Ordr Recognized in Gartner Market Guide for CPS Protection Platform Read more here!

It’s an exciting time at Ordr. Since securing our Series C funding in June we’ve been growing and building for a future that relies more and more on connected devices. Ordr’s mission is to protect those connected assets, and we execute against that mission passionately each day by building the world’s most accurate and complete device context repository using network intelligence.

Many factors are now coming together to drive the next level of growth for Ordr:

  • Our connected device security market is growing rapidly.
  • Our balance sheet is stronger than ever, fueled by our customer growth and the support of our investors.
  • Our product-market fit is seamless.
  • Our team is more energized than ever.

On top of this durable foundation, we welcome a leader who will lead Ordr to greater heights. I want to personally extend a warm welcome to Jim Hyman, our new CEO.

Thank You, Greg Murphy

Greg Murphy led the company for the last four years and has been an integral part of our success. I want to thank Greg for all his contributions to Ordr. It is difficult to fully convey our appreciation and gratitude to Greg in simple words, but his consistent thoughtfulness and emphasis on teamwork will continue to reverberate in our hallways. The business momentum, along with the customer-first culture established under his exceptional leadership is woven into our core values and sets us up for the next growth phase.

Today, Ordr has an impressive and growing list of leading healthcare and enterprise customers using our products to safeguard their devices, their networks, and their entire business.

Greg has truly positioned the company for future success, and we are immensely proud of our work to solve very complex security problems for our customers. Under Greg’s leadership we built an unrivaled security platform from the ground up, with rich features and a flexible open interface, on the foundation of a modern tech stack. Today, Ordr has an impressive and growing list of leading healthcare and enterprise customers using our products to safeguard their devices, their networks, and their entire business. These organizations- some of the world’s largest–validate our approach and strategy every day.

Welcome, Jim Hyman

Jim Hyman joins us at this important time, bringing an incredible background and deep experience to spearhead Ordr’s mission and supercharge our growth. Jim has taken businesses like ZScaler, Trusteer (acquired by IBM), and IronPort (acquired by Cisco) from the initial stages to business success. Most recently, Jim was the COO & CRO of Synack, a crowdsourced security company and undisputed leader in its space. Jim is a world-class executive with expertise in go-to-market execution and operations strategy, and brings to us a passion for customer success and growth.

Jim is a world-class executive with expertise in go-to-market execution and operations strategy, and brings to us a passion for customer success and growth.

I am excited about our next transformational stage and look forward to partnering with Jim as we execute our mission, accelerate our growth, and rapidly expand Ordr’s use cases for multiple personas across our target verticals. We will continue to build the world’s most formidable data lake—the Ordr Data Lake—to become the single source of truth for connected devices. We remain committed to innovation, creativity, and problem-solving for our customers.

Welcome to Ordr 2.0

Our partner-centric and customer-first culture will continue to be a priority, supported by our exceptionally talented and passionate team. I feel fortunate to be at a company in the leading position of a dynamic and growing market. More than ever, now is the time to accelerate our growth with Jim leading the charge.

I want to personally thank you all for your support over the years as we put our heads down to take our business to the next level. Welcome to Ordr 2.0!


The risks associated with a large, connected device attack surface are getting harder to ignore. In recent weeks the U.S. Cybersecurity Infrastructure & Security Agency (CISA) and National Security Agency (NSA) issued a joint advisory on threats associated with operational technology (OT) such as the industrial control systems (ICS) that many critical infrastructure organizations rely on to run their facilities. Overseas the European Union enacted two new regulations mandating stricter cybersecurity requirements for connected medical devices, otherwise known as the internet of medical things (IoMT).

Ordr has been working hard to provide the means for organizations in industries like healthcare, financial services, manufacturing, life sciences, and government to protect themselves from those threats since 2015. And we are always happy when those efforts are recognized because it means more awareness of the dangers to critical systems and of the tools available to keep them protected.

Ordr Recognized as a Leader in Healthcare IoT Security

On September 20, International Data Corporation (IDC), one of the leading information technology market intelligence advisors, recognized Ordr as a leading innovator in IoMT security solutions in their report, IDC Innovators: Healthcare IoT Security Products, 2022.

IDC describes healthcare organizations as “high-value targets for cyberattacks. As more medical devices are connected, the attack surface that bad actors can exploit has increased dramatically and a single breach can lead to a multitude of undesirable outcomes. Meanwhile, traditional information technology (IT) cybersecurity solutions are not designed to protect the wide range of medical devices used in supporting healthcare.”

As more medical devices are connected, the attack surface that bad actors can exploit has increased dramatically. — IDC

Ordr Provides Ground-to-Cloud Protection

Ordr’s platform provides protection for those environments by enabling complete ground-to-cloud visibility of all IoMT, IoT, and OT devices whether they are on-premises or remote, no matter if they are communicating locally or across complex digital supply chains. Then, we provide precise, contextual, real-time understanding of the operations and data flows of each device on the network, automating dynamic security policy generation and enforcement in the event a threat is detected. We can do this because the Ordr Data Lake is populated with detailed operational profiles for millions of devices.

When any device strays from its deterministic parameters, Ordr detects that change and automates proscribed actions to protect the device and its operational ecosystem. This is vital to preventing attacks against connected devices, containing threats by blocking lateral movement to and from connected devices, and maintaining operational resiliency for critical infrastructure targets, like hospitals and healthcare organizations, that are frequently targeted by ransomware gangs.

Ransomware an Ever-Present Threat

“Ransomware is an ever-present threat and can be particularly devastating in the healthcare sector, where even a few minutes of downtime can have deadly consequences. Protecting connected medical devices, many of which were not designed with security in mind, is now a top priority for IT and biomedical engineering departments. Medical IoMT security products provide much needed ‘context’ about devices and how they are being used so that smart decisions can be made to reduce their cybersecurity risks,” said Ed Lee, research director, Internet of Things and Intelligent Edge: Security at IDC.

Medical IoMT security products provide much needed ‘context’ about devices and how they are being used so that smart decisions can be made to reduce their cybersecurity risks, — Ed Lee,  IDC

In addition to this recognition from IDC, Ordr was named a healthcare IoT security market leader for an unprecedented third straight year by KLAS Research, recognized as a member of the CyberTech100 most innovative and pioneering companies that are helping financial institutions combat cyber threats and fraud, and is trusted by leading healthcare organizations like Cleveland Clinic, Dayton Children’s Hospital, Mayo Clinic, Freeman Health, and many more.

If you want to see for yourself why Ordr continues to earn kudos and customers, get in touch and we can provide a demonstration or answer your questions.


Today Ordr announced our Series C funding; another injection of capital that allows us to continue investing in our company and build it to last. On this occasion, I can’t help but look back and reflect on a journey that began in 2015 when Sheausong Yang and I–the founding team–had a vision to build a security platform that would give organizations the ability to see and secure every connected device in their network.

Our idea was new then, and it wasn’t easy getting people to understand the problem at first. Even as organizations were increasingly adding unmanaged connected devices to enterprise IT environments, there was confusion over what was classified as internet of things (IoT) or operational technology (OT). Many organizations we encountered thought we were talking about consumer technologies, like then-new smart speakers, and not the millions of medical devices, industrial controls, building management systems, and other equipment like surveillance cameras, phones, printers and vending machines that were often connecting simultaneously to enterprise networks and the public internet.

The Entrepreneur’s Dream

Because an entrepreneur’s journey is hard, often with ups and downs, it’s important to find partners who believe in the vision, the team, and are willing to give the support needed to work things out and solve big problems. We were fortunate to find such a believer in Peter Wagner, founding partner at Wing Venture Capital. Peter believed in the Ordr founding team and our ability to design the right solution to the problem. We also trusted Peter as a partner in our journey. Dominic Orr, former president of Aruba Networks; Pankaj Patel, former executive vice president and chief development officer at Cisco Systems; Dan Warmenhoven, former CEO of NetApp; and Prakash Bhalerao, veteran chief executive and angel investor also became believers in our vision and invested in our seed round as well.

What was not well-known when we started, but something that Peter, Dominic, Pankaj, Dan, and Prakash grasped, was how difficult it was to discover and secure IoT devices in enterprise environments. In fact, it was nearly impossible. These devices were often connected and unmanaged, operating outside the view of IT management and security tools, and given the proliferation rate at which they were connecting, the problem was getting worse. A specialized security solution was needed, and so we set out to build one. At the same time, the industry needed education about the unique threats to connected devices, and we were competing for attention in the cybersecurity space with hundreds of companies, each claiming to have something new and better, even if only a few really did.

A Foundation of Data

Every strong structure starts with a solid foundation. Our approach to connected device security would be built on data and analytics. Specifically, building a massive data lake populated with the details of as many device types as possible, and using behavioral analytics to build security models for each. Achieving our vision required studying breaches to understand their characteristics and communication patterns, and continuously comparing what we learned with the typical behavior of every single device in the network. Employing behavioral analytics was the only way to monitor complex communication patterns and adapt to the ever-changing strategies of threat actors.

Artificial intelligence (AI) and machine learning (ML) require massive amounts of data to solve hard problems. Rather than rely on second-order metadata, the Ordr Data Lake would be populated with accurate, correlated device details collected directly from the source. This was no easy task. You need to have grit, and shortcuts taken at this stage will haunt you throughout the lifetime of the product. We knew once we had the data we could harness it to solve hard problems, take on the challenges ahead, and build a platform for connected device security.

Fast forward to 2022 and the Ordr Data Lake has millions of device profiles; a number that grows as new devices are released and connected to environments across the globe. To enrich our data lake with new details and insights, we do a full, real-time packet capture across our customers’ environments to feed our platform with an accurate and continuous input of every connection, every flow, and every change. Analysis of that data is real-time too. It has to be. When someone asks for the current weather, it does no good to give the temperature from earlier in the day. Real-time analysis is critical in security and provides a precise assessment so accurate decisions can be made. In security, the game is rapid detection and remediation; guesswork is unacceptable.

Innovative Approaches to Problem Solving

Other key innovations have been part of the evolution of our platform. Data correlation, normalization, compression and organization is critical to storing and harnessing the massive amounts of data we collect and analyze without requiring hundreds of servers and zettabytes of disk storage. For those who are counting, one zettabyte is one billion terabytes. Thanks to our intelligent data compression, we can secure an entire large-scale hospital with just a few servers as our analytics backend. For context, the average hospital maintains an inventory of more than 100,000 total devices of which at least 10-15 thousand are in clinical care as internet of medical things (IoMT) devices, as well as IoT and OT associated with administration, communications, facilities management, and other essential functions–not to mention all the stranger things that find their way onto enterprise networks.

Behavior-based identity analytics is another key innovation for Ordr, and is used to establish multifactor authentication on agentless, unmanaged devices. Triangulation of factors such as a device’s OS vulnerabilities, communication patterns across the enterprise, communications patterns to external sites, and the reputation score of destination sites, are all analyzed to minimize false-positives and ensure a high level of confidence when unique indicators of compromise (IOC) are identified.

Countless hours of hard work, determination, and creativity were behind the effort that turned our vision into a proof-of-concept, and then, a working product. From that point, our vision, the strength of our team, and the potential of our technology helped us secure Series A funding, led by Alex Doll of Ten Eleven Ventures and joined by Unusual Ventures. With Series A we were able to build our team, establish our brand, and go to market. After Series B, led by Dharmesh Thakkar of Battery Ventures, and with investments from Kaiser Permanente Ventures and Mayo Clinic, Ordr was established as a force in healthcare and positioned for expansion into other verticals, like manufacturing, financial services, smart cities, and government. At this point, we began expanding into visibility and security for every connected device. To secure any device, you need visibility into every device in the network.

Flexibility in the Face of the Unexpected

When the pandemic struck in early 2020, the strength, resilience, and flexibility of our company were put to the test. The growth of nearly every organization was impacted at this time, but our healthcare customers in particular faced tremendous challenges. We stepped up to explore new ways to deliver value with our platform. Leveraging our core discovery and analytics capabilities, our customers found value in the ability to locate existing device inventory and understand real-time device utilization.

As an example, the Ordr platform enabled customers to keep track of critical devices such as ventilators, ensuring they were deployed to maximal efficiency to deal with the surge of COVID patients. Not only did the Ordr platform keep hospitals safe during this time, it also helped them run efficiently, ensuring they could continue to deliver critical healthcare services. That built goodwill and, when the pandemic eased, our customers adopted our platform enterprise-wide and recommended us to their peers in the industry. It was a key moment for the growth of our business.

Building an Unrivaled Franchise

As the world slowly returns to some semblance of normalcy, our Series C funding sets us up for our next phase of expansion on our journey to build an unrivaled security franchise. The Ordr Data Lake is growing rapidly, and now includes millions of device profiles, helping us to discover, identify, and classify every device in a customer’s environment with accurate, granular detail.

Within minutes of deploying Ordr in an environment, the data we analyze populates our UI with every connected device discovered, classifying each by manufacturer and model. Each device includes a picture for easy identification, along with a detailed description of attributes that include the device’s OS, vulnerabilities, connectivity details, flow data, applications installed, and logged users. Visualization in our platform is world-class and gets raves from our customers thanks to the tremendous “design thinking” effort we put into our UI/UX to achieve excellent aesthetics in support of usability.

On top of that, we add data and insights from a wide variety of enterprise tools to enrich our analysis. With more than 70 integrations, our data lake quickly provides accurate context for the operational status, as well as security posture, of every device in an organization.

Fast, Accurate, Dynamic, Automatic

Another critical strength of the Ordr platform is its ability to identify and respond to active attacks, including zero-day threats, and enable teams to stop them quickly with automation and orchestration. To get to “zero-day” attack detection requires behavioral baselines–something that must be done within minutes–to identify unique, malicious, abnormal behaviors. Since most connected devices operate within narrow behavioral parameters, our extensive data lake allows us to detect IOCs with a high degree of speed and accuracy.

Once malicious activity is identified, we leverage our deep knowledge of each device and its exact connectivity under normal operations to dynamically generate zero trust policies to isolate any misbehaving, potentially compromised device. These policies can be reviewed by security teams and, with a single click in our UI, policies are enforced with existing security and network infrastructure. With Ordr, response times are reduced from hours or days down to minutes to stop the spread of an attack. No other connected device security solution provides a complete map of all the devices, their connectivity in the enterprise, and their flow level context in real time, 24×7. We achieved this by building interfaces with every single network infrastructure vendor out there–a daunting task indeed.

The Next Chapter

From the start, our mission has been to help organizations see, know, and secure every connected device everywhere. We continue to innovate to deliver on that mission and provide our customers and partners with the most accurate, complete, and easy to consume device knowledgebase on the planet with meticulous device classifying, profiling, and cataloging.

What’s more, all of our data is available to partners through open APIs. In fact, Ordr is the only platform that has complete device intelligence that includes network and flow-level context with deep accuracy. Today, Ordr is well-positioned to be the supplier of choice of device intelligence to evolving Open XDR frameworks, providing open-source data to enable the correlation of information and delivery of the best possible service to the customers.

There are many more innovations and opportunities ahead for Ordr. With our world-class investors, dynamic board of directors, experienced management team, and passionate employees, we look ahead with laser focus to meeting the needs of our customers and helping them see, know, and secure every connected device that is critical to their business. Stay tuned, we’re off to write the industry’s next chapter on connected device security–and beyond.


Ordr just announced the closing of our Series C round of investments, raising an additional $40 million dollars to support our growth and continuing R&D in the realm of securing internet-connected devices for the organizations that rely on them. Investors in the round include ongoing commitments from all our prior investors, including Battery Ventures, Ten Eleven Ventures, Wing Venture Capital, Unusual Ventures, Kaiser Permanente Ventures, and Mayo Clinic. We are delighted to add Northgate Capital as an Ordr investor and to have the support of industry leaders and notable Silicon Valley entrepreneurs René Bonvanie, former Chief Market Office of Palo Alto Networks; Dan Warmenhoven, former Chairman and CEO of NetApp; and Dominic Orr, former Chairman and CEO of Aruba Networks.

Since Ordr’s founding in 2015, our company has attracted more than $90 million in total investments. On behalf of the Ordr team, I want to thank all our investors for this strong vote of confidence in the organization and in our vision for the future of cybersecurity. While many companies have been sold or exited this market early, this funding gives us the ability to build a strong, stand-alone technology leader that will be here for our customers for years to come. I must also offer our gratitude to the hundreds of customers and partners who have trusted Ordr to protect their connected devices, patients, and businesses. We are inspired every day by your commitment and dedication to your mission. Your passion and input have made us a better company and today’s announcement would not be possible without you.

Finally, I want to recognize the tremendous Ordr team, from our founders, Pandian Gnanaprakasam and Sheausong Yang, to the amazing new colleagues who have joined us recently. This milestone reflects your passion, your empathy for our customers, and your dedication and confidence in our mission.

Our Vision, Our Journey

When we began our journey, it was estimated that there were about 3.5 billion internet of things (IoT) devices connected to public networks. Improvements and innovations in processing and network communications, artificial intelligence and machine learning, and automation presaged rapid growth for the technology. Today there are more than 35 billion connected devices in service, and projections suggest more than 75 billion will be deployed by 2025—more than twenty times the number since we started.

Every one of those devices is a potential attack vector, expanding the need for what Gartner now calls “cyber asset attack surface management,” or CAASM. Threat actors are adept at taking advantage of device vulnerabilities to gain a network foothold from which they can move laterally to disrupt operations and execute attacks. Their targets are often organizations in critical infrastructure industries like healthcare, manufacturing, energy, and government where there has been heavy adoption of IoT devices, including the internet of medical things (IoMT) and operational technologies (OT). In fact, Ordr is one of the few security vendors that address a myriad of security and device management use cases across Gartner-defined market categories ranging from medical device security and OT security, to CAASM, and network detection and response (NDR).

IoT Security as a Business Imperative, Strategic Priority

Securing the vast constellation of connected devices is not only a business imperative, but it has been recognized as having strategic importance for national security here in the U.S. and abroad. The Ordr platform is a vital component to achieving a Zero Trust security posture as recommended to protect economic interests. To meet the security needs of critical infrastructure and other industries, like financial services, retail, education, and biopharma research, where connected device adoption is building momentum, requires a tool like Ordr that is designed to address conditions unique to connected devices. Ordr’s “See. Know. Secure.” approach to connected device security finds devices wherever they are in the network, identifies each device and learns its operating pattern, then automatically applies and executes appropriate security policies to ensure that each device remains protected.

And Ordr’s approach to connected device security works. That’s why the Ordr platform enjoys wide adoption across critical infrastructure industries where we help protect three of the world’s six largest healthcare organizations, and are the connected device security tool-of-choice for more than 150 manufacturing sites. Ordr customers span the full spectrum of industry, and our technology’s excellence has driven a 140% increase in year-over-year new customer growth in our most recent quarter, ending March 31, 2022.

Looking to the Future of Connected Device Security

As we look to the future to further develop our product, attack the market, and execute against our business plan and goal of achieving continuous improvement in all aspects of our operations, we’re proud to have attracted such strong partners invested in our success and that have a stellar track record working with companies in hyper-growth, and that bring strong domain expertise to our leadership team. We believe the connected device security market needs a strong, open, and independent player that prioritizes customer success, focuses on time-to-value, and integrates with all the key components of a customer’s security and network infrastructure. This funding validates our best-in-class approach and solidifies our leadership in the market.

It is my privilege to serve as Ordr’s CEO and to play a role in an exciting future for the company, and am humbled to be surrounded by a team of professionals committed to our success and the security of our customers. If you want to be a part of that future, please check out our Careers page for opportunities to join the team. If you are a CISO, CIO, or other tech leader who recognizes that your company’s investments in connected devices are leaving you vulnerable, take a look at our technology and then reach out for more information or a demonstration. We’d love to hear from you.


In recognition of International Women’s Day, we spent some time with one of Ordr’s many talented female employees: customer success escalation engineer Pallavi Raj.

Pallavi, who began her career at Ordr as a software engineer, has been with us for what she describes as an “enriching one year and four months.” Before coming here, she earned an MS in biotechnology/bioinformatics from Georgetown University, and an MS in MIS (information systems) from the University of Colorado, Denver, Business School. Impressive educational accomplishments.

Prior to pursuing her advanced degrees, Pallavi worked as a content editor with a multi-channel health and nutrition media company responsible for managing connected TV channels like Health Smart, which sparked her interest in information technology. Then she moved on to become a portal manager and digital business operations analyst at Blue Shield of California, playing an instrumental role in launching native mobile apps for both android and iOS customers of Blue Shield.

Those hands-on experiences gave her an understanding of the many facets of technology’s influence on business, and especially in healthcare, that would come into play in her current role at Ordr.

Ordr: What drew you to a career in tech?

Pallavi Raj: As the saying goes, “A person does not gain knowledge by merely possessing an insatiable thirst for it, but by seeking for the means to quench it.” Being a staunch advocate of this philosophy, I strongly stand by the fact that, to shine in an innovative workplace, one should always aim for the perfect combination of analytical and technological proficiency, coupled with a scientific mind and leadership qualities.

Belonging to a family of software engineers, doctors, and technology entrepreneurs, I was always inclined towards being part of the technology domain. I went ahead and earned my master’s in biotechnology with a bioinformatics track from Georgetown University. This course of study exposed me to the amalgamation of biological sciences and information technology, and to the boundless data science possibilities this blend could bring.

Ordr: What was it that drew you to pursue a role at Ordr?

Pallavi: I went on to pursue another MS in information systems to gain momentum in the IT industry. This education proved extremely beneficial in comprehending cybersecurity principles, advanced networking concepts, and database management, as well as the full scope of other technology and management courses that I took during my time at University of Colorado, Denver. The degree was a blend of technical concepts with cybersecurity concentration and managerial concepts focused on business intelligence and programming.

Ordr provided me the golden opportunity to incorporate both my professional experience and academic attributes. Working at Ordr has brought me one step closer to understanding how to develop various skills that could help in harnessing the power of technology, while applying what I have learned in a highly innovative environment.

Ordr: Who has served as a mentor for you, and how have they influenced your career to date?

Pallavi: For me, mentoring means inspiring, guiding, and spearheading the right skills at the right time by the right people. Some of the influential mentors in my life have been my brother who is a senior executive at Amazon; my husband, who has a great deal of rich experience working in the technology sector; and my parents, who are doctors and professors, and have always encouraged me to be an empowered technology talent.

Ordr: How has your experience at Ordr influenced your perspective on tech?

Pallavi: Organizations face a vast array of emerging cybersecurity and vulnerability management challenges, and a higher risk of security breaches due to increased adoption of IoT and other connected devices. Ordr addresses these issues with an innovative mix of artificial intelligence and network packet analysis to support a zero-trust posture for our customers. And in addition to security, we also deliver vital extensive asset management, continuous visibility, and segmentation capabilities. Seeing this from the inside has given me a new perspective and appreciation for what’s possible with a well-designed technology framework.

Ordr: What have you learned in your time here that has surprised you?

Pallavi: One of several surprising elements of my journey at Ordr so far has been observing how the company has not only risen to become a world-class leader in healthcare security, but continues to innovate to do more. Our customers are managing hyper-connected enterprise architectures, and we support them by leveraging machine learning technology where real-time data gets generated, processed, and classified at a humongous scale.

What Ordr has achieved not only in healthcare environments, but for manufacturing, financial services, and critical infrastructure operators around the globe by discovering, identifying, and securing IoT devices against cyber threats has been an incredible learning experience for me.

Ordr: What is the biggest non-technical strength that you bring to your role as a customer success escalation engineer?

Pallavi: I have always been an advocate of expanding my versatility in different areas that can help me to foster positivity and productivity. Having recently assumed a new role here as a customer success escalation engineer, I can apply my problem-solving, self-starter, and communications skills on behalf of our customers to ensure their satisfaction. I believe my optimistic approach towards feedback, my ability to work collaboratively, and my love of lifelong learning are my biggest strengths.

Ordr: What advice would you give to yourself if you could go back to when you were in high school?

Pallavi: I would tell my younger self, “Don’t be afraid to listen to your inner self when it comes to choosing the difficult and challenging path. It might sound risky, but it will lead down a road with unique possibilities and immensely proud accomplishments.”

Ordr: What is your proudest achievement outside of the workplace?

Pallavi: I am proudest of my flexibility in transitioning from a biological background to the IT sector. Finding solutions to difficult problems has always been a strength, and my background dealing with and researching data, and having an experimental mindset, played a crucial role in changing gears for my career.


It’s not often that, in a high-tech industry like security, a company can pioneer an emerging market, and then continue to lead that market for the next five years. This is why our recognition as a Healthcare IoT Security market leader—for the third straight year—by KLAS Research in its latest report, “Healthcare IoT Security 2022: Moving beyond Device Visibility,” is such a milestone achievement for us.

We are so grateful to our customers who engaged with KLAS and provided feedback to them. We couldn’t have done it without you! Ordr received high marks from customers in the KLAS report for:

  • Breadth of functionality beyond just visibility, including abnormal activity identification, traffic monitoring, and device utilization tracking;
  • High customer satisfaction rates;
  • High value across multiple stakeholders including Security, Clinical/Biomed and IT;
  • Helpful training and education offerings, including the Masterclass webinar series;
  • User interface enhancements; and,
  • Strong technical background of the Ordr team in security, healthcare and networking.

There are several aspects of the report that are important to highlight.

1.     3-Time Leader with High Customer Satisfaction Rates

In 2019, when we first appeared in the KLAS report, the market was just emerging. In November 2020, we were named a market leader for the 2nd time. In 2022 again, we’re named a market leader. In the same report, KLAS highlighted our client list transparency.

For healthcare organizations, we emphasize the value of working with a partner with a consistent track record of leadership in healthcare. That consistency and focus is something we’re really proud of.

2.     Evolution of Our Customers from Visibility to Risk Insights and Security

Customers interviewed celebrated Ordr’s ability to provide value beyond device visibility. In its report, KLAS noted that, “Ordr customers (often very large health systems) use the platform to do more than simply see what devices are connected to their network—they also track device utilization, identify abnormal device activity, and monitor traffic.”

“Ordr customers (often very large health systems) use the platform to do more than simply see what devices are connected to their network—they also track device utilization, identify abnormal device activity, and monitor traffic.”

This is an important distinction.

As an early vendor in this market, working with so many large healthcare system customers over the last couple of years, our customers have moved beyond visibility (“See”) towards the “Know” and “Secure” part of their connected device security lifecycle. Many healthcare customers utilize Ordr as the source of truth for both device and network context as well as flow level analytics for policy generation. Our customers depend on us for critical risk and clinical insights, and we’ve successfully implemented Zero Trust policies to support their initiatives.

The KLAS report also celebrated our ability to deliver high value across the domains of different stakeholders. Observe the broad range of ways different users within a healthcare organization – Clinical/biomed engineering, security and networking– are using Ordr in these KLAS customer insights, and the outcomes we’ve delivered:

“On the clinical engineering side, the value of the product comes from utilizing the product. We look at whether things are performing as expected or whether the system requires patching. We can get patches from the vendor, but we may miss something, and that makes things very difficult. With Ordr’s system, we can identify which things have been patched and which haven’t. We are also feeding the data into the asset management tool so that we know exactly which systems are involved in our work. The data is very rich and useful.”

“I would definitely recommend the system. The major strength is complete visibility into the endpoints for the traffic that we send through the solution. That will assist us when we get into a more stringent RADIUS authentication requirement for our wired network. Another strength is the ability to see exactly what a device has talked to from either a profile view or a specific device view. We can see what ports were used, how many times the communication happened, and what the date and time were. We can get a rather slick visual representation of that and easily export it.”

“The biggest outcome is a significant decrease in the amount of incident response time. We have used Ordr Platform as a part of our incident response with ransomware. Because we couldn’t run our antivirus on our machines, we were able to go in and identify the specific machines in Ordr Platform and provide a picture to the field support. The network engineers had already logged in to Ordr Platform, saw the traffic, and then killed the port so that it couldn’t communicate. That was very handy so that when a field support person walked into the room, they knew exactly where they were going. We were able to get the medical devices back up and running on our network and segmented really quickly. Ordr made that quick turnaround happen. We have factored the utilization of Ordr Platform into our incident response plans. We have been able to reduce our response time by hours. We already had a really robust response time and plan, and the system sped things up significantly.”

3.     Preferred by the Top Healthcare Delivery Organizations (HDOs)

Top healthcare organizations, including 3 of the top 6 HDOs in the world use Ordr. Addressing the needs of these large and sophisticated healthcare organizations is NOT easy and requires a mature product that can meet requirements of accuracy, scale, resiliency and reliability. Our customers have higher levels of expectations with Ordr and we are a critical part of their mission critical security journey. Designing a system to discover 15,000 connected devices for asset inventory in a single hospital is far different than designing a solution for 500,000 devices across an entire healthcare system, delivering granular profiling, device flow mapping, clinical and security risk insights, and segmentation policies.

We are proud of the fact that as we continue to evolve our product and through our many years in the market, we continue to receive some of the highest ratings and deliver the highest levels of transparency to KLAS.

And when it comes to delivering value for healthcare providers, we are just getting started. Stay tuned to this space to see what’s coming next from Ordr!

Here’s an At-A-Glance on the report. Want to read the full report? Email us at info@ordr.net.


I still remember vividly the day I met René Bonvanie at the very early stage of this company to get his feedback on our vision to make this connected device world a safe place. Rene emphasized the importance of keeping the mission super simple and offering a product that focuses only on one or at the maximum two key areas but with huge differentiation.

As we set out to bring “Ordr” to the world of all connected devices, our ambition, though daunting, was to catalog the world’s device information base. We are still focused on that mission to date as our crowd sourced library keeps growing– powered by our machine learning engine and data from our customers.

Little did we realize that this device data library with behavioral models we created using passive packet techniques could become so critical in offering incredible forensics to solve so many cybersecurity use cases. Today we are in a position to be able to offer unique insights into every device that is involved in an advanced attack. It has helped our customers detect and rapidly mitigate compromised devices very early in the kill chain during a ransomware attack. In one case, one of our customers detected the Conti ransomware 15 days before the IoCs were officially shared by the FBI and other threat intelligence teams.

Our next chapter in security unfolds with even more focus on the foundational technologies we built – to precisely profile each and every device in an organization, its risks and its behavioral interactions with other systems and servers. This is timely, as every organization today is facing the highest levels of cyberattacks.

In lockstep with our product development efforts, we are thrilled to have René Bonvanie join as Executive Chairman of the Ordr Board to add deep industry knowledge and operational experience in cybersecurity.

René brings more than 35 years of industry experience to Ordr and currently serves as an Executive in Residence at Battery Ventures. He previously worked for over ten years as Chief Marketing Officer of Palo Alto Networks.

Those of us who have been in the cybersecurity industry for many years have admired how he disrupted the firewall market at Palo Alto Networks. He also knows the connected device security market particularly well, having been part of the startup ecosystem in this space in the past. René joins us at a pivotal point in Ordr’s journey. With the alarming increase in cybercrime, organizations are looking not only for visibility and insights on connected devices, but a complete set of security features to protect and respond to cyberattacks. Ordr is well positioned to meet these needs, and René’s experience will be invaluable in accelerating our growth.

The executive team has been working closely with René and we know the company will benefit greatly from his strategic counsel and go-to-market expertise. Dominic Orr, Ordr’s Executive Chairman of the Board since 2019, will remain on our Board of Directors and continue working closely with the senior management team. We will continue to leverage Dom on an ongoing basis as our board member, coach, and mentor, tapping into his industry knowledge and years of wisdom building great companies.


More than a decade ago, operational technology (OT) was d only used in manufacturing and industrial environments and airgapped from the rest of the organization. Today, the convergence of information technology (IT) and OT, and the growth of the internet of things (IoT) is revolutionizing the way organizations monitor systems, share and analyze data, and efficiently make decisions based on near real-time information. While this transformation brought about a modernization of how IT, IoT, and OT systems share invaluable data to empower business operations, it also brought about the alarming realization that none of these devices were created with security in mind. With ubiquitous connectivity comes the increase in ways to exploit them to gain access to sensitive data.

The convergence of IT and OT calls for the need to address identifying all network connected devices, how they are communicating and properly assess the risk associated. This is why Gartner named Ordr as a Representative Vendor in the Market Guide for OT Security.

As described in the Gartner report, the OT/CPS (Cyber Physical Systems) security journey for organizations aligns with six key phases. “Once they enter the “Oh Wow!” Phase [3], organizations realize that security — whether IT, OT, physical or supply chain — needs a whole-of-enterprise focus. Historical IT and OT functional differences are becoming a liability when security is involved. Due to design, age or function, the unique requirements of OT systems now add to IT security concerns in ways that can no longer be ignored. Modernization efforts bring risk, reliability and safety discussions to the forefront. As a result, leading organizations are starting to elevate OT security requirements into their enterprise risk management (ERM) efforts by adopting an integrated security strategy across IT, OT, CPS, physical security and supply chain security.”

Phase 3. The “Oh Wow!” Moment: Invariably, proof of concepts (POCs) become eye openers. For example:

  • Unmanaged assets are connected everywhere.
  • OT networks that were initially designed to be highly segregated have become flatter than realized.
  • Ports on all kinds of systems in all kinds of remote locations are wide open.
  • OEMs are accessing the machines they sold remotely and no one is managing it.
  • Disclosed vulnerabilities on old OSs have never been evaluated for possible patching.
  • The functional silos between separate security disciplines (e.g., cybersecurity, physical security, supply chain security, product security, health and safety) are creating seams that bad actors can exploit.
  • The realization sets in that operational environments where security is lacking are centers of value creation for most organizations; however, no centralized governance exists to start making sense of it all. Recognition develops that roles and responsibilities for a wide variety of (security related) processes and decisions have never been clear, let alone agreed on.

At Ordr we’ve helped top global organizations address visibility and security with a whole-enterprise approach — from traditional servers, workstations and PCs to IoT, IoMT and OT devices. We have created a solution that passively and in real-time discovers what devices are on the network, profiles device behavior and risks, and then automates the appropriate action. Our relationship with our customers has been one of mutual benefit, we have worked together to evolve our solution and address new use cases. As a result, we’re grateful and proud to serve our customers and be been named in the Market Guide for OT Security as a solution addressing device visibility and security.

For the report, click here.

Gartner Market Guide for Operational Technology Security, Katell Thielemann, Wam Voster, Barika Pace, Ruggero Contu,13th January 2021

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


We are excited to announce Ordr SCE 7.4.2! With the number of connected devices, including unmanaged and IoT devices continuing to rise exponentially, the number of vulnerabilities and attack vectors also rises. We are seeing organizations that are struggling to maintain a real-time and continuous inventory of all connected devices with the device intelligence to make informed decisions on how to mitigate the associated risk.

With the largest product release in our history, Ordr SCE 7.4.2, delivers more than 160 new features, integrations, and enhancements to provide unparalleled visibility and protection to organizations globally for security, IT, and HTM teams and their connected devices.

Highlighted features and benefits of Ordr SCE 7.4.2 include:

Reduce Infrastructure Footprint 

For organizations that are looking to reduce their existing network infrastructure solutions and gain quicker time-to-value, Ordr SCE 7.4.2 provides visibility via a virtual or physical sensor, or via a sensor-less telemetry data ingestion. While deep packet inspection (DPI) is foundational to connected device security, Ordr also supports more than 20 network switches, routers, firewalls, wireless controller vendors, including new sensor-less support in Ordr SCE 7.4.2 for Cisco ISR Routers, Juniper Networks Switches, Netgear Switches, Riverbed Switches, Fortinet Wireless Firewalls, Aruba Instant Controllers, and Ruckus Controllers, for quick visibility via telemetry data with enriched device context supported by the Ordr Data Lake, then visualized in an out-of-the-box customized dashboard.

In addition, Ordr SCE 7.4.2 simplifies deployment options with enhancements such as multi-tenancy, zero touch provisioning, on-premises or in the cloud, and a cloud-based portal.

Increase Efficiency with Workflow Based Dashboard   

To adapt to the ever-changing ways in which organizations are conducting business, Ordr SCE 7.4.2, introduces use case and asset inventory-focused dashboards. Organizations can drill down into rich device context based on industry specific devices, role specific data, and more, with one-click. This will help organizations to quickly look up devices that match specific conditions, including manufacturer, category, profile, devices with sensitive data, devices with custom tags, devices communicating with administrative protocols, device running outdated operating systems, and more.

Empowering Healthcare Technology Management (HTM) with Actionable Data 

As the rise in connected medical devices in 2020 saw an all-time high, 2021 is likely to see a corresponding increase in initiatives to address the security and risks of these devices. HTM teams are burdened with the need to quickly visualize and enact segmentation policies. Ordr SCE 7.4.2 delivers vast enhancements for healthcare organizations by ensuring that the clinical data like medical device data from the FDA, clinical and patient risk associated to a device(s), and security risk from MDS2 forms are easily accessible to support informed decisions and initiate the appropriate workflows within a matter of minutes.

Security enhancements  

To enable our customers in the wake of high-profile ransomware as well as espionage-like activity seen in the Solarwinds attack, Ordr SCE 7.4.2 give customers access to enhanced security components, focusing on optimized detection and tracking within the platform. Customers will have the ability to visually track antivirus software activity, URLs associated with phishing, malicious communications, user defined prohibited country communications, and quickly see devices with admin protocols and a snapshot of criticality level for devices with known vulnerabilities.

Integrate Efficiently into Existing Security Workflows 

As 2020 came to an end, yet again we saw a rise in ransomware and phishing attempts. Ordr SCE 7.4.2 allows organizations to detect and track ransomware via an optimized graphical user interface (GUI) with signature improvements to expedite the incident response (IR) process. In addition, to make the rich device context easily available we have worked with joint customers to bring security vendors Anomali, Exabeam, Fortinet, IBM QRadar, and Ping Identity into our integration portfolio.

Ordr SCE 7.4.2 introduces the ability to consume STIX and TAXII 2.1 from threat intelligence platforms (TIPs) like Anomali. This enables organizations to incorporate and extend their existing threat intelligence data to the Ordr Data Lake and address connected device security.

Organizations can use Ordr’s rich device context and associated alarms to initiate specific workflow actions based on device type, group, manufacturer, model name and number, and more. With the Syslog and JSON over HTTPs outputs, Ordr SCE 7.4.2 integrates with SIEM tools like Exabeam and IBM QRadar by transmitting alerts, device information, and other critical information. The SIEM ingests the feed, parses the data into the proper fields, and allows the incident response team to triage with a single source of truth.

In addition, Ordr SCE 7.4.2 introduces SSO via SAML for Ping Identity into the growing list of IDPs that Ordr supports. SSO helps to reduce replication of username and passwords, time spent on forgotten passwords, and IT resources spent on password recovery. With the Ordr SSO integration into IDPs like Okta, Ping Identity, Oracle, etc., organizations will have centralized management and access to Ordr SCE.

Enable Enhanced Analytics and Use Case Based Policy Generation  

Ordr SCE 7.4.2 will enable organizations to use flexible grouping of devices to map actions such as communication analysis, policy generation, or assigning custom tagging for NAC and firewalling. Customers can take various classifications like device type, threat/vulnerability, state of compliance, asset status, department, location, etc. and group them for a specific use case, allowing the policy profile to be analyzed and policies automatically generated. With this feature, customers can quickly achieve tasks such as controlling access for all physical security cameras used in a retail location, segment patient care devices by hospital and healthcare division, or tag all manufacturing devices that are still running Windows XP or Windows 7.

In addition, Ordr SCE 7.4.2 will come with a Yet Another Markup Language or YAML Ain’t Markup Language (YAML) Editor. Every organization defines their security risks differently and needs to use security tools based on their policies. This powerful editor allows advanced users to adjust some of the cyber security system parameters such as cyber security risk weighting, network topology definitions (VLAN/Subnet naming), blocklist content, and others.

Acceleration of Cisco TrustSec and Cisco Software-Defined Access (SD-Access)  

As Cisco’s leading IoT solution partner for Cisco Identity Services Engine (ISE). Ordr is the only product on the market to provide total IoT and OT visibility to Cisco ISE and the rich device context required to dynamically define Scalable Group Tags (SGTs), automate the provisioning of group-based segmentation policies, and provide SGT visualization and traffic analysis which greatly accelerates the time to value and increases strategic adoption of Cisco TrustSec and SDA.

For more information on Ordr SCE 7.4.2, visit our What’s New page: https://ordr.net/whats-new/ OR join us at 10:00 a.m. PST on Thursday, February 18 for a webinar on key features and benefits to implementing these enhancements.