Ordr Announces Integration with ServiceNow Service Graph Connector Program! Read more here!

Ordr

Request a Demo Search

Month: January 2021

We are excited to announce Ordr SCE 7.4.2! With the number of connected devices, including unmanaged and IoT devices continuing to rise exponentially, the number of vulnerabilities and attack vectors also rises. We are seeing organizations that are struggling to maintain a real-time and continuous inventory of all connected devices with the device intelligence to make informed decisions on how to mitigate the associated risk.

With the largest product release in our history, Ordr SCE 7.4.2, delivers more than 160 new features, integrations, and enhancements to provide unparalleled visibility and protection to organizations globally for security, IT, and HTM teams and their connected devices.

Highlighted features and benefits of Ordr SCE 7.4.2 include:

Reduce Infrastructure Footprint 

For organizations that are looking to reduce their existing network infrastructure solutions and gain quicker time-to-value, Ordr SCE 7.4.2 provides visibility via a virtual or physical sensor, or via a sensor-less telemetry data ingestion. While deep packet inspection (DPI) is foundational to connected device security, Ordr also supports more than 20 network switches, routers, firewalls, wireless controller vendors, including new sensor-less support in Ordr SCE 7.4.2 for Cisco ISR Routers, Juniper Networks Switches, Netgear Switches, Riverbed Switches, Fortinet Wireless Firewalls, Aruba Instant Controllers, and Ruckus Controllers, for quick visibility via telemetry data with enriched device context supported by the Ordr Data Lake, then visualized in an out-of-the-box customized dashboard.

In addition, Ordr SCE 7.4.2 simplifies deployment options with enhancements such as multi-tenancy, zero touch provisioning, on-premises or in the cloud, and a cloud-based portal.

Increase Efficiency with Workflow Based Dashboard   

To adapt to the ever-changing ways in which organizations are conducting business, Ordr SCE 7.4.2, introduces use case and asset inventory-focused dashboards. Organizations can drill down into rich device context based on industry specific devices, role specific data, and more, with one-click. This will help organizations to quickly look up devices that match specific conditions, including manufacturer, category, profile, devices with sensitive data, devices with custom tags, devices communicating with administrative protocols, device running outdated operating systems, and more.

Empowering Healthcare Technology Management (HTM) with Actionable Data 

As the rise in connected medical devices in 2020 saw an all-time high, 2021 is likely to see a corresponding increase in initiatives to address the security and risks of these devices. HTM teams are burdened with the need to quickly visualize and enact segmentation policies. Ordr SCE 7.4.2 delivers vast enhancements for healthcare organizations by ensuring that the clinical data like medical device data from the FDA, clinical and patient risk associated to a device(s), and security risk from MDS2 forms are easily accessible to support informed decisions and initiate the appropriate workflows within a matter of minutes.

Security enhancements  

To enable our customers in the wake of high-profile ransomware as well as espionage-like activity seen in the Solarwinds attack, Ordr SCE 7.4.2 give customers access to enhanced security components, focusing on optimized detection and tracking within the platform. Customers will have the ability to visually track antivirus software activity, URLs associated with phishing, malicious communications, user defined prohibited country communications, and quickly see devices with admin protocols and a snapshot of criticality level for devices with known vulnerabilities.

Integrate Efficiently into Existing Security Workflows 

As 2020 came to an end, yet again we saw a rise in ransomware and phishing attempts. Ordr SCE 7.4.2 allows organizations to detect and track ransomware via an optimized graphical user interface (GUI) with signature improvements to expedite the incident response (IR) process. In addition, to make the rich device context easily available we have worked with joint customers to bring security vendors Anomali, Exabeam, Fortinet, IBM QRadar, and Ping Identity into our integration portfolio.

Ordr SCE 7.4.2 introduces the ability to consume STIX and TAXII 2.1 from threat intelligence platforms (TIPs) like Anomali. This enables organizations to incorporate and extend their existing threat intelligence data to the Ordr Data Lake and address connected device security.

Organizations can use Ordr’s rich device context and associated alarms to initiate specific workflow actions based on device type, group, manufacturer, model name and number, and more. With the Syslog and JSON over HTTPs outputs, Ordr SCE 7.4.2 integrates with SIEM tools like Exabeam and IBM QRadar by transmitting alerts, device information, and other critical information. The SIEM ingests the feed, parses the data into the proper fields, and allows the incident response team to triage with a single source of truth.

In addition, Ordr SCE 7.4.2 introduces SSO via SAML for Ping Identity into the growing list of IDPs that Ordr supports. SSO helps to reduce replication of username and passwords, time spent on forgotten passwords, and IT resources spent on password recovery. With the Ordr SSO integration into IDPs like Okta, Ping Identity, Oracle, etc., organizations will have centralized management and access to Ordr SCE.

Enable Enhanced Analytics and Use Case Based Policy Generation  

Ordr SCE 7.4.2 will enable organizations to use flexible grouping of devices to map actions such as communication analysis, policy generation, or assigning custom tagging for NAC and firewalling. Customers can take various classifications like device type, threat/vulnerability, state of compliance, asset status, department, location, etc. and group them for a specific use case, allowing the policy profile to be analyzed and policies automatically generated. With this feature, customers can quickly achieve tasks such as controlling access for all physical security cameras used in a retail location, segment patient care devices by hospital and healthcare division, or tag all manufacturing devices that are still running Windows XP or Windows 7.

In addition, Ordr SCE 7.4.2 will come with a Yet Another Markup Language or YAML Ain’t Markup Language (YAML) Editor. Every organization defines their security risks differently and needs to use security tools based on their policies. This powerful editor allows advanced users to adjust some of the cyber security system parameters such as cyber security risk weighting, network topology definitions (VLAN/Subnet naming), blocklist content, and others.

Acceleration of Cisco TrustSec and Cisco Software-Defined Access (SD-Access)  

As Cisco’s leading IoT solution partner for Cisco Identity Services Engine (ISE). Ordr is the only product on the market to provide total IoT and OT visibility to Cisco ISE and the rich device context required to dynamically define Scalable Group Tags (SGTs), automate the provisioning of group-based segmentation policies, and provide SGT visualization and traffic analysis which greatly accelerates the time to value and increases strategic adoption of Cisco TrustSec and SDA.

For more information on Ordr SCE 7.4.2, visit our What’s New page: https://ordr.net/whats-new/ OR join us at 10:00 a.m. PST on Thursday, February 18 for a webinar on key features and benefits to implementing these enhancements.

On Dec-18 Intel reported four more vulnerabilities on Treck TCP/IP stack on top of 19 more vulnerabilities found by JSOF early this year. The four vulnerabilities are:

CVE-2020-25066, Heap-based buffer overflow with a CVSS V3 base score of 9.8

CVE-2020-27337, Out-of-bounds write with a CVSS V3 score of 9.1

CVE-2020-27338, Out-of-bounds read with a CVSS V3 score of 5.9

CVE-2020-27336, Out-of-bounds read with a CVSS V3 score of 3.7

Ordr did extensive work to not only help identify devices impacted by the Ripple20 vulnerabilities but also detect any active exploitations happening. Please refer to the previous document published on how Ordr can help with Ripple20 vulnerabilities – https://ordrdev.wpengine.com/security-bulletin/how-ordr-detects-and-mitigates-ripple20

As of now only one manufacturer has published the new vulnerabilities with a list of impacted products and the Treck official page acknowledged these new vulnerabilities. Treck also refers the CERT coordination center advisory which lists the same set of devices that was identified by the previous advisory implying that it’s in the common code base.

Based on the advisories, Ordr extends the capability to cover the new vulnerabilities as well. In summary, Ordr provides detection and protection in three different ways,

  1. Identify devices that are impacted by Ripple20 based on manufacturer advisories.
  2. Ordr does understand that a significant percentage of devices may never be publicly identified as Ripple20 impacted due to various reasons. Ordr developed an in-built scanner which can detect if a device is impacted by these Ripple20 vulnerabilities.
  3. Ordr has an in-built IDS engine. Specific signatures were developed to detect any active exploitation of these vulnerabilities. Alarms will be generated and can be pushed to a SIEM platform for immediate action.

Finally, the best way to protect the organization is behavior based microsegmentation. Ordr provides the industry leading microsegmentation solution with variety of options based on customer needs.

For more information on how Ordr can help you identify and manage vulnerabilities for any connected device, please contact info@ordr.net.