We’re in the midst of a massive transformation in which security professionals around the world are radically rethinking how they protect the enterprise from modern threats. Users are spreading out from corporate headquarters—logging in from remote offices, customer sites, coffee shops, and dining room tables. At the same time, modern applications are moving from a static monolithic architecture to the microservices model, in which they’re split up into dozens or even hundreds of pieces and pushed out to multiple cloud providers. Security, designed to protect the perimeter, is slowly evolving to meet these new realities.
Along with this transformation comes a lot of jargon and a slew of acronyms, such as SASE, ZTNA, DLP, and my favorite, WAAPaaS (which, in my native British accent, sounds like the noise Batman makes when he punches a villain). It’s enough to make your head spin.
How do you make sense of this cornucopia of new security acronyms?
Take a look at our primer to learn the terms you need to protect the enterprise from modern cybersecurity threats.
AV (Anti-Virus): OK, we’ll start with an easy one. Anti-virus capabilities stop known malware. Many malicious actors make an initial breach; lie in wait undetected for weeks, months, or years; and then execute their payload that helps them rapidly move from device to device. In today’s distributed environment, it’s absolutely critical that you’re able to detect viruses before they make that initial breach or execute their payload and start to spread. While anti-virus software has become less effective over time, given the velocity with which attackers change their threats, it’s still important in order to make sure the volume of older threats are addressed.
BYOD (Bring Your Own Device): Users today expect to be able to access critical business systems, applications, and data from their personal devices—making it essential that the security team is able to control access to both managed (company owned) and unmanaged (privately owned) devices. This is especially critical in healthcare. Many doctors and nurses are technically independent contractors who use hospital and clinic facilities for their private practice, and they bring their own devices to access the hospital network. The hospital’s security team still needs to apply the appropriate security policies to these unmanaged devices.
CASB (Cloud Access Security Broker): Cloud transformation has pushed many critical applications to the cloud and Software as a Service (SaaS) platforms. CASB solutions provide users with safe, secure access to SaaS platforms—including detection of both sanctioned and unsanctioned SaaS applications and sensitive data discovery and monitoring. It’s important that your CASB solution is able to monitor both traffic flowing from the SaaS platform (malware) and traffic flowing to SaaS platforms (data exfiltration).
CSP (Content Security Policy): CSP prevents cross-site scripting, clickjacking, and other code injection attacks originating from malicious content embedded in a trusted web page. The point here is that trust has an expiration date. A website deemed safe one day may be infiltrated with malicious content (usually through advertising or other third-party modules) the next day. Trust must be verified at the point of click.
DLP (Data Loss Prevention): Organizations need to continuously monitor for sensitive information leaving the network. A DLP solution in the cloud is able to monitor traffic outside the traditional perimeter, where users access information on the Internet. It’s important that the DLP solution is lightweight, invisible to users, and able to record what happened, how it happened, and who was involved.
EDR (Endpoint Detection and Response): EDR continually monitors the health of distributed devices and allows the security team to respond to cyberthreats. As devices spread out from the data center, it’s important that they’re detectable by EDR solutions and protected from sophisticated cybersecurity threats.
FWaaS (Firewall as a Service): A traditional firewall monitors all traffic that passes through the perimeter, but now that users, devices, and applications are moving outside the data center, there’s no perimeter anymore. Organizations still need to monitor and block traffic that wants to interact with users, systems, and data, so it makes sense to move firewall capabilities to the cloud and deliver them as a service to distributed users. This way, the organization can monitor for malicious connections and apply the appropriate security and network policies to all traffic.
MFA (Multi-Factor Authentication): Knowing who is trying to access the network and confirming the identity of that person are key components of the Zero Trust approach to cybersecurity. MFA uses several methods for determining authentications—most typically through an initial password and then through a token passed to an already trusted device.
RBI (Remote Browser Isolation): Not just a baseball term, RBI removes the risk of interacting with potentially malicious content by executing dynamic content away from the endpoint in a remote browser in the cloud—cutting off threat actors’ access to the endpoint device. This protects users’ devices from web- and email-based cyberattacks such as phishing, ransomware, drive-by exploits, and zero-day attacks.
SASE (Secure Access Service Edge): SASE enables a Zero Trust approach to enterprise security by giving organizations a consolidated framework from which to deliver security and networking services through the cloud. SASE is designed to connect distributed users, devices, branch offices, apps, and SaaS platforms—regardless of physical location. This allows users to securely and seamlessly access whatever tools and information they need wherever and whenever, without posing a risk to the organization. You’ll definitely want to know more about this architecture, as it’s primed to be the blueprint for all modern enterprise security.
SD-WAN (Software-Defined Wide Area Network): A critical component of SASE, SD-WAN automatically optimizes traffic route paths between two locations across any network architecture. Modern enterprises can use SD-WAN to route traffic through the appropriate security controls without impacting the user’s browsing experience.
SIEM (Security Information and Event Management): Many security teams use a SIEM solution to correlate huge amounts of reporting data and draw conclusions in threat investigations. This is critical for understanding security event context to conduct root-cause analysis and stop future attacks.
SOC (Security Operations Center): Whether internal or through a service provider, SOC teams are responsible for investigating potential breaches within an organization, using forensic tools and threat intelligence to figure out how a threat entered and what—if anything—happened that needs remediation.
SWG (Secure Web Gateway): A SWG protects users from web-based threats on the Internet by preventing malicious content from accessing the endpoint. SWG solutions typically work by blocking inappropriate or malicious websites based on policies set by the enterprise cybersecurity team. The SWG typically replaces the proxy in a traditional hub-and-spoke security model, in which all traffic is backhauled to the physical appliance in the data center.
VPN (Virtual Private Network): OK, another easy one. A VPN allows remote users to connect directly to the corporate network across public infrastructure as if they were in the office. The problem with a VPN is that it requires all traffic to be backhauled to the data center, creating massive latency and bandwidth issues. This solution is fine when only 10 percent of the workforce is working from home, but as we saw in the last year, organizations run into major performance issues when 100 percent of the workforce goes remote. Split tunneling (routing application traffic back to the data center while allowing direct connections to the Internet) is a common method for getting around these performance issues, but allowing users to connect directly to websites and SaaS platforms is not a viable option given today’s dangerous threat landscape.
WAAPaaS (Web Application and API Protection as a Service): WAAPaaS protects users, devices, and the data center from malicious intent originating from web applications. It works by monitoring web app traffic (HTTP and encrypted HTTPS) for malicious SQL injections, cross-site scripting, and file executions. It combines WAF, API security, bot management, and DDoS protection in a single tool designed to prevent malicious actors from getting into your web-facing applications.
WAF (Web Application Firewall): A critical component of WAAPaaS, a web application firewall filters, monitors, and blocks HTTP traffic moving to and from a web service. WAF is specifically used to prevent DDoS attacks from shutting down an organization’s web application.
ZTNA (Zero Trust Network Access): Modern enterprises need to make sure distributed entities (users, devices, applications, remote offices, and SaaS platforms) are able to securely connect to applications. Unlike VPN connections, ZTNA operates on a Zero Trust model in which access is granted only to applications required for a particular person or role to do their job. In this way, connecting to the network doesn’t provide the ability to scan or search across the whole network. It’s critical that your ZTNA solution gives the security team the ability to secure a wide range of managed and unmanaged entities.
Now it’s time to cut through the security jargon and learn how you can carve a path to a seamless security transformation journey. Today’s distributed workforce requires quick and seamless anywhere, anytime access. While that poses challenges for security organizations, there are effective ways to secure work and protect productivity. Here’s where you can start.