Ordr Announces Integration with ServiceNow Vulnerability Response Read more here!

Threat actors thrive in times of chaos and confusion, and we are in such times today. The eruption of violence over the border into Ukraine by one of the world’s most aggressive perpetrators of state-sponsored cyberattacks, and threats of retaliatory cyberattacks on nations providing aid to Ukraine should put all organizations on high alert and give urgency to taking inventory of standing security plans and readiness.

The U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Shields-Up program “recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets,” providing resources and guidance to ensure organizations prepare for possible attacks. CISA’s recommendations include:

  • Reduce the likelihood of a damaging cyber intrusion – Validate remote access and administrative privileges; ensure that software and vulnerability patches are up-to-date; disable all ports and protocols that are not essential for business purposes; affirm strong cloud services controls are in place; and implement training and use of good cyber hygiene.
  • Take steps to quickly detect a potential intrusion – Quickly identify, investigate, and act on unusual activity; update threat intelligence for systems that use it; be particularly careful with activities involving Ukrainian organizations.
  • Ensure that the organization is prepared to respond if an intrusion occurs – Stand up a crisis-response team with necessary resources and information; make sure key personnel are available in the event of an incident; test your plan in advance.
  • Maximize the organization’s resilience to a destructive cyber incident – Back-up critical data and review procedures; isolate backups from connected systems; make certain manual controls are operational in the event of attacks on industrial control systems or operational technologies.

CISA’s advice is solid, best-practice guidance that should be standard operational procedure for all organizations even in the best of times. But for many organizations, especially those whose IT estates are characterized by sophisticated, highly complex, and heterogeneous systems, preparation must go deeper. This is especially true for organizations with functions that provide vital services to their communities, like hospitals and healthcare organizations, operators of critical infrastructure, and communities that have adopted smart-city technologies.

Pay Attention to Connected Devices

Such organizations should pay particular attention to the connected devices they rely on, ensuring those devices are properly categorized by their function, and that mission-critical devices are segmented, with policies in place that ensure such devices are able to be isolated from the network, protected while remaining in service.

Bilateral communications of all devices must be monitored, as well as their behavior, to ensure no suspicious activity is taking place. Because connected devices are designed to carry out narrowly defined operations, any changes in behavior—measured against a known baseline—must be regarded as suspicious, triggering applicable security policies. Devices that communicate externally are especially vulnerable.

Patch management for devices should be brought up-to-date immediately, but for medical devices that may have restrictions prohibiting modifications, segmentation and appropriate policy application must be implemented. And, of course, all employees should be reminded of their individual responsibility to be aware of common threats like phishing schemes, practice good cyber hygiene, and to be alert for any unusual activities they see with any connected systems they use. The “see something, say something” adage applies here.

If you are an Ordr customer, know that—as has been our commitment from the start—we stand ready to answer your questions and to provide support to your organization at this time of heightened concern. We are confident that our Ordr platform will be an invaluable resource for you as you scan your IT estate for threats and vulnerabilities.

Be ready. Be safe. And to the people of Ukraine, know that our thoughts and prayers are with you.


It’s not often that, in a high-tech industry like security, a company can pioneer an emerging market, and then continue to lead that market for the next five years. This is why our recognition as a Healthcare IoT Security market leader—for the third straight year—by KLAS Research in its latest report, “Healthcare IoT Security 2022: Moving beyond Device Visibility,” is such a milestone achievement for us.

We are so grateful to our customers who engaged with KLAS and provided feedback to them. We couldn’t have done it without you! Ordr received high marks from customers in the KLAS report for:

  • Breadth of functionality beyond just visibility, including abnormal activity identification, traffic monitoring, and device utilization tracking;
  • High customer satisfaction rates;
  • High value across multiple stakeholders including Security, Clinical/Biomed and IT;
  • Helpful training and education offerings, including the Masterclass webinar series;
  • User interface enhancements; and,
  • Strong technical background of the Ordr team in security, healthcare and networking.

There are several aspects of the report that are important to highlight.

1.     3-Time Leader with High Customer Satisfaction Rates

In 2019, when we first appeared in the KLAS report, the market was just emerging. In November 2020, we were named a market leader for the 2nd time. In 2022 again, we’re named a market leader. In the same report, KLAS highlighted our client list transparency.

For healthcare organizations, we emphasize the value of working with a partner with a consistent track record of leadership in healthcare. That consistency and focus is something we’re really proud of.

2.     Evolution of Our Customers from Visibility to Risk Insights and Security

Customers interviewed celebrated Ordr’s ability to provide value beyond device visibility. In its report, KLAS noted that, “Ordr customers (often very large health systems) use the platform to do more than simply see what devices are connected to their network—they also track device utilization, identify abnormal device activity, and monitor traffic.”

“Ordr customers (often very large health systems) use the platform to do more than simply see what devices are connected to their network—they also track device utilization, identify abnormal device activity, and monitor traffic.”

This is an important distinction.

As an early vendor in this market, working with so many large healthcare system customers over the last couple of years, our customers have moved beyond visibility (“See”) towards the “Know” and “Secure” part of their connected device security lifecycle. Many healthcare customers utilize Ordr as the source of truth for both device and network context as well as flow level analytics for policy generation. Our customers depend on us for critical risk and clinical insights, and we’ve successfully implemented Zero Trust policies to support their initiatives.

The KLAS report also celebrated our ability to deliver high value across the domains of different stakeholders. Observe the broad range of ways different users within a healthcare organization – Clinical/biomed engineering, security and networking– are using Ordr in these KLAS customer insights, and the outcomes we’ve delivered:

“On the clinical engineering side, the value of the product comes from utilizing the product. We look at whether things are performing as expected or whether the system requires patching. We can get patches from the vendor, but we may miss something, and that makes things very difficult. With Ordr’s system, we can identify which things have been patched and which haven’t. We are also feeding the data into the asset management tool so that we know exactly which systems are involved in our work. The data is very rich and useful.”

“I would definitely recommend the system. The major strength is complete visibility into the endpoints for the traffic that we send through the solution. That will assist us when we get into a more stringent RADIUS authentication requirement for our wired network. Another strength is the ability to see exactly what a device has talked to from either a profile view or a specific device view. We can see what ports were used, how many times the communication happened, and what the date and time were. We can get a rather slick visual representation of that and easily export it.”

“The biggest outcome is a significant decrease in the amount of incident response time. We have used Ordr Platform as a part of our incident response with ransomware. Because we couldn’t run our antivirus on our machines, we were able to go in and identify the specific machines in Ordr Platform and provide a picture to the field support. The network engineers had already logged in to Ordr Platform, saw the traffic, and then killed the port so that it couldn’t communicate. That was very handy so that when a field support person walked into the room, they knew exactly where they were going. We were able to get the medical devices back up and running on our network and segmented really quickly. Ordr made that quick turnaround happen. We have factored the utilization of Ordr Platform into our incident response plans. We have been able to reduce our response time by hours. We already had a really robust response time and plan, and the system sped things up significantly.”

3.     Preferred by the Top Healthcare Delivery Organizations (HDOs)

Top healthcare organizations, including 3 of the top 6 HDOs in the world use Ordr. Addressing the needs of these large and sophisticated healthcare organizations is NOT easy and requires a mature product that can meet requirements of accuracy, scale, resiliency and reliability. Our customers have higher levels of expectations with Ordr and we are a critical part of their mission critical security journey. Designing a system to discover 15,000 connected devices for asset inventory in a single hospital is far different than designing a solution for 500,000 devices across an entire healthcare system, delivering granular profiling, device flow mapping, clinical and security risk insights, and segmentation policies.

We are proud of the fact that as we continue to evolve our product and through our many years in the market, we continue to receive some of the highest ratings and deliver the highest levels of transparency to KLAS.

And when it comes to delivering value for healthcare providers, we are just getting started. Stay tuned to this space to see what’s coming next from Ordr!

Here’s an At-A-Glance on the report. Want to read the full report? Email us at info@ordr.net.


On January 26th the White House Office of Management and Budget (OMB) issued a memo outlining a “Federal strategy to move the U.S. Government toward a ‘zero trust’ approach to cybersecurity.” The memo is a follow-up to last year’s Executive Order on Improving the Nation’s Cybersecurity in which President Joe Biden outlined a set of priorities to improve the security posture of networks operated by U.S. federal agencies.

(You can read our original response to the Executive Order here, and to the subsequent NIST memo regarding defining OT as critical infrastructure here.)

The gears of change turn slowly in a bureaucracy as large as the U.S. federal government, and urgency to harden government networks is long overdue, especially with the discovery and exploitation of of zero-day vulnerabilities like Log4j. And as tensions rise in Eastern Europe, including the implied threat of cyberattacks against our national IT infrastructure and politically motivated “hacktivist” attacks against other governments disrupting services, the potential consequences of a lack of readiness are all too real.

Five Pillars of Federal Cybersecurity

The OMB strategy to “achieve specific zero trust security goals by the end of Fiscal Year (FY) 2024” was developed with cooperation from senior administration officials from the OMB, NSA, CISA, and key federal IT organizations. Those goals, which CISA refers to as “five pillars,” are identified in the OMB strategy memo as:

1.     Identity: Agency staff use enterprise-managed identities to access the applications they use in their work. Phishing-resistant MFA protects those personnel from sophisticated online attacks.

2.     Devices: The Federal Government has a complete inventory of every device it operates and authorizes for Government use, and can prevent, detect, and respond to incidents on those devices.

3.     Networks: Agencies encrypt all DNS requests and HTTP traffic within their environment, and begin executing a plan to break down their perimeters into isolated environments.

4.     Applications and Workloads: Agencies treat all applications as internet-connected, routinely subject their applications to rigorous empirical testing, and welcome external vulnerability reports.

5.     Data: Agencies are on a clear, shared path to deploy protections that make use of thorough data categorization. Agencies are taking advantage of cloud security services to monitor access to their sensitive data, and have implemented enterprise-wide logging and information sharing.

These are ambitious goals for any organization to achieve, let alone those within federal agencies, some of which operate the largest IT operations in the world. And, examining the second pillar—device inventory, management, and security—we already know that there are many connected devices operating within federal networks that are beyond the visibility of IT operations. This was made clear following the discovery of security cameras made in China and connected to networks within the Department of Defense that were found to be sending data back to their manufacturers.

Managing and Securing a Vast Device Inventory

How can the U.S. government achieve their Zero Trust objective for its vast device inventory? Many federal agencies have already deployed Ordr to look across their IT infrastructure to discover and identify each device—including those that are currently unaccounted for and operating in the shadows.

We’ve proven time and time again how the following best practices and five-step approach can get you to Zero Trust.

  • Step 1: Passively detect and identify all known, unknown, and prohibited devices without disruption or adverse effects to operations. Ordr’s agentless deployment delivers device inventory and categorization within hours of deployment, and augments device context with additional network data and threat intelligence
  • Step 2: Identify devices at-risk to reduce the attack surface. Ordr offers an integrated intrusion detection engine and integration with threat intelligence services, vulnerability management tools, and manufacturing databases to pinpoint the devices that are most likely to be targeted by attackers. By addressing known vulnerabilities, taking prohibited devices offline, or segmenting mission-critical devices, federal agencies can start to reduce their attack surface.
  • Step 3:  Map and baseline communications patterns for every device. Every device has deterministic functions. Ordr can profile and baseline device behavior using machine learning to reveal and alert to the presence of anomalous communications.
  • Step 4: Apply appropriate Zero Trust security policies on devices. Ordr offers proactive, reactive, and retrospective policies. Ordr Zero Trust segmentation policies can be proactively and automatically (yes this means with a push of a button and without manual effort) created for devices, to only allow communications required for their functions. Ordr reactive policies applied on firewalls, NACs, and switches immediately limit exposure and mitigate risks by blocking traffic, terminating sessions, or isolating compromised devices. Finally, Ordr retrospective policies enable a time-machine view of infected devices communicating to newly announced indicators of compromise.
  • Step 5: Finally, federal agencies need to continuously monitor the network to identify new devices that connect, detect indicators of compromise in operation, and automatically enforce security policies when risks are detected.

(For more details, check out our whitepaper “5 Steps to Zero Trust” here.)

Success Within Reach

Given the size and scope of the U.S. federal government’s combined IT infrastructure, it may seem that the goals articulated by the White House and CISA are unrealistic within the given timeline. In fact, where accounting for and reining-in a massive device inventory is concerned, success is well within reach. Ordr is already deployed within many federal agencies where a Zero Trust device posture is in effect. We’ve proven ourselves in many environments—such as healthcare, financial services, retail, manufacturing, and more—where device security is a priority for protecting critical infrastructure and maintaining operations.

Ordr is proud to be leading the way in this priority initiative to improve national cybersecurity. And with a simple demonstration we can show your agency or organization how you can identify, inventory, assess, and protect your connected devices within minutes. Contact us at info@ordr.net.