Ordr Recognized in Gartner Market Guide for CPS Protection Platform Read more here!

Ordr

Request a Demo Search

Category: Customer Story

In the Fireside Chat: Addressing IoT Security Risks with Nexteer Automotive webinar, I discussed best practices for organizations building IoT security programs with Ron Temske, VP Security at Logicalis, and Jeff Horne, CISO at Ordr.

Background

The winds of change are blowing through the world of work today. Macro trends such as Industry 4.0 require that companies enact and accelerate their digital transformation. Technologies such as artificial intelligence, blockchain, cloud computing, autonomous vehicles, robotic process automation, edge computing, and the Internet of Things (IoT) are helping foster innovation and competitive advantage.

As companies embrace digital manufacturing to increase efficiency and optimize operating costs, there is an explosion of IoT devices on the plant floor. Further, more and more of our home devices are becoming internet connected. The exponential proliferation of IoT devices and immature security practices make them targets for attack.

Addressing IoT Security Risks

IoT devices play critical roles across many business functions across enterprises, making building IoT security programs crucial. Here are my tips for tackling IoT security, the “Magnificent 7 IoT Security Guiding Principles”:

  1. Characterize: Identify and classify assets and stratify them by business value and risk
  2. Demarcate: Implement network zones with a clear demarcation between IT and OT networks
  3. Understand: Visualize and identify threats and vulnerabilities across networks inclusive of devices, traffic, etc.
  4. Unify: Control access by users and devices across both secure wireless and wired access
  5. Adapt: Leverage Zero Trust to enact adaptive control schemes in real time
  6. Converge: Develop explicit third-party access and risk management protocols including Privileged Remote Access, which are particularly relevant to OT networks to strengthen the security architecture
  7. Beware: The following root causes have led to IoT device security issues in the past
    • Static credentials embedded in the device
    • Lack of encryption
    • No software updates
    • API security gaps

How Ordr Can Help

Besides sharing tips on creating an IoT security plan, I also shared the reasons why Nexteer chose Ordr over other IoT security solutions.

One of the key principles of our InfoSec & Privacy program, NEXTINTRUST is to leverage the trifecta of: IDENTITY, INTEGRATION & INSIGHTS across a layered security architecture for enacting adaptive, proactive control strategies.

Consequently, key dimensions needed to enact this strategy across the OT & IoT arena are:

  • Device Visibility
  • Policy Definition
  • Behavior & Risk Analysis
  • Enforcement of Policies & Standards

Ordr mapped well to Nexteer’s key security dimensions and the NIST cybersecurity framework principles of Identify, Detect & Protect. It can help us transform our security operations across the plant floor and IOT device arena.

Ordr offers a realtime dashboard and key insights such as automatic device inventory, device communication, and device risk analysis. Ordr’s ease of deployment, FIPS certification, and all-inclusive licensing model were also differentiators.

Ready to try Ordr for yourself? Try the Hands-On Lab to see how Ordr will discover and classify all connected devices, profile device behavior, and automate segmentation policies.

As a trusted advisor for cybersecurity, it’s important to be able to develop security strategies that match the challenges inherent in each customer’s unique IT environment. To do that requires a complete understanding of the IT estate; and a complete understanding of the IT estate requires device discovery that delivers total visibility into the estate.

In organizations that rely heavily on internet connected devices—the Internet of Things (IoT)—that level of visibility can be elusive. And for the unprepared, it’s going to get worse. That’s because there’s been a huge increase in IoT use across industry, and in healthcare and manufacturing especially. IoT deployments worldwide were at 10 billion in 2018 and are predicted to exceed 25 billion by the end of 2021. Some believe that number could more than triple by 2025, driven by the advent of 5G network connectivity.

Overcoming Historical Challenges
At Cadre we work with manufacturing and healthcare organizations with complex environments and a significant need to secure connected devices. Historically, protecting IoT devices in manufacturing and healthcare was a hard thing to do. Most organizations chose to either air gap their networks, or use a well-protected jump host to access the environments. On the manufacturing shop floor, where industrial sensors and controllers are used to maintain production, devices remained segregated from corporate networks.

Now you have devices that are communicating not only internally with the owner, but out on the internet to supply chain partners. That dynamic has upended the Purdue Enterprise Reference Architecture (PERA) model, dramatically increasing organizational risk of malware infections and attacks by malicious actors. The stakes are even higher when the equipment you’re protecting is used for medical care. From an IT security perspective, you can’t treat a patient monitor or ventilator the same way you treat an HVAC controller.

When we learned about Ordr and its approach to securing IoT devices in these complex environments, we were intrigued. It was important to us that they are a Check Point integration partner with a strong, stable organization and track record of success. Our experience with the Ordr Systems Control Engine (SCE) has been great, so when we had a chance to evaluate Ordr’s IoT Discovery Program, a complete kit of zero-touch, cloud-managed IoT sensor and Ordr Core software, we were on board.

Ordr Core Lives Up to the Claim
Ordr Core quickly and easily discovers the full extent of an organization’s IoT asset inventory, allowing us to automatically populate the customer’s configuration management database (CMDB) with the profile of every device connected to the network. From there we can automatically generate and enforce appropriate policy based on device risk.

Ordr Core has already become an indispensable tool for us to see into the customer’s environment, control the chaos, and implement complex security strategies like device segmentation at a level of granularity that was unattainable before.

Every time we run Ordr Core in a customer environment, or when evaluating prospective engagements, we find devices that were unknown to the CIO and CISO. Often these are older devices that had fallen out of view and were forgotten, but we also find unauthorized devices like consumer electronics that have no business being on the network in the first place.

Discover, Profile, Evaluate, Protect
Once Ordr Core discovers these devices, we are able to profile them and observe things like communications flow, and identify and evaluate the inventory of legacy devices. It’s easy to forget that, while the IoT market is in the midst of a renaissance, networked controls and sensors have been in use for decades. Many organizations rely on equipment that was made by companies that no longer exist, or that operates with obsolete operating systems or firmware that cannot be patched. All of this is easily understood by Ordr, and it gives us a clear view into the health, availability, and risk of the network and allows us to close a security gap that network access controls can’t handle natively.

Ordr Core gives Cadre a competitive advantage with the ability to see across the entire IoT estate and derive insights that were not available before. We know there’s no slowdown in sight for the adoption of IoT, and every organization that relies on them has a compelling need to control and protect each device to keep it from becoming a point of entry for malicious actors.

If you’d like to see what your IoT environment looks like and take informed action to address the vulnerabilities you knew were there but couldn’t find, you can request your free zero-touch, self-provisioning Ordr Core sensor here: https://ordr.net/iot-discovery-program-cadre-information-security/.

Early in my career, a mentor of mine said, “you either participate in this [connected] world, or you don’t. There is no middle area.” We were discussing social applications and the volume of data that is shared both professionally (what tools your team uses) and personally (where you live, what you consume, your preferences, etc.). When I think back to that conversation, which I remember vividly as a turning point in how I view data, I am reminded that the same principle applies to the devices that carry sensitive data. Which, inevitably brings us to this week, where we focus on National Cybersecurity Awareness Month’s (NSCAM) theme of, “If You Connect It, Protect It”.

This week’s theme description:

If you connect it, protect it. The line between our online and offline lives is indistinguishable. This network of connections creates both opportunities and challenges for individuals and organizations across the globe. The first week of Cybersecurity Awareness Month will highlight the ways in which internet-connected devices have impacted our lives and will empower all users to own their role in security by taking steps to reduce their risks. 

You Either Have [Connected] Devices, Or You Don’t 

In full realization of the fact that not all devices are created with the same intent, all devices are created with the purpose of solving for a want or need. One thing that most devices are not created with is security-in-mind. Connect devices often come with default passwords that go unchanged, have outdated operating systems, and are sending data via insecure protocols. Whether is it a personal device (ie. cell phone, smart watch, etc.) or devices that you have in your office (ie. MRI machines, HVAC controls, workstations, etc.), they all must be accounted for, risks must be known, and high-risk and vulnerable devices must be secured properly.

Steps to securing your IoT devices: 

  1. Have an accurate inventory of all connected devices – you can’t protect what you don’t know about, therefore security starts with granular visibility of all your devices. This is a challenge for organizations because these devices are sometimes offline, they connect via wired and wireless networks, and they are sometimes procured and managed by users outside the purview of security. Accurate asset inventory includes not only an understanding of details such as make, model, serial number and location, but also associated vulnerabilities and recalls.
  2. Understand how those devices are behaving – to secure IoT devices, you need to understand what “good behavior” looks like. This allows you to baseline what normal patterns of communications look like in your specific environment, so you can identify anomalous and malicious patterns such as C2 communications or abnormal RDP/SMB lateral movement.
  3. Automate the appropriate response for securing devices on your network – with a complete inventory and understanding of how the devices are behaving on your network, you can automation action to enforce proactive segmentation policies or trigger the appropriate workflows (CMMS, CMDB, IR, etc.)

This week’s theme, “If You Connect It, Protect It” fits well with the Ordr mission of protecting all connected devices and creating a safer network infrastructure. Recently, we began an IoT Discovery Program that allows you to:

  • Gain high-fidelity visibility into devices that you may not know are in your network
  • Understand risks including communication patterns and vulnerabilities
  • Discover usage patterns for your devices
  • Map these devices to your Layer 2 and Layer 3 architecture
  • Identify appropriate segmentation policies to secure your devices

If you feel this program would be a good fit for your organization, register here: https://ordr.net/sensor/

Through the Cybersecurity Awareness month of October, we will be releasing a set of blogs to focus on weekly topics. Next Tuesday, catch our blog on “Securing Devices at Home and Work”.

While watching Keith Whitby, Section Head of Healthcare Technology Management Cybersecurity and Operations at Mayo Clinic, and Pandian Gnanaprakasam, Chief Product Officer at Ordr, discuss strategies for securing connected devices and HIoT in a recent webinar, I found the following to be insightful information that you can apply to your organization’s cybersecurity efforts.

Gaps in Medical Device Security

One of the first steps in securing IoMT and HIoT devices is accounting for the gaps in medical device security. Evaluating equipment coming in, understanding the security risks related to those, and building a plan of mitigating controls that should be applied to equipment are all important aspects of device security, but they must be operationalized.

At Mayo Clinic, previous security assessments were done on an asset by asset basis. This lack of operational framework limited the implementation of device security procedures. Once Mayo Clinic created a standardized process across the organization, the framework could be followed for all medical equipment and new IoT and OT devices.

The Unique Nature of Medical Devices and HIoT

Medical equipment, systems and HIoT are different from standard IoT and IT systems. Hospitals must follow regulatory guidelines from the U.S. Food and Drug Administration (FDA), College of American Pathologists (CAP) and Joint Commission on Accreditation of Healthcare Organizations (JCAHO), while medical devices in physicians’ offices do not have to follow the same rules. HloT devices come with their own unique challenges, from unsupported devices to service keys being required.

Security Challenges: Size and Scope

Medical organizations can span large geographical areas, including multiple states and hundreds of buildings. They can also have tens of thousands of connected medical devices, hundreds of vendors and thousands of models. The magnitude of medical device networks challenges IT teams to efficiently secure many devices at once. Networks of devices can have inventory discrepancies, and mismatched data from their CMMS and NAC.

Medical devices have complex systems that require intensive work to patch and manage vulnerabilities. Part of the process of setting a framework for securing HIoT devices involves figuring out who will be implementing security standards and applications. HIot devices need both specially trained IT technicians and unique applications to deploy security solutions.

Mayo Clinic: HTM Role in Cybersecurity

At Mayo Clinic, the cybersecurity team in Healthcare Technology Management is the operational arm of IT. The team has developed a structured system and standardized approach to securing medical equipment and HIoT systems. They ensure equipment meets organizational and cybersecurity requirements throughout its lifecycle.

  • Core Team: Mayo Clinic’s Core Team of HTM Cybersecurity developed a security framework for IoT and HIoT based on National Institute of Standards and Technology (NIST) and Association for the Advancement of Medical Instrumentation (AAMI) standards. They also developed a HTM vulnerability management program guide, so that when a vulnerability is found, there is a clear process for remediation.
  • Information Security Engineers: Besides technicians, the HTM team also has HTM associate infosec engineers, who create vulnerability management procedures, apply controls to medical devices and add new equipment to Mayo’s network.
  • SPAD: The Security, Privacy, Architecture, Data team, or Security Assessment Team manages medical device purchases, device intake assessments, and helps to construct security lifecycle profiles at Mayo Clinic.

Cybersecurity Execution

Over the past two years, the HTM Cybersecurity Program has added significant security value, improving intake process efficiency, establishing an algorithm to calculate and track security risks, and more.

Mayo Clinic developed their IoT/HIoT device security through proactive security, building upon multiple areas of cybersecurity, including:

  • Policy & Process: Setting device security standards and leveraging known security incidents, regulatory compliance as well as internal audit observations
  • Lifecycle Profile: Addressing security issues within the equipment lifecycle, creating Security Lifecycle Profiles that provide a roadmap for device security and management from the pre-purchase stage to decommissioning
  • Tools Deployment: Creating a security specific manual for devices, documenting what tools need to be deployed for different device types and models
  • Fleet Risk Assessment: Adopting a fleet approach rather than device by device security
  • Vulnerability Management: Maintaining device security, tracking vulnerabilities and prioritizing remediation
  • SPAD: Initial intake triage and categorization of hardware and software, and routing those devices to the appropriate review groups
  • Patch Management: Deploying a medical device patch installation automation utility tool
  • Training & Industry workgroups: Participating in industry workgroups to contribute medical device security knowledge

How Ordr Can Help

Mayo Clinic identified Ordr as a key tool to execute and automate security operations. Ordr is able to improve data quality for asset inventory, detect networked devices, classify devices, provide insights into connected device actions and help micro-segmentation efforts.

The Ordr Systems Control Engine (SCE) gives organizations the power to enable visibility and security of their network-connected devices, with a simple and powerful solution to identify, classify, profile the behavior and risk and automate action for every network-connected device in the enterprise. To learn more about how Ordr can enable an effective IoT security strategy for your organization, request a demo.

Watch the full Ordr and Mayo Clinic webinar here:

Mayo Clinic Efforts to Secure Connected Devices and HIoT