Ordr Announces Integration with ServiceNow Vulnerability Response Read more here!

Ordr

Request a Demo Search

Month: July 2023

There has been a lot of attention paid to ransomware over the last few years, and with good reason. In 2021 Fierce Healthcare reported a 470% increase in ransomware attacks on the healthcare industry in 2020 compared to the previous year. Threat actors saw an opportunity to take advantage of pandemic chaos to target a vulnerable sector of the economy and got to work. Healthcare took the brunt, but no industry was safe. The FBI’s Internet Crime Complaint Center (IC3) reported a more than 20% increase in ransomware investigations overall during that same period and said ransomware payouts increased at an even higher pace as a result. And according to Security Magazine more recent analysis shows the ransomware threat continued to rise through 2023, with more attacks, new gangs, and manufacturers emerging as a favorite target.

But ransomware isn’t the only danger to IT networks and data integrity. More common attacks, where the goal isn’t to lock down valuable information but siphon it off, remain a major threat to businesses. In fact, the most recent IC3 annual report said the FBI received 2,385 ransomware complaints accounting for losses of more than $34.3 million, while overall the Bureau fielded over 800,000 cybercrime complaints with losses of more than $10.3 billion during 2022.

A Complete, Real-Time View

Countering cyberthreats of every type is vital to protecting an organization’s business and operational interests, the safety of individuals, and to safeguarding assets like finances and intellectual property. Many types of cyberattacks share common attributes and indicators of compromise (IoC) like point of entry and vector, lateral movement, and disruptions to normal communications patterns. Identifying these can be difficult without a complete and real-time view of the assets comprising the network, and detailed profiles of each device connected to it. That is why a “whole enterprise” approach to cybersecurity must be adopted to maximize threat prevention.

Because many devices use obsolete, unsupported operating systems, they are easy to exploit and to quickly traverse the network toward their goal. 

This is especially important when considering the growing reliance many organizations have on the Internet of Things (IoT) and associated technologies like the Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT), operational technologies (OT), cyber physical systems, and other types of connected devices. Attackers don’t care what kind of devices the organization has deployed, only the operating system it runs. And because many devices use obsolete, unsupported operating systems, they are easy to exploit and to quickly traverse the network toward their goal.

Zero Trust Support

It makes sense, then, that a whole enterprise approach is the logical way to address cybersecurity because it includes full asset visibility combined with rich operational insights to give security teams the ability to recognize unexpected communications patterns and make informed security decisions in response. That is the Ordr See, Know, Secure philosophy to connected device security and it is why we have invested so much into building a platform that not only reveals an organization’s full connected device inventory in real-time, but layers in both intelligence and automation that enable dynamic policy creation and enforcement and support Zero Trust security initiatives.

A whole enterprise approach is the logical way to address cybersecurity because it includes full asset visibility combined with rich operational insights to give security teams the ability to recognize unexpected communications patterns and make informed security decisions in response.

That is important because connected devices are increasingly targeted by threat actors who use notoriously unsecure IoT, IoMT, OT and other devices as either an attack vector or path of lateral movement once inside the enterprise. They know that if 20% of an organization’s connected devices are outside the view of security, they are less likely to be detected and thwarted, and that their efforts stand a much higher chance of success.

Seven Keys to Fighting Back

To counter this threat, Ordr enables seven key capabilities in the fight against cyberattacks:

  • Discovery of all connected devices.
  • Identification of device communications with prohibited countries, prohibited IPs, and malicious URLs.
  • Communications baselining and identification of communication anomalies.
  • Identification of devices running vulnerable protocols with the ability to disable or monitor as needed.
  • Identification of devices running unpatched and/or vulnerable software and OSes through the Ordr Software Inventory Collector.
  • Segmentation or quarantining as a compensating control for devices that cannot be updated.
  • Retrospective analysis to evaluate past compromised communications patterns when new IoC and threat intelligence are released.

Recent Attacks Illustrate the Threat

Several recent, high-profile threat campaigns illustrate how these capabilities and a whole enterprise approach to cybersecurity can help prevent or minimize the effects of an attack. Exploiting vulnerabilities in Fortra’s GoAnywhere managed file transfer product, Progress Software’s MOVEit managed file transfer product, and the RDStealer weapon targeting remote desktop applications allowed threat groups to plant malware, including ransomware, in hundreds of organizations and execute the exfiltration of millions of data files containing sensitive personal and corporate information. Even when attacks use zero-day vulnerabilities to compromise network security undetected, the exfiltration of data may itself trigger automated policy enforcement, minimizing the event’s impact.

Ordr is a key component in the whole enterprise cybersecurity strategies of many top healthcare, manufacturing, financial services, and other organizations that recognize their growing reliance on connected devices could leave them vulnerable. Using Ordr, they now SEE, KNOW, and SECURE their systems and data.

Ordr’s See, Know, Secure Approach to Connected Device Security is Ideal for CPS Protection

 

As IT estates and their attack surfaces grow in complexity, cyber-physical systems (CPS) are getting more attention from cyber security professionals. Because organizations across all verticals  are adopting CPS to run operations more efficiently, connected devices are becoming more and more abundant. Some reports predict the number of Internet of Things (IoT), Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT) and other emerging specialized (XIoT) devices that populate sprawling corporate networks will exceed 24 billion by 2030. Those devices represent a critical interface between traditional IT and the hyper-connected sensors, controls, and other operational technologies (OT) comprising CPS these days.

Our own Chris Westphal blogged about cyber-physical systems recently, offering some background on what they are and identifying some of the security challenges associated with protecting them. A newly updated report by Gartner, 3 Initial Steps to Address Unsecure Cyber-Physical Systems, goes into more detail to help organizations struggling to understand their CPS infrastructure and establish a strategy to keep their CPS secure.

Threat Actors are Aggressive

The report makes it clear that threat actors are aggressively exploiting vulnerabilities inherent with CPS technologies and the threat to those organizations unprepared to defend them. In fact, Microsoft recently uncovered a “a sophisticated attack campaign” targeting IoT devices, while other new security research suggests malware targeting IoT devices has increased 700% since 2020.

As IT and OT converge, cybersecurity leaders need to identify their attack surface across both environments. Gartner’s report cites examples of attacks against organizations in healthcare, critical infrastructure, manufacturing, and public utilities illustrate the risks beyond cyber with potential impact  to individuals, public safety and economic stability, and serve as a warning to organizations relying on traditional IT security approaches. The report’s author, Gartner analyst Kattell Thielemann, puts it this way:

“Business-led Internet of Things or converged OT-IT projects have largely underestimated or ignored security and safety risks. Security and risk management leaders must go beyond data security by embracing cyber-physical system security efforts, or they will soon be overwhelmed by new threats.”

“Business-led Internet of Things or converged OT-IT projects have largely underestimated or ignored security and safety risks. Security and risk management leaders must go beyond data security by embracing cyber-physical system security efforts, or they will soon be overwhelmed by new threats.”

A Strategic CPS Security Foundation

That dire warning comes with the promise that, by taking the time to understand CPS infrastructure from a risk management perspective, CSOs, CISOs, and other security leaders can implement effective strategies for protecting those systems. Formulating a CPS security strategy starts by:

  • Prioritizing discovery of all elements of the CPS environment;
  • Anchoring security goals and policies based on insights derived from device data and industry-specific requirements like regulations and threat intelligence; and,
  • Focusing on building maturity into the strategy based on an evolving Zero Trust approach.

Here at Ordr we call it a “See, Know, Secure” model for protecting connected devices, and the capabilities enabled by our platform dovetail well with the needs of organizations with CPS infrastructure. That’s because Ordr quickly discovers all CPS elements operating in the network, including those that were previously unknown or that connect and disconnect outside the control of IT management. This discovery happens in real-time, so there are never any blind spots.

Once discovered, we classify, map communications, analyze behavior, and assign a risk score to each device based on the data in the Ordr Data Lake—the industry’s most complete library of connected device intelligence. Our data lake is populated with millions of individual device profiles, including rich detail on each. We know their deterministic operational parameters, disclosed vulnerabilities, normal communications patterns, and other essential context that allows you to set policy.

A Potent Combination for CPS Protection

That combination of insight and capability supports automated responses whenever indicators of compromise are detected; and that means your network security gaps are identified and closed. Whether a CPS device is the vector, target, or in the path of an attack, Ordr can detect it and either stop it or help contain the spread.

The speed, complexity, and unique technical challenges endemic to cyber-physical systems operations means that legacy security tools and strategies are severely limited when applied to CPS infrastructure. Gartner recommends that CPS security “focus on safety, reliability, resilience, adaptability, and privacy.”

The Ordr platform is ideally suited to address these challenges. To read more about best practices to secure cyber physical systems, download a copy of the Gartner report, Market Guide for CPS Protection Platforms to help you better grasp the complexities and establish a CPS security strategy that meets the needs specific to your organization.