Ordr Announces Integration with ServiceNow Service Graph Connector Program! Read more here!
Corporate adoption of IoT has been under way for some time, but things are about to accelerate in a big way. The rapid adoption of enterprise edge computing and 5G technology are key catalysts for organizations to optimize their businesses and create a competitive advantage. Additionally, COVID-19 has forced the hand of most mid and large enterprises to further extend their network perimeters. This is being accomplished by rolling out secure teleworker solutions ensuring hundreds of millions of employees can remain productive during the pandemic.
As enterprise landscapes evolve, companies are grappling with how to adapt to the growing reality of new threat vectors. If past cyber-attacks are any indication, these exploits are merely a glimpse of what’s to come. Most businesses were already deficient in having a thorough cybersecurity posture, and the increasing number of IoT and unmanaged devices is further exacerbating that issue. Some of the most common vulnerabilities include weak passwords, outdated devices and unpatched software, misconfiguration of network devices, and a lack of device management to name a few.
Customers are demanding that cybersecurity vendors reduce complexity, incorporate existing vendors into new solutions and partner to attain maximum benefit. Ordr, the leader in visibility and security of all connected devices and Fortinet, a global leader in broad, integrated and automated cybersecurity solutions are partnering to deliver exactly what customers are seeking to accommodate the IoT device growth being predicted. The combined integration of Ordr Systems Control Engine (SCE) with Fortinet’s Security Fabric delivers granular visibility and the automated control and response needed to thwart new threats resulting from the massive number of IoT devices emerging. Ordr is a vital member of the Fortinet Open Fabric Ecosystem, the premier technology partnering program in cyber security.
Evolving network architectures should incorporate the following key elements listed below, which are paramount in helping practitioners combat the onslaught of threats posed by new devices being added to the network. The integrated solutions offered by Ordr and Fortinet are highly differentiated to deliver these critical features;
  • ML or machine learning is being used in network monitoring, gathering threat intel and remediation, while it is also being leveraged for identifying anomalous behavior and flagging these patterns in real time.
  • ZTNA or Zero Trust Network Access has existed for more than 10 years, but has been perpetually modified. NIST (National Institute of Standards and Technology) continues to refine the ZTNA architecture. Three major components should exist in ZTNA including
    • Continual visibility of devices and users connected to the network,
    • Ability to enforce security policies despite devices type, location or method of access
    • Ability to maintain enforcement and visibility when device goes off line
  • Micro-segmentation is a security method that isolates security zones that are associated with workloads, applications and certain devices.  By creating these zones, you can prevent lateral movement of threats from being propagated in east/west traffic and providing isolation and being able to prevent an attack.
Assessing your threat landscape for vulnerabilities must be an iterative process. The speed at which disruptive technologies are being adopted and the addition of billions of IoT connected devices to the internet, will warrant stronger “cyber-hygiene” including frequent cyber assessments and leveraging key partnership and tools for simplification. This endless battle warrants businesses to continuously refine how they address granular device visibility, control and how to appropriately respond to emerging threats.
For more information, visit https://ordr.net/partners/fortinet/

More than a decade ago, operational technology (OT) was d only used in manufacturing and industrial environments and airgapped from the rest of the organization. Today, the convergence of information technology (IT) and OT, and the growth of the internet of things (IoT) is revolutionizing the way organizations monitor systems, share and analyze data, and efficiently make decisions based on near real-time information. While this transformation brought about a modernization of how IT, IoT, and OT systems share invaluable data to empower business operations, it also brought about the alarming realization that none of these devices were created with security in mind. With ubiquitous connectivity comes the increase in ways to exploit them to gain access to sensitive data.

The convergence of IT and OT calls for the need to address identifying all network connected devices, how they are communicating and properly assess the risk associated. This is why Gartner named Ordr as a Representative Vendor in the Market Guide for OT Security.

As described in the Gartner report, the OT/CPS (Cyber Physical Systems) security journey for organizations aligns with six key phases. “Once they enter the “Oh Wow!” Phase [3], organizations realize that security — whether IT, OT, physical or supply chain — needs a whole-of-enterprise focus. Historical IT and OT functional differences are becoming a liability when security is involved. Due to design, age or function, the unique requirements of OT systems now add to IT security concerns in ways that can no longer be ignored. Modernization efforts bring risk, reliability and safety discussions to the forefront. As a result, leading organizations are starting to elevate OT security requirements into their enterprise risk management (ERM) efforts by adopting an integrated security strategy across IT, OT, CPS, physical security and supply chain security.”

Phase 3. The “Oh Wow!” Moment: Invariably, proof of concepts (POCs) become eye openers. For example:

  • Unmanaged assets are connected everywhere.
  • OT networks that were initially designed to be highly segregated have become flatter than realized.
  • Ports on all kinds of systems in all kinds of remote locations are wide open.
  • OEMs are accessing the machines they sold remotely and no one is managing it.
  • Disclosed vulnerabilities on old OSs have never been evaluated for possible patching.
  • The functional silos between separate security disciplines (e.g., cybersecurity, physical security, supply chain security, product security, health and safety) are creating seams that bad actors can exploit.
  • The realization sets in that operational environments where security is lacking are centers of value creation for most organizations; however, no centralized governance exists to start making sense of it all. Recognition develops that roles and responsibilities for a wide variety of (security related) processes and decisions have never been clear, let alone agreed on.

At Ordr we’ve helped top global organizations address visibility and security with a whole-enterprise approach — from traditional servers, workstations and PCs to IoT, IoMT and OT devices. We have created a solution that passively and in real-time discovers what devices are on the network, profiles device behavior and risks, and then automates the appropriate action. Our relationship with our customers has been one of mutual benefit, we have worked together to evolve our solution and address new use cases. As a result, we’re grateful and proud to serve our customers and be been named in the Market Guide for OT Security as a solution addressing device visibility and security.

For the report, click here.

Gartner Market Guide for Operational Technology Security, Katell Thielemann, Wam Voster, Barika Pace, Ruggero Contu,13th January 2021

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.