Ordr Appoints Wes Wright as Chief Healthcare Officer Read more here!

As we wrap up Cybersecurity Awareness Month, it’s worth noting that the final week’s theme is “The Future of Connected Devices”.

The theme seems timely as this is also the same week that CISA issued an advisory on an imminent ransomware attack against healthcare organizations. In the advisory, CISA, FBI, and HHS said they had credible information that malicious cyber actors were targeting the healthcare vertical with Trickbot malware, “often leading to ransomware attacks, data theft, and the disruption of healthcare services.”

Cyber attackers thrive on confusion and chaos, and it is clear that they are taking advantage of the current rise in COVID-19 cases.  As hospitals scramble to respond to the increase in cases, they are  deploying more medical and IoT devices that are potentially vulnerable to cyberattacks. We now know that attacks not only impact the bottom line (example ransomware payments) but can disrupt facilities in ways that may be fatal to patients.

Which brings us back to this week’s theme; it’s clear the future of connected devices is a critical problem that needs to be addressed. While this week’s headlines are about vulnerable healthcare organizations, IoT devices are so pervasive that securing them is a challenge that needs to be addressed in all industries. The future of connected devices requires collaboration among three entities – manufacturers of these devices, IT and cybersecurity teams, and IoT security vendors (like Ordr).

IoT Device Manufacturers

IoT device manufacturers play a key role in the future of connected devices. If more devices are built with security in mind, we can eliminate some fundamental issues such as insecure software stacks (that led to Ripple20 vulnerabilities), generic default passwords, or unsecured backdoors on devices.

Requirements are being built into government and industry standards. NIST has been working on a draft of foundational security functionality that needs to be built into products. The FDA now has oversight of medical device security. And, on September 14th, the House of Representatives voted in favor of the IoT Cybersecurity Improvement Act of 2020, that will establish minimum security standards for Internet of Things devices owned or controlled by the Federal Government.

Additionally, there are several IoT industry standards being worked on by the IoT Security Foundation, the IEEE, the Trusted Computing Group, the IoT World Alliance and the Industrial Internet Consortium Security Working Group.

IT and Cybersecurity Teams

IT and cybersecurity teams need to prioritize the security of connected devices in their network for two reasons. First, these devices are typically critical to their business and any issues will impact operations. Second, the massive volume of these devices, compared to managed endpoints such as laptops and servers, means that there is a massive attack surface that is new.

In order to successfully implement an IoT security program, IT and cybersecurity teams need to work with connected device owners that can range from biomedical and HTM teams, and physical security teams, to facilities or IT Operations teams. They also need to consider a comprehensive device security lifecycle for every device their bring into their environment, and demand the highest levels of security from manufacturers.

IoT Security Vendors

IoT security vendors need to continue to innovate because IoT devices will continue to have security shortcomings. Even if security standards forced device manufacturers to adhere to security standards today, many legacy devices will continue to exist.

Ordr is playing our role in making sure that our platform is easy to deploy, supports visibility and security of all devices – IoT, IoMT, OT, and can deliver value to all stakeholders. We’re also innovating with AI — the Ordr platform was built to have the resiliency to respond at the speed and scale necessary to deal with the massive volume of IoT devices. Our machine learning technology enables us to classify devices in a way that does not require manual intervention, allows us to baseline “normal” device behavior and automate action.

In summary, the future of connected devices holds tremendous promise for many industries. However, in order to truly realize the promise of these devices requires security. This is where multiple factors are required for success — collaboration across government and industry on regulation and standards, commitment from device manufacturers to build security into design, prioritization by IT, security and device owners security teams on IoT security projects , as well as continued innovation by IoT security vendors. The future of connected devices requires that we do this on an accelerated timetable to cope with the massive growth of IoT devices expected in the next 5 years.


Zero Trust has emerged in the past ten years as the foundational approach to cybersecurity for many organizations. As the name implies, Zero Trust is about removing the presumption of trust for all users, i.e. “never trust, always verify”. Instead of a one-time access decision, trust is continuously addressed and evaluated, and access is limited to least privilege.

While the Zero Trust concept is fairly mature, its application to IoT and unmanaged devices is relatively new, but growing.

New research from EMA points to IoT as one of the top drivers for enterprise interest and investment in zero-trust networking (46% of enterprises).

Figure 1: Technical initiatives that are driving interest in Zero Trust networking

The EMA report, “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation” based on a survey of 252 enterprise technology professionals, discovered the following:

  • IoT drove healthcare, manufacturing, and professional IT services companies towards Zero Trust networking, while software and retail companies were the least influenced by IoT.
  • IoT and other unmanaged devices present a challenge to Zero Trust networking policy design because they have no users associated with them and require an alternative way to authenticate connection requests. 38% of enterprises surveyed create tailored access privileges based on the functions and characteristics of individual devices or classes of devices. This means that 64% of enterprises establish generic access for all devices or devices are untrusted with limited access, or are untrusted and banned from the corporate network.
  • Establishing a generic, minimum level of access privilege for IoT and unmanaged devices, such as an IoT VLAN, is popular among government agencies (50%) and healthcare organizations (55%). However, this strategy isn’t ideal as risks can differ even among a set of similar IoT devices based on behavior, vulnerabilities, manufacturer.
  • The most important parameters for determining access privileges of unmanaged devices were cited as security status, device vulnerability and risks, owner of the device, and observed network behavior. This makes sense so that enterprises can use tailored policies and place devices in the right “trusted” areas of the environment.
  • Enterprises are more likely to succeed with tailored policies for unmanaged devices if they formed a Zero Trust networking taskforce rather than relying on formal partnerships between network and security teams.
  • Identifying and segregating IoT and other unmanaged devices is a top priority for healthcare organizations (55%). This is not a big surprise given the vast numbers of sensors, scanners, and other medical equipment that connect to networks in clinics, hospitals, and laboratories.
  • The top issue that enterprises find most challenging to Zero Trust network segmentation are the high volume of changes and exceptions straining management capacity. This points to a need for network automation.
  • 92% of enterprises want tools that simplify segmentation, specifically to address “exceptions/custom rules”, cross-tool support, and to automate/eliminate errors — this is especially true for IoT since there are so many different types of devices and their numbers are so large that automation is critical to drive Zero Trust segmentation

As the report shows, enterprises are recognizing the need to extend Zero Trust to unmanaged and IoT devices. 50% of enterprises in the EMA survey have started Zero Trust microsegmentation in the LAN where IoT lives. To do this effectively and without manual errors, automation is critical. Ordr can help. We help enterprises discover and profile devices so they know exactly what an IoT device is at a very granular level, how it is behaving, and protect these devices at the firewall and in the network via automated Zero Trust and microsegmentation policies.

We invite you to download the report summary here. For complete visibility into what’s in your network, sign up for our IoT Discovery Program at www.ordr.net/sensor.


When the Clinical Engineering Division of the International Federation for Medical and Biological Engineering (IFMBE) declared the first Clinical Engineering Day on October 21, 2016, it was in recognition of the growing importance of the community of men and women around the world who design and support the sophisticated equipment that plays a vital role in modern medicine. This year, Clinical Engineering Day is again on Wednesday, October 21, and held in collaboration with the World Health Organization (WHO) with an emphasis on the role of clinical engineers during the current global pandemic.

Four years ago, no one could have predicted that COVID-19 would have the world in its grip. Still, the medical devices created and supported by the community of talented clinical engineers have been key to mobilizing front line healthcare personnel in response to the crisis. No longer merely performing a specific task in the diagnosis, treatment, or monitoring of a patient, many of today’s medical devices are categorized as part of the Internet of Things (IoT) and are meant to function in a network that communicates and collects data. This data is critical for treating patients and helps inform physicians and other healthcare professionals.

Illustrating the importance of operating as a community of clinical engineers, after the COVID-19 outbreak became a global pandemic, the World Health Organization published technical specifications for how medical devices should be designed to operate more effectively in treating patients stricken by the disease. It’s vital, no matter where a piece of equipment is designed or made, that it is able to work together with other devices in its important mission.

As the pandemic spread and as cases spiked worldwide, field hospitals were quickly established in urban hotspots like Wuhan and New York City, and hospitals everywhere reconfigured to handle the expected surge in patients. They also had to rethink operations in order to keep healthcare workers and the general public safe. This was as much a technical exercise as it was a medical response, as equipment was moved to centralized locations and new communications networks established and populated with these devices, including equipment that had been mothballed for years in strategic reserves. Clinical engineering technicians mobilized to ensure that this equipment was functioning correctly and safely to provide the life-saving therapies needed to support the suffering patients.

The Wall Street Journal profiled how this new breed of medical equipment allowed several prominent hospitals to come up with new ways of not only treating patients but of carefully managing interactions with members of the public. That this was able to be accomplished in a matter of days was no accident, but a testament to the clinical engineers who designed the devices, and the clinical engineering technicians who support them. Their skill is at work behind the scenes ensuring that complex, life-saving equipment functions as designed.

Just as the need for rapid response to the spread of COVID-19 has prompted innovation in the biopharma industry that is working at breakneck speed to develop, test, and produce vaccines and other remedies to treat the disease, the hard-won experience of the pandemic will be reflected in the design of new devices on the drawing boards of clinical engineers today. That includes the security of medical devices, which is an important consideration for CIOs and CISOs charged with overseeing and securing the technical operations of hospitals, clinics, and other healthcare facilities.

As Director of Healthcare Product Management at Ordr, I know how important it is for us to play a role in that mission. Medical devices present certain challenges for IT management and security. They may have been state-of-the-art when first designed but are now functioning with obsolete software or operating systems that cannot be updated. Or they may be designed with limitations that prevent them from being easily discovered and managed once deployed. That’s where we come in. Ordr’s IoT security platform discovers and monitors the devices’ behavior and allows those organizations using them to keep them safe.

I hope you will join me in celebrating Clinical Engineering Day, and in saying “thank you” to the many talented individuals across the world who are hard at work designing and supporting a new generation of medical devices. You may never find yourself in need of one, but it’s nice to know that if you ever do, that you can count on it to operate safely and securely.

Join Michael Brilling, Manager, Clinical Engineering at Dartmouth-Hitchcock Health and I in a fireside chat on how to drive cross functional collaboration to protect IoMT Devices: https://us02web.zoom.us/webinar/register/WN_1f5qUninQASboy7WXu11Mg 


In 2020 we have seen a massive rise in the number of internet-connected devices with the goal of improving patient care, organizational efficiency, speed of crisis response, and much more during COVID-19. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain undoubtably has created benefits. What it has also created is a vast landscape for threat actors to exploit devices that are unpatched, have default passwords, FDA recalls, CVEs, and so many more vulnerabilities.

This week, we will delve into IT, IoT, OT, and IoMT devices and the appropriate steps to building a true asset inventory, having a baseline of acceptable device behavior in order to spot anomalies or malicious behavior, and the ability to create automated actions based on this information.

Have a True Asset Inventory

Most organizations today struggle to have a real-time, accurate inventory of the devices on their network with the context needed to understand how to manage them.

  • Detect ALL connected devices — including unmanaged, IoT and IoMT devices on your network. This can include unknown or unknown and unauthorized devices missed in traditional asset inventory.
  • Have rich context on those devices with make, classification, location, application/port usage, weak ciphers and certificates, manufacturing and FDA recalls, National Defense Authorization Act banned, and devices with regulated data including PCI and PHI.
  • Continuously analyze every device in real-time to in terms of potential risks to the organization.

Understand Device Behavior – The Good and Bad

Once a true and continuous asset inventory is established you have a clear picture of the devices but how do you sift through the devices to understand which to remediate, take offline, and utilize more.

  • Identify anomalous and suspicious communications to unauthorized networks and malicious sites and monitor devices for risks such as vulnerabilities, active threats, anomalies, and other malicious activity.
  • Compare and contrast device utilization across different facilities to identify and improve operational efficiency, schedule upgrades/patches on light usage days/hours to minimize disruption of operation, and ultimately, identify underutilized high-capital equipment to increase the utilization.

Create Automated Actions Based on Rich Device Context

After establishing both a solid asset inventory and then understanding the behavior surrounding your devices, being able to use this information is critical.

  • Dynamically generate and automatically enforce segmentation policies to isolate high-risk and vulnerable devices and only allow “sanctioned communications”.
  • Integrate with your existing CMMS, CMDB, firewall, NAC, and SIEM to trigger workflows for enforcement of Zero Trust policies.

The Ordr Systems Control Engine (SCE) can enable visibility and security of all your connected medical devices. It can discover every connected device, profile device behaviors and risks, and automate action for all medical and IoT assets in your healthcare organization.

Recently, we began an IoT Discovery Program that allows organizations to:

  • Gain high-fidelity visibility into devices that you may not know are on your network
  • Understand risks including communication patterns and vulnerabilities
  • Discover usage patterns for your devices
  • Map these devices to your Layer 2 and Layer 3 architecture
  • Identify appropriate segmentation policies to secure your devices

If you feel this program would be a good fit for your organization, register here: https://ordr.net/sensor/ 


First, some straight-up pragmatism: IoT devices probably won’t get much more secure as time goes on. There’s just not enough impetus for manufacturers to add security capabilities. Couple that lack of onboard security with the fact that IoT usage is rapidly increasing, and the onus falls on IT to address the shortcomings of this evolving Internet of (Insecure) Things so new connections don’t introduce vulnerabilities.

Tools already exist to monitor and manage IoT devices but few follow Leonardo da Vinci’s time-tested premise, “Simplicity is the ultimate sophistication.” Instead, most require too much administration time and in-the-weeds configuration to make them truly effective. That leaves organizations with haphazard deployments, misconfigurations, diminished value from their tech investments, and countless IoT devices prowling the network without proper oversight.

By contrast, Ordr helps enterprises solve IoT risks with a solution that’s refreshingly sophisticated in its simplicity. Powerful and quick to deploy, Ordr hunts down IoT devices on the network, categorizes them and shows you what they are, who they’re talking to, and what they’re doing. To test its usability – its power to deliver insight into IoT activities as well as the ability to launch it quickly and use it effectively – I tried Ordr myself through their IoT Discovery Program.

Simple? Check. Deploying the Ordr sensor on my home network couldn’t have been simpler. I removed it from the box, plugged it into my network, and set up a SPAN session to send all my traffic to it. Then I grabbed some food from the kitchen. Back at my desk, sandwich in hand, I saw the sensor was already hitting security solution pay dirt.

Powerful? Definitely. Along with discovering traditional Windows devices, Ordr showed me the Raspberry Pi that I forgot was on the network and my Garmin watch, which I didn’t realize had wireless enabled. Then things got really interesting as Ordr presented information about what was happening on my network, automatically categorizing my devices and displaying flows. It revealed that my son’s machine was talking to places overseas it shouldn’t have been – and with command and control (C2) traffic, no less! I immediately remediated that issue, something I would never have known about if I hadn’t plugged Ordr into my network.

Quick? Ordr’s value became apparent right away. I didn’t fiddle around with configurations. I didn’t even have to impact my network traffic. Watching the sensor do its work was simplicity in motion and the insight I gained after just a few minutes was eye opening. Things had been happening on my network for how long without me knowing about it?

What IT organization wouldn’t want that level of visibility into their own IoT frontier?

Having real-time insight into your network is particularly important because other departments might deploy IoT devices without IT’s knowledge, often referred to as “shadow IoT.” The concept of shadow IoT isn’t about rogue employees with malicious intent. Instead, IoT – along with Operational Technology (OT) and Internet of Medical Things (IoMT)  devices such as patient heart monitors, indoor air quality sensors, and automated equipment controllers – enable desirable outcomes for so many functional areas that they’re bound to wind up in your enterprise because employees think they’re doing something good. Unfortunately, the need for security never crosses their radar.

A real-world example illustrates how quickly unmanaged IoT access can turn messy. A highly secure organization working with the Department of Defense (DoD) hired a third party to conduct penetration testing. The pen test vendor was granted physical access to the building and noticed digital signage in the hallway outside the conference room reserved for their work. They got the IP address of that IoT device, discovered it was running an old, unpatched version of Linux, and obtained Microsoft Active Directory credentials into the environment. The digital signage was innocuous, intended to benefit the organization’s users, but it hadn’t been secured against intrusion.

And so, we come back to da Vinci and his penchant for simplicity. Ordr’s effectiveness is built on simplicity. You don’t have to manually sift through and categorize hundreds or thousands of IoT devices, some of which you probably didn’t expect to find. The platform does the work for you, using easily-deployed out-of-band sensors and Ordr’s powerful AI-driven database of devices, well beyond traditional Network Access Control (NAC) device discovery. Its speed stems from the ability to monitor the network in real-time, automatically assigning categories when it spots something new. Ordr solves a big Day Two challenge for enterprises struggling to keep pace with an IoT device list that’s constantly growing. In businesses where shadow IoT is hard at work, this task is even more overwhelming – and more critical.

The time to take control of your IoT environment is now. To help you get started, Carousel and Ordr are offering a free 30-day trial with the IoT Discovery Program. You’ll receive access to the Ordr dashboard and a zero-touch sensor that’s quick and simple to deploy. Ordr’s powerful solution and Carousel’s deep expertise will be behind at every step to simplify the complexities of IoT device security, and at the end of your trial you’ll receive a complete IoT Discovery Report.

What will you see when you add Ordr to your network?


Listening to the third and final webinar of the Minnesota HIMSS webinar series, Medical Device Security Overview for Healthcare Delivery Organizations with speakers Matt Dimino and Carrie Whysall from CynergisTek, I found the following useful tips when developing a medical device security program.

Medical Device Security

Medical devices are difficult to secure on a technical level. They are expensive and their operating systems typically stay the same while in service. These devices are not easily remotely managed, may not be able to be encrypted, and have default user passwords.

IoMT Security Components

To develop a thorough security program you should plan it in three stages:

Stage 1: Risk Assessment

  • Assess the total program risk you have
  • Multi-dimensional risk contextualization: consider device master data record, patch/mitigation prioritization, device inter-relationships, & risk monitoring
  • Ask yourself what practices are the preceding security program missing

Stage 2: Program Development

  • Lifecycle management approach: managing procurement, installation, maintenance, incident response & retirement procedures
  • Improve asset management and create network visibility
  • Standardize security policies and procedures

Stage 3: Program Management

  • Assist with medical device procurement and decommissioning
  • Provide IoMT device training and awareness
  • Manage continuing vulnerability reporting and remediation programs

Device Risk

When trying to secure your medical devices you should be looking at all of the risk areas. Security vulnerabilities pose a threat to patient safety, medical device availability, and could result in financial loss or unauthorized access to information.

How to Analyze Risk

Risk analysis should follow these steps:

  • System characterization: Gather data on hardware & software
  • Threat identification: Look at the full spectrum of possible threats
  • Vulnerability analysis: Ask how do vulnerabilities impact devices and protocols
  • Controls analysis: Look at controls already in place and what is needed
  • Likelihood determination: Ask what are the chances of a device being compromised
  • Impact analysis: Ask how a compromised asset would affect the organization
  • Risk determination: Ask what risk level a device should be placed in
  • Controls recommendation: Determine what controls assets need to mitigate vulnerabilities
  • Results documentation: Share information and communicate with stakeholders

Risk Criteria & Categorization

When determining device risk level it is important to consider the likelihood of threat occurrence as well as the potential impact of threat occurrence on patients, business, and data.

Risk categorization aids in risk prioritization and remediation. You can categorize risks through device threat modeling: collecting device data, establishing a hypothesis, threat hunting, threat detection, and threat response.

Governance

It takes a team to create and manage a medical device security program. Setting a purpose and objective for this committee is key. The Responsible Accountable Consulted Informed (RACI) Matrix can help organize stakeholders and ensure everyone is aware of their role and responsibilities.

How Ordr Can Help

Developing a medical device security program can be a difficult and lengthy process. Ordr can help.

The Ordr System Control Engine (SCE) gives organizations the power to enable visibility and security of their network-connected devices, with a simple and powerful solution to identify, classify, profile the behavior and risk and automate action for every network-connected device in the enterprise. Want to experience Ordr on your network? Request a free sensor.

You can watch the full HIMSS webinar here.


In the first week of National Cybersecurity Awareness Month (NSCAM), we covered the theme, If You Connect It, Protect It. This week, we will cover Securing Devices at Home and Work.

2020 saw a major disruption in the way many work, learn, and socialize online. Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of. Week 2 of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet connected devices for both personal and professional use. 

Bring Your Own Device vs. Bring Your Work Device Home

In the early 2000s, we saw the onset of Bring Your Own Device (BYOD), where organizations were allowing the use of personal devices for work functions. It can range by organization but can be a cell phone or laptop that is able to connect to the corporate network so that an employee can execute their daily functions from the comfort of their selected device. Now, in 2020, we have almost the opposite happening, organizations are supporting devices that are connecting on unmonitored home networks. Not only are the employees leveraging their home networks, but potentially so are the others that reside under the same roof.

When home life and work life bleed together, like they have for so many folks in 2020, we find that a general set of guidelines on how to protect your devices works best:

  • Have a solid inventory of your connected devices – do you know all the devices that are connected and how they are behaving
  • Make sure that your devices are updated with the proper operating system, there are no recalls on the devices, and all applications are verified and not listed on any blocklist
  • Use caution with every email, link, and application – slow down during your workday or when just perusing, never click on links from unknown sources, and try to understand the risks associated with engaging on any platform
  • When in doubt, always reach out to your IT or security team if something looks suspicious or is acting inappropriately

How Ordr Can Help 

In the true spirit of Ordr’s mission of protecting all connected devices and creating a safer network infrastructure. Recently, we began an IoT Discovery Program that allows you to:

  • Gain high-fidelity visibility into devices that you may not know are in your network
  • Understand risks including communication patterns and vulnerabilities
  • Discover usage patterns for your devices
  • Map these devices to your Layer 2 and Layer 3 architecture
  • Identify appropriate segmentation policies to secure your devices

If you feel this program would be a good fit for your organization, register here: https://ordr.net/sensor/

Through the Cybersecurity Awareness month of October, we will be releasing a set of blogs to focus on weekly topics. Next Tuesday, catch our blog on “Securing Internet – Connected Devices in Healthcare”.


Watching Part 2 of the Minnesota HIMSS webinar series Medical Device Security Overview for Healthcare Delivery Organizations with speakers Matt Dimino and Carrie Whysall from CynergisTek, I found the following to be useful information that you can apply to your organization’s security program development.

IoT & IoMT Device Security

Device Risk

The biggest medical device security risk organizations face is the possibility of a widespread attack or multiple security threats happening at once. This can cause widespread unavailability of devices needed to treat patients. The integrity of devices is also important to consider, without proper device management and supervision, malware can remain undetected.

Gaps

Medical devices should be assessed at point of purchase. Before putting a device on a network it should be checked for basic passwords and other vulnerabilities. Organizations should also know all devices that are on the clinical network, and track what those devices are doing. Clinical Engineering (CE) and Information Technology (IT) teams should work together to leverage their training and awareness of device security risks.

Challenges

Typically there are safety specialists who focus on technical controls and separate specialists who work on risk management, but these tasks should be joined into one security plan so that medical devices are controlled and monitored for risks.

Difficulties Developing a Medical Device Security Program

Developing a medical device security program can be difficult for a multitude of reasons:

  • Business: Lack of adequate funding, staffing and training issues, as well organizational structure impede the creation of a joint CE and IT security program.
  • Policy and Procedure: Organizations’ IT policies and procedures rarely include medical device security, and have disjointed governance and sponsorship policies.
  • Technical: Typical IT network tools do not work for medical device security purposes, and without passively scanning them as part of the IT network, medical devices often get overlooked. Use of legacy devices also causes technical issues, as devices are not updated for long periods of time.
  • Vendors: Medical device vendors utilize different remote access controls that may or may not be able to show who/what causes devices to crash.
  • Physical Security: Physical guest access to devices and the potential for organization IDs to be used to gain access to devices puts them at risk.

Addressing the Stakeholders

Involve all parties in the creation of a medical device security plan. Make clinical staff aware of the integrity of medical devices such as ultrasounds and anesthesia machines. Also include CISOs, IT teams, Healthcare Technology Management (HTM) teams and vendors. Discuss with all those involved the objectives of creating a medical device security plan and set up a timeline, as creating and rolling out a security plan can take many months.

How Ordr Can Help

Creating a device security program is challenging on its own, and would be even more difficult without a product to help passively scan for devices and identify risks.

The Ordr System Control Engine (SCE) gives organizations the power to enable visibility and security of their network-connected devices, with a simple and powerful solution to identify, classify, profile the behavior and risk and automate action for every network-connected device in the enterprise. Want to experience Ordr on your network? Request a free sensor.

Look for a blog post covering Part 3 of the Medical Device Security webinar series in the future. You can watch the full HIMSS webinar here.


As a trusted advisor for cybersecurity, it’s important to be able to develop security strategies that match the challenges inherent in each customer’s unique IT environment. To do that requires a complete understanding of the IT estate; and a complete understanding of the IT estate requires device discovery that delivers total visibility into the estate.

In organizations that rely heavily on internet connected devices—the Internet of Things (IoT)—that level of visibility can be elusive. And for the unprepared, it’s going to get worse. That’s because there’s been a huge increase in IoT use across industry, and in healthcare and manufacturing especially. IoT deployments worldwide were at 10 billion in 2018 and are predicted to exceed 25 billion by the end of 2021. Some believe that number could more than triple by 2025, driven by the advent of 5G network connectivity.

Overcoming Historical Challenges
At Cadre we work with manufacturing and healthcare organizations with complex environments and a significant need to secure connected devices. Historically, protecting IoT devices in manufacturing and healthcare was a hard thing to do. Most organizations chose to either air gap their networks, or use a well-protected jump host to access the environments. On the manufacturing shop floor, where industrial sensors and controllers are used to maintain production, devices remained segregated from corporate networks.

Now you have devices that are communicating not only internally with the owner, but out on the internet to supply chain partners. That dynamic has upended the Purdue Enterprise Reference Architecture (PERA) model, dramatically increasing organizational risk of malware infections and attacks by malicious actors. The stakes are even higher when the equipment you’re protecting is used for medical care. From an IT security perspective, you can’t treat a patient monitor or ventilator the same way you treat an HVAC controller.

When we learned about Ordr and its approach to securing IoT devices in these complex environments, we were intrigued. It was important to us that they are a Check Point integration partner with a strong, stable organization and track record of success. Our experience with the Ordr Systems Control Engine (SCE) has been great, so when we had a chance to evaluate Ordr’s IoT Discovery Program, a complete kit of zero-touch, cloud-managed IoT sensor and Ordr Core software, we were on board.

Ordr Core Lives Up to the Claim
Ordr Core quickly and easily discovers the full extent of an organization’s IoT asset inventory, allowing us to automatically populate the customer’s configuration management database (CMDB) with the profile of every device connected to the network. From there we can automatically generate and enforce appropriate policy based on device risk.

Ordr Core has already become an indispensable tool for us to see into the customer’s environment, control the chaos, and implement complex security strategies like device segmentation at a level of granularity that was unattainable before.

Every time we run Ordr Core in a customer environment, or when evaluating prospective engagements, we find devices that were unknown to the CIO and CISO. Often these are older devices that had fallen out of view and were forgotten, but we also find unauthorized devices like consumer electronics that have no business being on the network in the first place.

Discover, Profile, Evaluate, Protect
Once Ordr Core discovers these devices, we are able to profile them and observe things like communications flow, and identify and evaluate the inventory of legacy devices. It’s easy to forget that, while the IoT market is in the midst of a renaissance, networked controls and sensors have been in use for decades. Many organizations rely on equipment that was made by companies that no longer exist, or that operates with obsolete operating systems or firmware that cannot be patched. All of this is easily understood by Ordr, and it gives us a clear view into the health, availability, and risk of the network and allows us to close a security gap that network access controls can’t handle natively.

Ordr Core gives Cadre a competitive advantage with the ability to see across the entire IoT estate and derive insights that were not available before. We know there’s no slowdown in sight for the adoption of IoT, and every organization that relies on them has a compelling need to control and protect each device to keep it from becoming a point of entry for malicious actors.

If you’d like to see what your IoT environment looks like and take informed action to address the vulnerabilities you knew were there but couldn’t find, you can request your free zero-touch, self-provisioning Ordr Core sensor here: https://ordr.net/iot-discovery-program-cadre-information-security/.