescout.com/idc-business-value/
10Business Benefits of a ForeScout Solution
IDC interviewed 7 ForeScout customers, and on an average, benefits were
$2M average savings
Average benefits
for an organization
with 43K devices
392% ROI over 5 years
13 months to break even
IDC Paper: https://www.forescout.com/idc-business-value/
Reference acronym glossary at the end of presentationAgenda
1. IoT Trends in Healthcare
2. Types of Healthcare Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
26RWJBarnabas Health Case Study
https://www.forescout.com/company/resources/rwjbarnabas-health-case-study/
27RWJBarnabas Health
“ForeScout lets us quickly discover and classify devices and infrastructure on
heterogeneous networks as hospitals and clinics join RWJBarnabas Health.”
- Hussein Syed, Chief Information Security Officer, RWJBarnabas Health
https://www.forescout.com/solutions/industries/healthcare/
Reference Acronym Glossary at the end of presentation
28RWJBarnabas Health Challenge: Add New Types of
Devices Without Adding Vulnerabilities
How ForeScout helped…
Diverse Medical IoT Virtual Auto Classification
Device Types Devices Machines and Segmentation
Agentless approach secures Automatically see and See which VMware Virtual Auto device classification and
traditional, BYOD and IoT devices classify thousands of Machines are live, patched network segmentation based
as they connect and continuously medical IoT devices and running the right tools on device type, hygiene, user
thereafter profile and applications
29RWJBarnabas Health: Real Life Example of
Safe Onboarding of Devices
Traditional, BYOD and IoT devices detected, classified,
1
segmented and controlled in real time
2 Devices monitored continuously
ForeScout orchestrates security response and quarantines
3
devices in real time if a problem is found
ForeScout’s agentless approach helped secure diverse types of devices,
even those that cannot host an agent and also reduced OPEX related to
installing and managing agents.
30RWJBarnabas Health Challenge: Secure
Heterogeneous Environments; Onboard M&A Networks
How ForeScout helped...
Secure
Onboard M&A Faster Multi-Vendor
Access to
Networks Time To Value Environment
Partners
Securely connect Quickly onboard mixed environment Three year complex Deploys within
clinicians, labs, insurers with 802.1X, non 802.1X and also integration project turned existing multi-vendor
and contractors inventory new assets into two year success story infrastructure
31RWJBarnabas Health: Secure Heterogeneous
Environments; Onboard M&A Networks
M&A brought in a hybrid IT environment with mix of 802.1X, non-
1
802.1X, various device hygiene, device types and applications
2 Implementing 802.1X became very cost-prohibitive and complex
ForeScout’s agentless approach and ability to plug into the
3
network out of band reduced integration effort
ForeScout immediately brought in higher value and ROI, turning a
3 year complex integration project into a 2 year success story.
32RWJBarnabas Health Challenge: Fast
Remediation and Containment of an Attack
How ForeScout helped...
Fast SIEM EMM BMC Remedy
Remediation Integration Integration Integration
For some use cases, Integration with SIEM EMM integration brings Enables Helpdesk in
remediation reduced from 30 module enables quick risk agility to managing fast resolution of
minutes or longer to few data correlation risks on mobile devices problems
seconds
33RWJBarnabas Health: Real Life Example of
Containment of an Attack
Alert received in the endpoint security system of a computer
1
infected with ransomware
Location of the system had to be determined quickly to contain
2
the problem
ForeScout determined the system location and removed it from the
3
network in real time
Before ForeScout, it took 30 mins or longer to locate a device and disable it,
now it is done in real time. ForeScout also cut down on staff time as the team
only had to re-image one device compared to multiple if the virus had spread.
34RWJBarnabas Health: Real Life Example of
Fast Remediation
1 Weekly threat report is generated to show risk level
Report shows assets on network that are not reporting to Asset
2
Management system
ForeScout helps IT team remediate by locating and registering
3
these devices
ForeScout reduced time to remediate by 83% (3 hours to 30 mins).
35RWJBarnabas Health Challenge : Regulations
and Framework Adoption
How ForeScout helped...
HIPAA HITECH CIS NIST
Regulation Regulation Framework Framework
Includes real-time controls Includes real-time controls Helps with adoption of Does reporting to enable
and automated reporting to and automated reporting to top three Critical adoption of NIST
enable HIPAA compliance enable HITECH compliance Infrastructure Controls Cybersecurity Framework
36RWJBarnabas Health: Real Life Example of
CIS Adoption
1 CSC 1: Inventory of Authorized and Unauthorized Devices
2 CSC 2: Inventory of Authorized and Unauthorized Software
3 CSC 3: Secure Configurations for Hardware and Software on
Mobile Devices, Laptops, Workstations and Servers.
ForeScout enables CIS framework adoption.
3738
ForeScout Accolades
Gartner IoT Security JP Morgan Chase Hall of Fame Cloud100 World’s Best Deloitte’s Fastest Growing 20 Fastest Growing Security
Market Guide Innovation Award for Transformative Cloud Companies Companies in North America Companies
Gartner, 2016 Security Technology Forbes, 2016, 2017 Deloitte, 2016 The Silicon Valley Review, 2016
JPMC, 2016
Gartner NAC Market Excellence Award for Computer Reseller News Top Inc. 5000 9 Hot Cybersecurity
Guide Threat Solutions Security Company Fastest Growing Companies Startups
Gartner, 2016 Gartner, 2016 CRN, 2016 Inc. 5000, 2016 Nanalyze, 2016
Scale Engineering Customers Service
1M+ 3x 2500+ 87 NPS
Devices in a single Increase In over Net Promoter
deployment in ForeScout R&D 70 countries Score
39Agenda
1. IoT Trends in Healthcare
2. Types of Healthcare Attacks
3. Security Gaps
4. ForeScout Solution and Its Value
5. References, Analyst Reports, Recognition
6. Summary
40Summary
IoT devices are entering Healthcare industry in a big way.
Do you know how many
devices are in your
Many IoT devices lack basic security features and are invisible network?
to traditional security systems, posing bigger security risk!
Request a ForeScout
POC to find out.
Many organizations underestimate number of IoT devices in
their networks thereby opening up vulnerabilities.
ForeScout’s agentless approach has helped companies discover on an average 24% more devices
on their networks – IDC Report.
IDC Paper: https://www.forescout.com/idc-business-value/ 41Thank you!
Cyberattack Example
Los Angeles, CA
Overview: Hackers seized control of hospital’s computer systems and demanded $17,000 ransom in bitcoins
Devices: Malware infected computer systems
Industry: Healthcare
Description: Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the
hospital's computer systems and would give back access only when the money was paid.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most
efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Chief
Executive of the hospital, Stefanek said.
http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html
43Cyberattack Example
Columbia, MD
Overview: MedStar health in alleged ransomware attack
Devices: Malware infected institution Computers
Industry: Healthcare
Description:
MedStar Health, which calls itself the largest healthcare provider in Maryland and Washington, D.C., was forced to disable
their network after an alleged Ransomware attack infected several systems. According to a statement from MedStar, their
network was "affected by a virus" preventing certain users from logging-in to their systems.
MedStar Health patients were being turned away or treated without important computer records Tuesday as the health-care
giant worked to restore online systems crippled by a virus. Later MedStar staff could read — but not update — thousands of
patient records in its central database. Health-care provider paid 45 bitcoins — equivalent to about $19,000 — in exchange for
the digital key that would release the data.
“You just have 10 days to send us the Bitcoin,” the note read, “after 10 days we will remove your private key and it’s impossible
to recover your files.”
https://www.washingtonpost.com/local/medstar-health-turns-away-patients-one-day-after-cyberattack-on-its-
computers/2016/03/29/252626ae-f5bc-11e5-a3ce-f06b5ba21f33_story.html?utm_term=.9953b8f99ba6 44
44Cyberattack Example
Hospital in Austria
Overview: Patients hack their own IV pumps
Devices: IV morphine pump
Industry: Healthcare
Description:
Patients could severely hurt themselves by hacking their own IV pumps. Recently at an unnamed Austrian hospital, there were
two incidents where patients hooked up to an infusion pump and felt their pain management wasn’t enough. The unidentified
patients had to be treated for addiction after becoming dependent on high doses of morphine. Their usage was so severe,
according to the Austrian Times, that one of the patients suffered respiratory arrest.
The patients didn’t need sophisticated tools or savvy to hack the machines. They had simply learned control codes for the
machines online, the Times reported. The hospital has since taken steps to update its drug pumps with new codes and is
gradually swapping out all of the older pumps with newer devices that have unmodifiable codes.
http://www.massdevice.com/hospital-patient-hacks-his-own-morphine-pump-massdevicecom-call/
https://www.zingbox.com/blog/the-medjacking-of-connected-healthcare-devices-can-harm-patients/
45Cyberattack Example Boston, MA Overview: Hospital Targeted by Anonymous DDoS (Distributed Denial of Service) campaign Devices: Denial of Service of Hospital computers Industry: Healthcare Description: Boston Children's Hospital was targeted by a days-long Anonymous DDoS campaign, as the hacktivist group protested the controversial case of Justina Pelletier, who was then being held at the hospital against the wishes of her parents. The Pelletier family brought their daughter, who they claim has a difficult-to-diagnose mitochondrial disorder, to Children’s Hospital to help her get treatment for digestive issues. While there, Children’s Hospital doctors began to think that Pelletier’s symptoms stemmed from psychiatric issues and that she had possibly been abused by her parents. The hospital brought child abuse charges against her parents that were upheld by the Massachusetts Department of Children and Families, and a juvenile court judge. The Boston Globe reports that though the hospital can't identify Anonymous by the hacks alone, the hacker collective did post a YouTube video outlining its problems with the way Children's Hospital handled Pelletier's situation. https://www.bostonglobe.com/business/2014/04/24/hacker-group-anonymous-targets-children-hospital-over-justina-pelletier- case/jSd3EE5VVHbSGTJdS5YrfM/story.html 46
Cyberattack Example
Russian Healthcare Ministry
Overview: Russian healthcare ministry faces DDoS (Distributed Denial of Service) attack
Devices: Servers
Industry: Healthcare
Description:
In Feb 2017, the Russian healthcare ministry’s information assets were hit by a Distributed Denial of Service (DDoS) attack
with four million requests per minute at its height. The ministry’s site was not functioning for 14 minutes during the DDoS
attack.
Russia Healthcare Ministry’s technical services have repelled cyberattacks, the largest in recent years, but fell susceptible to
this DDoS attack. The (cyber) attack had no consequences. According to the sources, the work of the ministry’s official
website was temporarily suspended, neither personal data nor medical confidential information were affected since they are
stored in a protected area, not connected to the Internet.
https://en.news-front.info/2017/02/12/russian-healthcare-ministry-hit-by-large-cyber-attack/
47Known Vulnerability Overview: FDA issues warning on device Devices: Hospira’s Symbiq Infusion pump Industry: Healthcare Description: FDA issues warning that the Hospira’s Symbiq Infusion pumps can be hacked remotely from a hospital’s network. If an unauthorized user controls the device and change the dosage the pump delivers, it could alter infusion of patient therapies. The alert warns healthcare facilities using this system of potential unauthorized access and control of these systems, and includes a recommendation that users transition to alternative infusion systems and discontinue use of the affected pumps until further notice. The alert reads, in part, “The FDA, the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (CS-CERT), and Hospira are aware of cybersecurity vulnerabilities associated with the Symbiq Infusion System. Hospira and an independent researcher confirmed that Hospira’s Symbiq Infusion System could be accessed remotely through a hospital’s network. https://www.healthitoutcomes.com/doc/fda-issues-alert-medication-infusion-pump-hacking-alert-0001 https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm456815.htm 48
Known Vulnerability Overview: Investigators detected malware on medical devices at major healthcare providers Devices: Various medical devices Industry: Healthcare Description: Investigators at San Mateo-based TrapX Security detected malware on medical devices at major healthcare providers across the globe. TrapX says the infected medical devices create a backdoor security breach that puts tens of thousands of patients records at risk. The exact number of stolen records is yet to be determined. Enriquez, the CEO, says TrapX found malware planted on several types of medical devices including an x-ray printer, an oncology unit's MRI scanner, a surgical center's blood gas analyzer and a Healthcare provider's communication system. Malware planted on a blood gas analyzer could impact the information a surgeon uses to determine the amount of anesthesia a patient needs, malware planted on a heart monitor or dialysis machine could result in a fatal breach. https://trapx.com/trapx-reveals-2016-healthcare-breaches-increased-63-percent-year-over-year-medical-device-hijacks-and- ransomware-on-the-rise/ http://abc7news.com/technology/san-mateo-cyber-security-firm-uncovers-malware-on-medical-devices/1757268/ 49
Known Vulnerability Overview: Medical Devices Running Windows XP are easy Targets Devices: Various Medical Devices Industry: Healthcare Description: Security researchers found that thousands of “critical medical systems” are vulnerable and exposed online. One example was a US healthcare organization that had more than 68,000 exposed medical systems. Exposed were 21 anesthesia, 488 cardiology, 67 nuclear medical, and 133 infusion systems, 31 pacemakers, 97 MRI scanners and communications gear. The healthcare org was merely one of "thousands" with equipment discoverable through Shodan, a search engine for things on the public internet. Research found that hospital machinery is at the fingertips of miscreants. Once researchers started changing [Shodan search terms] to target specialty clinics like radiology or podiatry or pediatrics, they ended up with thousands of misconfigured and direct attack vectors. https://www.theregister.co.uk/2015/09/29/thousands_of_directly_hackable_hospital_devices_found_exposed/ 50
Known Vulnerability Overview: Investigators detected vulnerabilities in devices with Windows XP operating system Devices: Various medical devices running Windows XP Industry: Healthcare Description: Medical Devices Running Windows XP are Easy Targets: Security researchers found that thousands of “critical medical systems” are vulnerable and exposed online. One example was a US healthcare organization that had more than 68,000 exposed medical systems. Most medical devices are running Windows XP or XP service pack two and generally don’t have antivirus making them easy targets. https://www.theregister.co.uk/2015/09/29/thousands_of_directly_hackable_hospital_devices_found_exposed/ https://www.wired.com/2017/03/medical-devices-next-security-nightmare/ 51
Known Vulnerability
Overview: Symantec Reports that Healthcare is most targeted by the Gatak Trojan
Devices: Various medical devices
Industry: Healthcare
Description:
The group behind the Gatak Trojan (Trojan.Gatak) continues to pose a threat to organizations, with the healthcare sector in
particular heavily affected by attacks. Gatak is known for infecting its victims through websites promising product licensing
keys for pirated software. While the group focused on US targets, it has diversified over the past two years and attacks are
now taking place against organizations in a broad range of countries. The majority of Gatak infections (62 percent) occur on
enterprise computers. Analysis of recent enterprise attacks indicates that the healthcare sector is by far the most affected by
Gatak. Of the top 20 most affected organizations (organizations with the most infected computers), 40 percent were in the
healthcare sector. In the past, the insurance sector was also heavily targeted by the group.
https://www.symantec.com/connect/blogs/gatak-healthcare-organizations-crosshairs
52Acronym Glossary
AAA Authentication, Authorization and Accounting DB Database IDaaS Identity as a Service NIC Network Interface Card
ACL Access Control List DDoS Distributed Denial of Service iDRAC Integrated Dell Remote Access Controller NIST National Institute of Standards and Technology
ACS Access Control Server [Cisco] DHCP Dynamic Host Configuration Protocol IM Instant Messaging Nmap Network Mapper
AD Active Directory DLP Data Loss Prevention IMAP Internet Message Access Protocol NOC Network Operations Center
ANSI American National Standards Institute DNS Domain Name Server IOC Indicator of Compromise OS Operating System
API Application Programming Interface EDR Endpoint Detection and Response iOS iPhone Operating System [Apple] OT Operational Technology
ARP Address Resolution Protocol EM Enterprise Manager IoT Internet of Things OU Organizational Unit
ATD Advanced Threat Detection EMM Enterprise Mobility Management IP Internet Protocol OVAL Open Vulnerability and Assessment Language
ATP Advanced Threat Prevention ePO ePolicy Orchestrator IPMI Intelligent Platform Management Interface P2P Peer-to-Peer
AUP Acceptable Use Policy EPP Endpoint Protection Platform IPS Intrusion Protection System PAM Privileged Access Management
AV Antivirus FERC Federal Energy Regulatory Commission ISE Identity Services Engine [Cisco] PAN OS 7.x Palo Alto Networks Operating System 7.x
AWS Amazon Web Services FIPS Federal Information Processing standards IT Information Technology PC Personal Computer
BYOD Bring Your Own Device FQDN Fully Qualified Domain Name ITAM Information Technology Access Management PCI Payment Card Industry
C&C Command and Control FTP File Transfer Protocol ITSM Information Technology Service Management PKI Public Key Infrastructure
CA Certificate Authority FW Firewall LAN Local area Network PoE Power over Ethernet
CAM Content Addressable Memory GCP Google Cloud Platform LDAP Lightweight Directory Access Protocol POP3 Post Office Protocol
CASB Cloud Access Security Broker GPO Group Policy Object LLDP Link Layer Discovery Protocol pxGrid Platform Exchange Grid [Cisco]
CCE Common Configuration Enumeration GUI Graphical User Interface MAB Mac Authentication Bypass RADIUS Remote Authentication Dial-In User Service
CDP Cisco Discovery Protocol HA High Availability MAC Media Access Control RAP Roving Analysis Port
CEF Cisco Express Forwarding HBSS Host Based Security System MAPI Messaging Application Programming Interface RDP Remote Desktop Protocol
CIS Center for Internet Security, Inc. HIP Host Information Policy [Palo Alto Networks] MDM Mobile Device Management Reauth Reauthorization
CIUP Cumulative Infrastructure Update Pack HIPAA Health Insurance Portability & Accountability Act MTP Mobile Threat Prevention [FireEye] RI Remote Inspection
CLI Command Line Interface Health Information Technology for Economic and MTTD Mean Time to Detection RM Recovery Manager
HITECH
CMDB Configuration Management Database Clinical Health MTTR Mean Time to Resolution RMM Remote Monitoring and Management
CoA Change of Authorization HITRUST Health Information Trust Alliance NA Not Applicable RO Read Only
HPS Host Property Scanner
CPPM ClearPass Policy Manager NAC Network Access Control ROI Return on Investment
HR Human Resources
CPU Central Processing Unit NAT Network Address Translation RPC Remote Procedure Call
HTML Hypertext Markup Language
CSC Critical Security Controls NBT NetBIOS over TCP/IP RRP Remote Registry Protocol
HTTP Hypertext Transfer Protocol
CSV Comma Seperated Value NERC North American Electric Reliability Corp. RTU Remote Terminal Unit
IaaS Infrastructure as a Service
CUP Cumulative Update Pack NetBIOS Network Basic Input/Output System RW Read/Write
ICMP Internet Control Message Protocol
CVE Common Vulnerabilities and Exposures NGFW Next-Generation Firewall SaaS Software as a Service 53
ID IdentificationAcronym Glossary
System Administration, Networking and Security UDP User Datagram Protocol
SANS
Institute URL Universal Resource Locator
SCADA Supervisory Control and Data Acquisition USB Universal Serial Bus
SCAP Security Compliance Automation Protocol VA Vulnerability Assessment
SCCM System Center Configuration Manager vCT Virtual CounterACT
SDN Software Defined Network VDI Virtual Desktop Infrastructure
SEL System Event Log vFW Virtual Firewall
SGT Security Group Tags [Cisco] VGA Video Graphics Array
SGT Security Group Tags [Cisco] VLAN Virtual Local Area Network
SIEM Security Information and Event Management VM Virtual Machine
SMS Short Message Service VoIP Voice over IP
SNMP Simple Network Management Protocol VPN Virtual Private Network
SOC Security Operations Center
WAF Web Application Firewall
SOX Sarbanes-Oxley
WAN Wide Area Network
SPAN Switch Port Analyzer
WAP Wireless Application Protocol
SQL Structured Query Language
WMI Windows Management Instrumentation
SSH Secure Shell
WSUS Windows System Update Services
SSID Service Set Identifier
The Extensible Configuration Checklist Description
SSL Secure Sockets Layer XCCDF
Format
SSO Single Sign On
XML Extensible Markup Language
STIG Security Technical Implementation Guide
SYSLOG System Log
TACACS Terminal Access Controller Access Control System
TAM Threat Assessment Manager [FireEye]
TAP Threat Analytics Platform [FireEye]
TCO Total Cost of Ownership
TCP Transmission Control Protocol
TIP Threat Intelligence Platform
TLS Transport Layer Security
UBA User Behavior Analytics
54You can also read
