Read Ordr Security Bulletin on Volt Typhoon Advisory Read more here!

The Boy Who Cried Wolf is a story we’ve all heard many times in our lives.  It’s a story that originated in ancient Greece, an original fable of Aesop.    It’s been told many millions of times, in countless languages and undoubtedly with endless cultural variations.  Yet the core message of the fable remains: repeating false or hyperbolic threat information repeatedly serves to diminish significantly the response to the threat with each retelling; eventually and predictably, responses simply cease – creating a situation of great peril when actual danger appears.  The fable is thousands of years old, but its message is startlingly applicable for today’s enterprise IT and security teams.

In the modern enterprise, teams are presented with an exaggerated array of hysterical alarms and alerts on which they are expected to act – yet few have the time and resources to actually do so effectively. And with the high probability of false alarms coming from multiple applications at a rapid pace, it is increasingly difficult to effectively identify and prioritize those that need immediate response.  Even more concerning, staff resources are overwhelmed with addressing and assessing these alerts, reducing their ability to respond with urgency to every real threat. The alerts can become noise, and the entire enterprise is put at great risk.

Couple this fact with the explosion in quantity and heterogeneity of network-connected devices – the Hyper-Connected Enterprise– and it’s clear that we’re at an important tipping point in enterprise network security.  Traditional agent-based and human-generated security models simply cannot scale.  And the answer, despite what every new threat detection vendor tells you, is not in deploying more systems that create more alerts and further tax your already depleted resources.

The answer is, however, quite simple:  take control of the intelligent security infrastructure you already have, and utilize it to regulate and protect your network on your terms.

We’re proud to introduce the Ordr Systems Control Engine (SCE) app now available on Cortex™ by Palo Alto Networks.  In just a few minutes of configuration, Palo Alto Networks customers can begin to implement comprehensive, agentless security policies that utilize their best-in-class Palo Alto Networks Next-Generation Firewall infrastructure to regulate and protect every device connected to their enterprise network.  These policies can improve the perimeter protection of the enterprise by utilizing Palo Alto Networks next-generation firewalls at the network edge, and can significantly increase the security of the entire network – and prevent any East/West propagation of nefarious activity – by utilizing additional Palo Alto Networks next-generation firewalls inside the network protecting critical assets.  This AI-based policy automation and implementation can also segment and protect systems and processes by function, keeping facilities and physical security devices separate from the business-critical data infrastructure, for example.

The cloud-based Ordr SCE app seamlessly and immediately – without the need for any additional hardware such as sensors or analyzers – taps into the massive Cortex Data Lake to automatically identify and classify every device connected to your infrastructure.  Every device, such as IP cameras, HVAC control systems, access badge scanners, self-service kiosks, digital signage, infusion pumps, CT scanners, manufacturing control systems, barcode scanners…EVERY device.  Even the devices that find their way into your environment without your knowledge, like popular employee-owned devices such as Amazon Echo and Apple iPad.  The quantity and variety of these devices is almost unimaginable in the enterprise today…and it’s going to grow by orders of magnitude into the future.

The Ordr SCE not only identifies every device, it provides incredible granularity on exactly what every device is and precisely what each is doing.  We call this mapping the Device Flow Genome, a collection of incredibly valuable data that gives you the power to intelligently design and implement policies that are essential to the security of your organization.

Once you have this level of detail on what’s connected to your network, and what each is doing – and should be doing – the Ordr SCE gives you the power to take control of this vast array of devices to ensure effective protection today and into the future.  The Ordr SCE gives you powerful policy automation to regulate the behavior of every class of device so none are able to communicate in such manner – either inside or outside of your network – that exposes them to risk and vulnerability. And the Ordr SCE gives you the power to fully secure each class of device by implementing micro-segmentation and threat remediation policies with sophisticated and actionable artificial intelligence.

All without any software on or need to physically touch the connected devices. All utilizing the best-of-breed Palo Alto Networks next-generation firewall infrastructure you already have.  All with the power of Cortex, the industry’s only open and integrated AI-based continuous security platform.

Take Control.  Visit the Cortex hub today to learn more about the Ordr Systems Control Engine app.  Or contact us for more information or to schedule a 30 minute demo.

Microsoft is warning users of legacy Windows OS systems that they must act quickly to patch the newly-detected BlueKeep Wormable vulnerability or face dire consequences that could rise to the level of the WannaCry attack that shut down systems worldwide in 2017.  Yikes.

“An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”  – Microsoft, 05/14/2019

To prevent another such catastrophic and global ransomware propagation, organizations are scrambling to identify and remediate assets that are vulnerable as per Microsoft’s recent announced critical flaw CVE-2019-0708 that affects legacy operating systems — Windows 2003, Windows 7, Server 2008, and XP. However, this remains a daunting challenge for enterprises who have deployed vast numbers of network-connected devices – medical, industrial, manufacturing, facilities, and other OT/IOT – that run on embedded legacy Windows operating systems.  In today’s hyper-connected enterprise, the massive quantity and heterogeneity of these connected devices makes the task of addressing this critical vulnerability even more daunting.

Take control with Ordr.

The Ordr Systems Control Engine, or SCE, can quickly and automatically identify all devices connected to your enterprise network that are vulnerable.  Critically, the Ordr SCE uses only passive monitoring techniques, which – unlike active vulnerability scanning tools – will not disrupt your mission-critical and often sensitive equipment. You can procure a list of these systems quickly, and bypass the traditionally manual and time-consuming process of physically tracking down known inventory assets and assessing each individually for risk and vulnerability.  Timing is critical, so eliminating this manual process will save you not only time and money, it could be critical in protecting your brand, in ensuring the security of your data, in possibly saving lives.

Once you know what’s at risk, you can easily use the Ordr SCE to automate and deploy microsegmentation policies, enabling your infrastructure to basically operate as a bodyguard for each device, to isolate and protect each device from any future exploit that weaponizes CVE-2019-0708. These protections can be implemented in your existing network and security tooling, such as your switches, NAC tools, and firewalls. This compensating control allows you to dramatically reduce the risk so you can confidently continue to operate your legacy equipment until, at some point, the manufacture provides a patch.

Here’s a video that shows you how Ordr can help.  Contact me if you want to learn more.