Ordr Recognized in Gartner Market Guide for CPS Protection Platform Read more here!

The risks associated with a large, connected device attack surface are getting harder to ignore. In recent weeks the U.S. Cybersecurity Infrastructure & Security Agency (CISA) and National Security Agency (NSA) issued a joint advisory on threats associated with operational technology (OT) such as the industrial control systems (ICS) that many critical infrastructure organizations rely on to run their facilities. Overseas the European Union enacted two new regulations mandating stricter cybersecurity requirements for connected medical devices, otherwise known as the internet of medical things (IoMT).

Ordr has been working hard to provide the means for organizations in industries like healthcare, financial services, manufacturing, life sciences, and government to protect themselves from those threats since 2015. And we are always happy when those efforts are recognized because it means more awareness of the dangers to critical systems and of the tools available to keep them protected.

Ordr Recognized as a Leader in Healthcare IoT Security

On September 20, International Data Corporation (IDC), one of the leading information technology market intelligence advisors, recognized Ordr as a leading innovator in IoMT security solutions in their report, IDC Innovators: Healthcare IoT Security Products, 2022.

IDC describes healthcare organizations as “high-value targets for cyberattacks. As more medical devices are connected, the attack surface that bad actors can exploit has increased dramatically and a single breach can lead to a multitude of undesirable outcomes. Meanwhile, traditional information technology (IT) cybersecurity solutions are not designed to protect the wide range of medical devices used in supporting healthcare.”

As more medical devices are connected, the attack surface that bad actors can exploit has increased dramatically. — IDC

Ordr Provides Ground-to-Cloud Protection

Ordr’s platform provides protection for those environments by enabling complete ground-to-cloud visibility of all IoMT, IoT, and OT devices whether they are on-premises or remote, no matter if they are communicating locally or across complex digital supply chains. Then, we provide precise, contextual, real-time understanding of the operations and data flows of each device on the network, automating dynamic security policy generation and enforcement in the event a threat is detected. We can do this because the Ordr Data Lake is populated with detailed operational profiles for millions of devices.

When any device strays from its deterministic parameters, Ordr detects that change and automates proscribed actions to protect the device and its operational ecosystem. This is vital to preventing attacks against connected devices, containing threats by blocking lateral movement to and from connected devices, and maintaining operational resiliency for critical infrastructure targets, like hospitals and healthcare organizations, that are frequently targeted by ransomware gangs.

Ransomware an Ever-Present Threat

“Ransomware is an ever-present threat and can be particularly devastating in the healthcare sector, where even a few minutes of downtime can have deadly consequences. Protecting connected medical devices, many of which were not designed with security in mind, is now a top priority for IT and biomedical engineering departments. Medical IoMT security products provide much needed ‘context’ about devices and how they are being used so that smart decisions can be made to reduce their cybersecurity risks,” said Ed Lee, research director, Internet of Things and Intelligent Edge: Security at IDC.

Medical IoMT security products provide much needed ‘context’ about devices and how they are being used so that smart decisions can be made to reduce their cybersecurity risks, — Ed Lee,  IDC

In addition to this recognition from IDC, Ordr was named a healthcare IoT security market leader for an unprecedented third straight year by KLAS Research, recognized as a member of the CyberTech100 most innovative and pioneering companies that are helping financial institutions combat cyber threats and fraud, and is trusted by leading healthcare organizations like Cleveland Clinic, Dayton Children’s Hospital, Mayo Clinic, Freeman Health, and many more.

If you want to see for yourself why Ordr continues to earn kudos and customers, get in touch and we can provide a demonstration or answer your questions.


When the 2022 Verizon Data Breach Investigations Report (VDBIR) came out at the end of May, I was preoccupied with closing Ordr’s $40 million Series C investments and, while I gave it a quick read at the time, I didn’t get around to taking a close look until this past weekend. The VDBIR always contains a wealth of information, and like most people in the information security industry, I read through many studies to keep abreast of trends and look for clues that point to what’s next.

I especially look forward to seeing what is new in the VDBIR. Over the last 15 years the team at Verizon has done yeoman’s work quantifying the way threats have played out, tracking things like ransomware and digital supply chain attacks, helping to raise awareness of the need to improve the ways enterprises secure their networks, data, and people. It is incredibly useful and has the advantage of its deep history.

Reading Between the Numbers

After skimming the 108-page 2022 report, and examining more closely the sections calling out healthcare, manufacturing, finance services, and other industries that call on Ordr to protect them from the threats to their extensive connected device inventories, something caught my attention. At first I couldn’t quite figure out what it was that made the numbers stand out to me, but then it hit me.

In the introduction, the scope of the report is quantified as “23,896 security incidents, of which, 5,212 were confirmed data breaches.” Those numbers are intended to impress upon the reader the magnitude of the problem and to convey the impressive effort involved in producing the report year-after-year. But they reveal a much bigger problem for those organizations that depend on our industry to protect them from the schemes of cyber criminals: the critical importance of accurate data in cybersecurity detection and response. Let me explain what I mean.

Bad Data is Costly

Bad data–whether inaccurate, incomplete, or obsolete–is the root of many persistent problems vexing cybersecurity, including false positive security events. Each of those nearly 24,000 incidents took time and resources away from the organization whose security team had to investigate and determine whether or not an attack had taken place. And when you consider that data in light of a recent article in CSO Magazine reported that reported security teams waste thousands of hours and hundreds-of-thousands of dollars each year chasing their tails because of false positive incidents, the impact of bad data gets worse.

False positive security incidents may account for as many as 45% of all security events.

According to CSO Magazine, false positive security incidents may account for as many as 45% of all security events. That means that of the 23,896 security events used in Verizon report, there were nearly as many incidents that also had to be evaluated before determining whether they were actual indicators of compromise (IoC) or false positive events, wasting time and resources, but also causing signal fatigue through the boy who cried wolf effect, making organizations less secure because security teams become conditioned to expect to find no threat. When security evaluations and decisions are based on bad data, the natural response is to adjust the systems designed to detect anomalies to be less sensitive. This reduces the workload for human analysts, but it also increases the chance that actual IoCs will go unnoticed.

Imprecise data begets imprecise results, and imprecise results increase risks to the enterprise. The remedy, therefore, is more data–and more precise data.

Building on a Foundation of Excellent Data

When we set out to develop the technology that became the Ordr platform, we knew we had to build something that was engineered from the start to address the problem of false positive signals. We also knew we needed to focus on discovering and protecting connected devices, so we created an Ordr Data Lake populated with data specific to millions of devices; then we applied artificial intelligence and machine learning to run behavioral analytics to develop security models for each device.

That combination of Ordr Data Lake, our behavioral analytics engine, and comprehensive, real-time discovery of devices is powerful. Deep packet inspection of network traffic along with granular device context (including properties like operating systems, patches, and software installed and network connectivity) flows to our Ordr Data Lake along with all of the flow data that the device transacts. Using this rich data, our AI-powered behavioral analytics engine along with standard threat detection methods, like intrusion detection signatures, URL/IP reputations, and other unique techniques forms a very accurate profile of a device, and identifies ones with vulnerabilities, risks and anomalies.

Deep and Unrivaled Device Data

Today, the Ordr platform is informed by a body of threat intelligence and device-specific data that is unrivaled in its scope and scale. What’s more, Ordr is constantly enriched with an influx of new data, including real-time packet capture and analysis across each customer environment. That feeds our platform with an accurate, continuous, and correlated input of data from every connection, flow, and change.

The Ordr Data Lake collects close to 1000 attributes for every device and models are updated regularly with new  data to scale classification of newer devices introduced in the network

Non-correlated data can’t be used to distinguish false positive signals from actual indicators of compromise at the speed required to quickly and efficiently detect and contain–or even prevent–attacks. That level of detail and resulting accuracy means that, when the Ordr platform detects an anomaly, we can apply automated policy enforcement with a high degree of confidence to exactly isolate the offending device.

Ordr uses that depth of detailed intelligence to perform multidimensional contextual analytics centered on individual devices that can quickly detect and contain a threat, not merely track an attack’s progress. It’s the difference between eliminating the detrimental effects of false positive signals and taking decisive action that minimizes the threat of a breach while allowing business critical operations to continue.

Ordr Covers your Large Threat Surface

There are more than 35 billion internet of things (IoT), internet of medical things (IoMT), and operational technology (OT) devices connected to enterprise networks today. By 2025 that number is expected to more than double to 75 billion. When you consider that the average hospital operates an enterprise with more than 100,000 connected devices, including as many as 15,000 dedicated to clinical care, the importance of device security is easy to understand. Each device contributes to an expanding threat surface that would be impossible to protect without a purpose-built solution.

The power of device and flow context, along with building behavioral models using historical observations world wide for each device, is critical in reducing false positives and confidently thwarting attacks on an organization. This is even more pertinent for devices that do not have an inert security agent installed.

If you want to put that power and precision of the device data lake to work protecting your enterprise, get in touch.