A
Access Control
Restricting access to systems, networks, or devices to authorized users only. In asset security, effective access control is built on device identity and real-time behavior, not just where a device sits on the network.
ACL (Access Control List)
A rule set that defines what traffic is permitted or denied between network devices and segments. ACLs are the primary mechanism for enforcing segmentation at the network layer. ORDR Code generates ACLs automatically based on observed device behavior, removing the manual lift from policy creation.
Active Discovery
Finding devices on a network by sending probes and analyzing responses. Comprehensive and fast, but can disrupt sensitive or legacy devices. In healthcare and OT environments, passive discovery is typically preferred. See also: Passive Discovery.
Agentic Security
A security model where autonomous AI agents take coordinated action, querying asset data, correlating risk, generating policies, and triggering enforcement, with minimal human intervention. ORDR IQ is built on this model, using specialized agents that work together to move from a question to an automated outcome.
Agent-Based Security
A security approach that requires software installed directly on each endpoint to collect telemetry and enforce policy. It works well for managed IT devices but breaks down entirely for IoT, OT, and IoMT environments where most devices cannot support an agent.
Agentless Discovery
Identifying and profiling devices without installing anything on them. ORDR uses network traffic analysis, API integrations, and protocol inspection to build accurate asset profiles for devices that traditional tools cannot touch, including medical equipment, PLCs, and building systems.
Air-Gapped Network
A network physically isolated from the public internet, historically used as the primary security control for OT environments. IT/OT convergence and operational needs have eroded many air gaps, making active monitoring and segmentation necessary even in environments once considered sealed.
Anomaly Detection
Identifying device behavior that deviates from its established baseline. In IoT and OT environments, this is often the only way to catch threats, since most of these devices are invisible to signature-based tools. ORDR builds device-specific baselines from real observed traffic and surfaces deviations as they happen.
Asset
Any physical or virtual entity on an organization’s network: IT endpoints, IoT sensors, OT controllers, IoMT medical devices, cloud workloads, and applications. You cannot protect what you cannot see, which is why asset visibility is where every security program has to start.
Asset Classification
Categorizing discovered devices by type, function, manufacturer, OS, and risk level. ORDR uses AI/ML trained on more than 100 million device profiles to classify assets automatically, so teams get accurate, detailed profiles without manual research.
Asset Intelligence
Deep, contextual knowledge about every asset in an environment, including what it is, how it behaves, what vulnerabilities it carries, and how it connects to everything else. It is the difference between a list of devices and actually understanding your environment well enough to act on it.
Asset Intelligence Graph
ORDR’s structured data layer that stores pre-computed relationships and correlated context across millions of assets and device types. When security teams query ORDR IQ, answers come from this deterministic foundation, not from probabilistic AI generation.
Asset Inventory
A complete, current record of every device on a network: make, model, OS version, firmware, location, and connectivity. Without it, vulnerability management, compliance reporting, and segmentation are all built on guesswork.
Asset Lifecycle Management
Tracking a device from procurement through decommission. End-of-life and unauthorized devices are a persistent source of risk, particularly in healthcare and manufacturing where device sprawl is hard to control without automated visibility.
Asset Risk Score
A single number reflecting an asset’s overall security risk. ORDR’s scoring weighs asset criticality, CVSS severity, KEV and EPSS data, network exposure, and device classification together, so teams know which devices to act on first without manually cross-referencing multiple data sources.
Attack Surface Management
The continuous process of discovering, inventorying, and reducing exploitable entry points across an environment. In environments with significant IoT, OT, and IoMT deployments, the attack surface grows constantly and cannot be managed manually. See also: CAASM.
B
Behavioral Baseline
The normal, expected communication and behavior pattern for a specific device or asset class, built from real observed traffic rather than generic profiles. ORDR uses baselines to distinguish legitimate device activity from anomalies worth investigating, and to generate segmentation policies that reflect how devices actually communicate.
BMS (Building Management System)
Systems controlling building infrastructure including HVAC, lighting, elevators, and physical access. BMS devices are increasingly IP-connected and regularly sit on corporate networks with little to no security monitoring, making them a practical entry point for attackers.
C
CAASM (Cyber Asset Attack Surface Management)
A security discipline centered on maintaining complete, accurate visibility into all cyber assets and their exposures. CAASM consolidates data from across an organization’s tool stack to surface gaps in coverage, ownership, and risk that would otherwise stay hidden.
CMDB (Configuration Management Database)
A repository tracking IT assets, their configurations, and their relationships. CMDBs are foundational to IT operations but typically have poor coverage of IoT, OT, and IoMT devices. ORDR integrates with CMDBs like ServiceNow to automatically enrich and validate asset records with data those systems cannot collect on their own.
Compliance
Meeting the regulatory and contractual requirements that govern how systems and data must be protected. For ORDR’s core markets, the most relevant frameworks include HIPAA for healthcare, NIST CSF broadly, and ISA/IEC 62443 for industrial environments.
Connected Medical Device
Any medical device that communicates over a network, from infusion pumps and ventilators to imaging systems and patient monitors. These devices are regulated, often run outdated software, and cannot support endpoint agents, which is what makes IoMT security a distinct and demanding problem.
Continuous Monitoring
Ongoing, automated assessment of an organization’s security posture across asset inventory, vulnerability status, behavioral baselines, and configuration drift. Point-in-time assessments miss the constant change that real environments see. ORDR monitors all asset classes continuously in real time.
CVE (Common Vulnerabilities and Exposures)
A publicly disclosed security flaw in software or firmware, each assigned a unique identifier. CVEs form the basis of vulnerability management and are mapped by ORDR to specific assets so teams can prioritize remediation based on actual exposure, not just severity scores.
CVSS (Common Vulnerability Scoring System)
A standardized 0 to 10 scale for rating vulnerability severity. A useful starting point, but CVSS alone does not tell you which vulnerabilities are being actively exploited or which assets are most critical to the business. ORDR combines CVSS with KEV, EPSS, and asset context to produce prioritization that actually reflects real risk.
Cyber-Physical System (CPS)
A system where computing and physical processes are tightly coupled, including industrial control systems, medical devices, and smart infrastructure. A compromise is not just a data problem. It can mean equipment failure, patient harm, or operational shutdown.
D
DCS (Distributed Control System)
An industrial control system where controllers are distributed throughout a facility rather than centralized. Common in oil and gas, chemicals, and power generation. DCS environments often include decades-old devices running proprietary protocols that standard security tools cannot interpret.
Deep Packet Inspection (DPI)
Network analysis that examines full packet content, not just headers. In OT and IoT environments, DPI is essential for understanding device behavior because many industrial and medical protocols are proprietary and invisible to tools that only inspect standard traffic.
Discovery Engine
ORDR’s technology for automatically identifying and profiling every device on a network using passive traffic analysis, active probing, and API integrations. Trained on more than 100 million device profiles, it classifies assets with the specificity needed to build accurate risk scores and segmentation policies.
Drift
A deviation from an asset’s known-good configuration or behavioral baseline. Drift can indicate compromise, unauthorized change, or misconfiguration. ORDR detects it continuously and can trigger automated investigation or enforcement in response.
E
East-West Traffic
Traffic moving laterally between devices inside a network, as opposed to north-south traffic entering or leaving. Attackers rely on east-west movement to spread after gaining initial access. Microsegmentation is the primary control for containing it.
EDR (Endpoint Detection and Response)
Security software that monitors managed endpoints for threats and enables rapid response. EDR is effective for laptops and servers but has no coverage of IoT, OT, or IoMT devices. That gap is a core part of what ORDR solves.
EPSS (Exploit Prediction Scoring System)
A probability model estimating how likely a given CVE is to be exploited in the wild within the next 30 days. ORDR incorporates EPSS alongside CVSS and KEV data to help teams focus on vulnerabilities that represent real, active risk rather than theoretical severity.
Exploit
Code or a technique that takes advantage of a vulnerability to perform an unauthorized action. The combination of a known exploit and an unpatched, unmanaged device is one of the most common starting points for a serious incident.
Exposure Management
Continuously identifying and reducing exploitable exposures across all assets and environments. Broader than vulnerability management, it factors in asset context, network reachability, threat intelligence, and business impact to help teams understand not just what is vulnerable but what is actually at risk.
F
Firewall
A system that monitors and controls network traffic based on defined rules. Next-generation firewalls are a primary enforcement point for segmentation policies. ORDR integrates with firewalls to push and validate policies automatically based on observed device behavior.
Firmware
Permanent software embedded in hardware that controls device operation. In IoT, OT, and IoMT environments, outdated firmware is one of the most persistent vulnerability sources. Vendor restrictions, uptime requirements, and device limitations often make patching impossible on a normal schedule.
Flow Analysis
Examining network communication patterns including source, destination, protocol, frequency, and volume to understand how devices behave and surface what is out of the ordinary. ORDR analyzes millions of flows to build the behavioral baselines that drive both anomaly detection and segmentation policy generation.
H
HDO (Healthcare Delivery Organization)
A hospital, health system, clinic, or other patient care organization. HDOs operate some of the most complex and diverse device environments in any industry, with IoMT, IT, and OT systems all running on shared or adjacent networks under strict HIPAA and FDA requirements.
HIPAA (Health Insurance Portability and Accountability Act)
U.S. law establishing requirements for protecting patient health information. Relevant to ORDR because connected medical devices and clinical systems that handle PHI must meet HIPAA Security Rule controls, including access controls, audit logging, and breach notification requirements.
HITECH (Health Information Technology for Economic and Clinical Health Act)
U.S. law that strengthened HIPAA’s security provisions and introduced mandatory breach notification. Increased accountability for healthcare organizations and their technology partners around how patient data is protected.
HMI (Human Machine Interface)
The operator-facing interface for monitoring and controlling industrial equipment and control systems. HMIs are high-value targets in OT attacks because compromising one can give an attacker direct visibility into and control over physical processes.
HTM (Healthcare Technology Management)
The discipline responsible for managing medical devices across their full lifecycle, from procurement and deployment through maintenance and decommissioning. HTM teams are key partners in IoMT security programs because they own device data and operational context that security teams need.
I
ICS (Industrial Control System)
Systems that monitor and control physical industrial processes, including SCADA, DCS, and PLCs. ICS is the backbone of critical infrastructure across manufacturing, energy, utilities, and transportation, and it represents some of the highest-consequence targets in cybersecurity.
IIoT (Industrial Internet of Things)
IoT technology applied to industrial settings, including connected sensors, actuators, and machinery in manufacturing, oil and gas, utilities, and logistics. IIoT devices extend the reach of OT networks and are a growing focus for both operational efficiency and security risk.
Incident Response
The process of detecting, containing, investigating, and recovering from a security incident. Speed depends heavily on asset context. Knowing what a device is, who owns it, what it normally does, and what it is connected to cuts investigation time significantly. ORDR surfaces that context automatically.
IoC (Indicator of Compromise)
Evidence that a device or system has been breached, such as connections to known malicious infrastructure, unexpected process activity, or unusual communication patterns. Correlating IoCs against an accurate asset inventory lets teams quickly determine scope and contain incidents before they spread.
IoMT (Internet of Medical Things)
The category of connected devices used in clinical care, including patient monitors, infusion pumps, imaging systems, ventilators, and wearables. IoMT devices are regulated, often run legacy operating systems, cannot support agents, and have direct patient safety implications if compromised or taken offline.
IoT (Internet of Things)
Physical devices with embedded sensors, software, and network connectivity that exchange data over a network. Enterprise IoT spans thousands of device types, from IP cameras and badge readers to HVAC controllers and industrial sensors, most of which are invisible to traditional security tools.
ISA/IEC 62443
An international standards series for securing Industrial Automation and Control Systems. Widely adopted in manufacturing and critical infrastructure, it defines security requirements across people, processes, and technology. Its zone-and-conduit model for network segmentation is the framework most OT security architects work from.
IT (Information Technology)
The systems and infrastructure used to store, process, and transmit information, including laptops, servers, and cloud workloads. Traditional security tools were designed for IT environments and struggle to extend coverage to IoT, OT, and IoMT.
IT/OT Convergence
The integration of IT and OT networks and systems as organizations digitize operations. Convergence creates efficiency gains but connects systems that were never designed to coexist securely, expanding the attack surface in ways that catch most organizations unprepared.
ITSM (IT Service Management)
Practices for managing IT service delivery and operations. ORDR integrates with ITSM platforms like ServiceNow to push asset data, open remediation tickets, and keep configuration records in sync automatically as the environment changes.
K
KEV (Known Exploited Vulnerability)
A CVE listed in CISA’s Known Exploited Vulnerabilities catalog, meaning it has confirmed, active exploitation in the wild. KEVs represent the highest-urgency remediation targets and are a core input to ORDR’s risk scoring.
L
Lateral Movement
How attackers spread through a network after initial access, moving from device to device toward higher-value targets. In flat or poorly segmented networks, a single compromised IoT device can become a pivot point into clinical systems, operational infrastructure, or enterprise IT. Microsegmentation is the primary control.
Least Privilege
The principle that every user, device, and process should have only the access required to perform its specific function, nothing more. In device security, least privilege means segmentation policies that allow only the communication a device actually needs and block everything else.
Legacy Device
A device running hardware, firmware, or software that is no longer actively supported or patchable. Extremely common in healthcare, manufacturing, and utilities. Because these devices usually cannot be updated, segmentation and continuous monitoring become the primary security controls rather than remediation.
M
MDM (Mobile Device Management)
Software for managing and securing mobile and endpoint devices. MDM provides solid coverage for managed IT assets but has no reach into IoT, OT, or IoMT environments, which is one of the core reasons those device categories require a dedicated approach.
Microsegmentation
Dividing a network into granular, isolated zones at the device or workload level and enforcing identity-based traffic policies between them. More precise than traditional network segmentation because policies are tied to what a device is and what it actually does, not just where it sits on the network. ORDR automates policy generation and deployment based on observed device behavior.
Multi-Agent Orchestration
An AI architecture where multiple specialized agents work in parallel to complete complex tasks, such as querying asset inventory, correlating risk signals, generating segmentation policies, and triggering enforcement, in a coordinated workflow. ORDR IQ is built on this model, enabling security teams to move from a question to an automated outcome without stitching together multiple tools manually.
N
NAC (Network Access Control)
A solution that controls which devices are allowed onto a network and enforces conditions for connectivity. ORDR integrates with NAC solutions as an enforcement layer, feeding device identity and risk context to trigger quarantine, VLAN assignment, or access restriction automatically when conditions are met.
Network Segmentation
Dividing a network into separate zones to contain threats and limit the damage from a breach. A foundational security control in healthcare, manufacturing, and critical infrastructure and a requirement under frameworks including HIPAA, NIST CSF, and ISA/IEC 62443. See also: microsegmentation, VLAN, zero trust.
NIST (National Institute of Standards and Technology)
The U.S. agency responsible for developing widely adopted cybersecurity standards and frameworks, including the Cybersecurity Framework and SP 800-53.
NIST CSF (Cybersecurity Framework)
A framework organizing security activities into five functions: Identify, Protect, Detect, Respond, and Recover. Used across industries as a common language for assessing and communicating security maturity. Asset visibility sits at the foundation of the Identify function.
O
ORDR Cloud
ORDR’s cloud-delivered platform providing agentless asset discovery, behavioral analysis, risk scoring, and automated policy orchestration across IT, IoT, OT, and IoMT environments.
ORDR Code
The ORDR capability that automatically generates network access control policies, including ACLs and VLAN configurations, based on how devices actually communicate. Policies go through human review before deployment, keeping teams in control without requiring them to write rules manually.
ORDR IQ
ORDR’s AI-powered orchestration engine. Security teams can ask questions in natural language and get back actionable results drawn from verified asset intelligence. ORDR IQ coordinates specialized agents to handle everything from vulnerability investigation to policy generation and enforcement.
OT (Operational Technology)
Hardware and software that monitors or controls physical processes, including industrial control systems, SCADA, PLCs, and RTUs. OT environments prioritize availability and safety above all else, run proprietary protocols, and have devices that often cannot be patched or replaced on normal IT timelines.
OT Security
Protecting operational technology from cyber threats while respecting the constraints that define OT environments: legacy devices, proprietary protocols, uptime requirements, air-gapped architectures, and the reality that a disruption has physical, not just digital, consequences.
P
Passive Discovery
Identifying and profiling network assets by analyzing existing traffic without sending probes. Zero disruption to devices or operations, which makes it the default approach in clinical networks and active OT environments where an unexpected probe can cause real problems.
Patching
Applying software or firmware updates to fix known vulnerabilities. A standard practice in IT that breaks down in IoT, OT, and IoMT environments, where vendor restrictions, device age, and uptime requirements make patching impractical or impossible. Segmentation and monitoring fill the gap.
PHI (Protected Health Information)
Individually identifiable health information created, received, stored, or transmitted by a healthcare organization. Protected under HIPAA. Every connected device that touches PHI, including medical devices, clinical workstations, and network infrastructure, falls within the scope of HIPAA Security Rule requirements.
PLC (Programmable Logic Controller)
An industrial computer that automates electromechanical processes in manufacturing, energy, and utilities. PLCs are high-value targets because they directly control physical operations, often run decades-old firmware, and rarely support any form of endpoint security.
Policy Automation
Automatically generating, deploying, and maintaining security policies based on asset intelligence and defined security objectives. Removes the manual bottleneck from segmentation and access control, which is particularly important in environments where device populations change constantly and hand-crafting rules does not scale.
Posture Management
Continuously measuring and improving an organization’s security configuration across all assets. Covers inventory accuracy, vulnerability status, patch levels, behavioral baselines, and configuration compliance. The goal is not a point-in-time snapshot but an always-current understanding of where risk exists.
Purdue Model
A hierarchical reference architecture for ICS and OT network design that organizes industrial systems into levels, from field devices at the bottom to enterprise IT at the top. Widely used to define segmentation zones and security boundaries in OT environments and referenced explicitly in ISA/IEC 62443.
R
Ransomware
Malware that encrypts systems and demands payment for restoration. Healthcare, manufacturing, and critical infrastructure are the highest-impact targets because downtime is not just a financial problem but an operational and safety one. Unmanaged devices and flat, unsegmented networks are consistently how ransomware spreads.
RBAC (Role-Based Access Control)
Restricting platform access based on a user’s organizational role. In an asset security context, RBAC ensures that security analysts, HTM engineers, and OT operators each work within a view scoped to their responsibilities, without exposing data or controls outside their function.
Remote Access
Connecting to a network, device, or system from an external location. Remote access to OT and IoMT systems carries significant risk because these environments were not designed with external connectivity in mind. Several major industrial and healthcare incidents have originated through poorly secured vendor or contractor access.
Risk-Based Prioritization
Focusing remediation effort on the exposures that pose the greatest actual risk rather than working through vulnerabilities by severity score alone. Factors in exploitability, asset criticality, business impact, and real-world threat data. The difference between fixing the right things first and spending cycles on vulnerabilities that will never be exploited.
RTU (Remote Terminal Unit)
A device that monitors and controls remote field equipment and reports back to a SCADA system. Common in utilities, oil and gas, and water treatment. RTUs are often decades old, operate in physically remote locations, and have limited or no security controls.
S
SBOM (Software Bill of Materials)
A complete inventory of every software component, library, and dependency in a product or system. Critical for vulnerability response because it tells you exactly which systems are affected when a new CVE drops. Increasingly required by the FDA for medical devices and by executive order for software sold to the federal government.
SCADA (Supervisory Control and Data Acquisition)
A control system architecture that uses networked computers and graphical interfaces to monitor and manage industrial processes. SCADA systems are used across utilities, manufacturing, oil and gas, and transportation, and represent some of the most sensitive infrastructure in OT security scope.
Security Hygiene
The foundational practices that keep an environment secure over time: accurate asset inventory, patched vulnerabilities where possible, enforced access controls, and removal of unauthorized or end-of-life devices. Hard to maintain without automation in environments where device populations are large and constantly changing.
Segmentation Policy
A rule set defining what traffic is allowed between network segments, devices, or zones. Effective policies are built on device identity and observed communication behavior, not just IP ranges or VLAN assignments, which is why behavioral data is essential to getting them right.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security event data across an organization’s infrastructure. ORDR integrates with SIEMs to add device context to alerts, giving analysts the asset detail they need to investigate faster and more accurately.
SOAR (Security Orchestration, Automation, and Response)
A platform that automates security workflows across tools, including alert triage, investigation, and response. ORDR IQ provides built-in orchestration for asset-centered workflows, so teams can move from detection to enforcement without relying on a separate SOAR platform for IoT and OT scenarios.
SOC (Security Operations Center)
The team and infrastructure responsible for continuous threat monitoring, detection, and response. SOC analysts working in environments with significant IoT, OT, or IoMT device populations often have poor visibility into those assets. ORDR closes that gap by providing device context alongside every alert.
Software Inventory Collector
An ORDR lightweight script that identifies installed software and maps known vulnerabilities for assets that cannot be actively scanned, including legacy devices and systems with network access restrictions. Fills coverage gaps that traditional vulnerability scanners leave behind.
T
Third-Party Risk
Security risk introduced by vendors, contractors, or service partners who access an organization’s systems. In healthcare and industrial environments, third-party remote access to OT and IoMT systems is a frequently exploited attack vector and one of the hardest to control without full device visibility.
Threat Detection
Identifying active or emerging threats across an environment in real time. For IoT, OT, and IoMT devices, effective detection requires behavioral analysis and anomaly detection since signature-based approaches cannot cover devices they cannot see or profile.
Threat Intelligence
Evidence-based information about adversary tactics, active exploits, and known threats in the wild. ORDR incorporates threat intelligence including CISA KEV data and EPSS scores to give asset risk scores real-world context rather than relying solely on theoretical severity ratings.
U
UDI (Unique Device Identifier)
A standardized identifier required by the FDA for medical devices sold in the United States. UDIs enable tracking across the supply chain, support recall management, and provide a reliable anchor for building accurate asset inventory in healthcare environments where device data is often fragmented across multiple systems.
Unmanaged Device
A device not enrolled in MDM, EDR, or any other endpoint management system. Includes most IoT, OT, and IoMT assets. Unmanaged devices are invisible to conventional security tools and represent the largest and fastest-growing source of risk in enterprise environments.
V
VLAN (Virtual Local Area Network)
A logical grouping of network devices into separate broadcast domains. A common mechanism for implementing network segmentation, but VLAN-based segmentation is coarse and topology-dependent. Microsegmentation provides finer-grained, identity-based control that does not require network redesign.
Vulnerability
A weakness in software, firmware, hardware, or configuration that could be exploited. In IoT, OT, and IoMT environments, vulnerabilities are especially persistent because the devices often cannot be patched and may stay in production for years or decades after a flaw is discovered.
Vulnerability Management
The full process of identifying, assessing, prioritizing, and remediating vulnerabilities across an asset inventory. In environments with unmanaged devices, this requires going beyond traditional scanners. ORDR maps vulnerabilities to assets that cannot be scanned and surfaces prioritized remediation guidance based on real risk factors.
X
XDR (Extended Detection and Response)
A platform that unifies detection and response across endpoints, networks, and cloud. ORDR integrates with XDR platforms to provide the device context needed to investigate and respond to alerts involving IoT, OT, or IoMT assets that the XDR cannot profile on its own.
XIoT (Extended Internet of Things)
An umbrella term covering IT, IoT, IIoT, OT, and IoMT together. Reflects the reality that these environments are converging and that attackers do not respect the boundaries organizations draw between them. Securing the full XIoT requires a platform that can see and act across all of it.
Z
Zero-Day
A vulnerability unknown to the vendor with no patch available. Especially dangerous in OT and IoMT environments where even known vulnerabilities often go unpatched. When a zero-day hits, segmentation and behavioral monitoring are often the only controls that can limit the blast radius.
Zero Trust
A security model requiring continuous verification of every user, device, and network flow before granting access, regardless of where they are on the network. The core shift is from assuming devices inside the perimeter are safe to assuming nothing is trusted until proven otherwise.
Zero Trust Architecture (ZTA)
The implementation of zero trust principles across an organization’s infrastructure. Requires comprehensive asset visibility, identity-based access controls, least-privilege policies, microsegmentation, and continuous monitoring working together. Asset intelligence is the prerequisite because you cannot enforce zero trust for devices you cannot see or classify.
Zero Trust Network Access (ZTNA)
A security service that grants access to specific applications and resources based on user identity, device posture, and real-time context, rather than providing broad network access. Increasingly used to replace VPN for remote access to sensitive OT and clinical environments.
