Ordr Announces Integration with ServiceNow Vulnerability Response Read more here!

Ordr

Request a Demo Search

Category: Integration

Overview

Enterprises are a complex mix of devices, applications, and data, and the speed at which they are changing is growing exponentially. Look just about anywhere in the modern technology estate and you’re bound to find connected devices that either didn’t exist or weren’t designed to connect to the network even five years ago. Modernization and digital transformation are major factors that have driven the demand to connect more things to networks in an effort to collect and exchange data and enable new services. And as innovation continues apace, we can expect to see further escalation in the numbers and kinds of devices that connect to the network.

With all the benefits of connected devices comes a slew of new challenges when it comes to managing and securing them, especially when you consider that many operate undetected by IT operations. Ordr’s own analysis of environments in which our technology has been deployed shows that as many as 15% of devices discovered were previously unknown by the enterprise. That is a significant visibility gap that equates to a significant risk gap. As we hear over and over again from CISOs, “I can’t protect what I can’t see, but I’m still responsible for it.”

One Big Challenge

What can IT and security leaders do to meet the challenges and keep their enterprises safe from cyberthreats? Automation is key to keeping pace with the speed of growth and change because automation helps organizations scale and keep up with demands. The key is not just in maintaining scale, however, but in collecting and analyzing quality data in real time. This is especially true when it comes to security. Without complete and accurate data, automation is arguably useless. Rather than paving the way to precise and timely action, bad data creates speed bumps and even roadblocks that require manual verification and thus impede rapid decision making.

I can’t protect what I can’t see, but I’m still responsible for it.” – Every CISO, Every Enterprise

One big challenge to ingesting accurate, timely data is in discovering and keeping track of everything that’s connected to the network. In a self-serve IT paradigm, many devices connect outside the view of IT management. Many devices are not capable of being monitored and managed with traditional methods such as active scanning and agents. Sometimes devices can get lost when changes or updates render their agents obsolete or ineffective. And as organizations grow, these issues compound.

Legacy monitoring and tools are not designed to meet today’s challenges because you can’t take advantage of automation if you can’t trust your data. Therefore, it is essential to acquire the means to see, know, and secure every connected device, collect the data associated with each device’s operations, and use that data to generate the security and operational intelligence needed to maintain fast, safe, and efficient operations.

How Ordr Helps

IT and security leaders require a purpose built tool to ensure they have the complete and accurate operational data they need to fill in the blanks left by legacy tools that depend on agents or active scanning. This all starts with the ability to discover the millions of unmanageable network-connected devices in operation in today’s industrial, medical, retail, financial, and other environments. That’s where Ordr comes into play. The Ordr Connected Device Security Platform is engineered to automatically discover, identify, classify, monitor, identify vulnerabilities and assess the risk of every device connected to the network. Here’s how.

Connected device discovery starts by analyzing network traffic. If it connects to the network Ordr will find it, and once we do, we keep it in view. But it’s not enough to simply know a device is there. You need to know what it is going beyond merely collecting its MAC and IP address and instead gain detailed information about the device, the role it plays, and how it is expected to operate under normal conditions to deliver services. Ordr maintains an extensive library of millions of different device types–the Ordr Data Lake–with detailed information on each. That information includes deep insights into known vulnerabilities, FDA recalls, and other data critical to understanding the device’s risk profile and to recognizing when conditions change that put the device and the enterprise in danger of exploitation.

The value of the information Ordr has in the Ordr Data Lake, and that we collect from devices in real-time, is maximized by our extensive list of technology integrations that enable bi-directional data feeds to support other critical security and operational functions. That includes our tight integration with ServiceNow’s Service Graph Connector, configuration management database (CMDB), IT service management (ITSM), and our latest integration with Vulnerability Response. The real-time operational data we collect is used to populate the ServiceNow CMDB and enable workflows in ITSM and Vulnerability Response platforms to ensure the most accurate IT operations automations possible. And from a cybersecurity perspective, maintaining a closed loop of data flow with ServiceNow Vulnerability Response ensures an organization’s security team maintains visibility and status of the attack surface, including any vulnerabilities associated with devices operating in the network.

Closing Visibility Gaps

The bidirectional Vulnerability Response Integration with Ordr, certified by ServiceNow Engineering and available in the ServiceNow Store, closes visibility gaps and provides vulnerability insights for all connected devices including those not supported by endpoint agents or active scanning. Using passive methods, Ordr collects operating system and software details, and vulnerability details including severity for all devices. This information is sent to ServiceNow Vulnerability Response so teams can leverage accurate data to optimize and accelerate vulnerability management tasks and reduce risk.

Combined with Ordr collected device context and vulnerability data from multiple industry and threat intelligence sources, the Ordr-ServiceNow integration delivers a complete, rich, and single view of device vulnerabilities and risk, while providing the data needed to automate dynamic policy creation and efficient enforcement of mitigations as well as rapid incident response actions. Here’s how it works:

  • Ordr automatically identifies and gathers granular details including vulnerabilities for every managed and unmanaged device connected to the network.
  • Ordr uses passive methods and does not impact device services to identify every device and collect granular details including vulnerability information for every connected device.
  • Ordr Software Inventory Collector, gathers details of applications and application patch levels for all devices including unmanaged devices.
  • ServiceNow Vulnerability response pulls vulnerability information from Ordr for all managed and unmanaged devices.
  • Vulnerability status is maintained across both platforms leveraging bidirectional integration.

This complements other Ordr integrations with ServiceNow to provide ServiceNow customers with comprehensive and accurate details of all managed and unmanaged devices in their environment to enable organizations to take full advantage of ServiceNow automation and orchestration capabilities.

  • ServiceNow Service Graph Connector – to enable the exchange of granular and accurate device data at scale between the Ordr and ServiceNow platforms.
  • ServiceNow CMDB – for a centralized, comprehensive, accurate, and up-to-date asset inventory.
  • ServiceNow ITSM – to enrich and accelerate IT workflows with accurate and up-to-date asset details.

ServiceNow VR + Ordr Means Less Risk

Because the Ordr integration with ServiceNow Vulnerability Response enables organizations to fill in visibility gaps with comprehensive device vulnerability details and combine device data from multiple sources, enterprises are safer from threat actors actively working to exploit weaknesses in enterprise security. And because we use passive methods, device performance is not affected, meaning even an organization’s most sensitive and critical devices are protected with no impact to services or patient safety.

To learn more about Ordr’s integration with ServiceNow Vulnerability Response, Service Graph Connector, CMDB, and ITSM solutions, check out ServiceNow on our partners page.

Today’s tech-dependent enterprises are no strangers to change. Our customers’ experiences demonstrate that familiarity daily. Whether they operate in healthcare, financial services, manufacturing, education, or government, they must contend with a constantly evolving infrastructure within their organizations, and constantly evolving threats from the outside. On top of that are the regulations and evolving business standards and practices that influence day-to-day operations.

Embracing digital transformation for all its benefits means buckling in for a bumpy ride—bumpier for some industries than others. Digital transformation expands an organization’s capabilities and opportunities, but it takes effort. In healthcare, for example, I recently stumbled on an interesting report stating that only 16% of healthcare providers are in the “win zone,” meeting their transformation goals and driving sustainable change. The average across other industries is over 30%. That figure may be discouraging, but it is absolutely understandable, and organizations in healthcare as well as other industries can learn a lot from the experiences of their peers.

High Risks, Big Rewards

Using technology to improve patient care and operations sounds simple, but it is a complex endeavor that takes herculean effort. The pandemic briefly diverted attention away from long-term planning, but most health delivery organizations (HDOs) and other enterprises are back to addressing their plans and priorities. They are beginning to switch back from being reactive to a proactive mode. And with good reason.

Although high stakes, high costs, and risk aversion have discouraged many in the healthcare industry and beyond from fully embracing digital transformation, the rewards are too great to ignore. And the threats, expectations and competition all organizations face are not standing still. Done well, digital transformation delivers benefits that outweigh the risks and so, for those that have been reluctant to act, the time to embrace digital transformation is now.

What’s Fueling this New Wave of Transformation?

Over the years, every organization I have worked with—no matter how big or small—boils down their core priorities to three essential goals:

  • Protecting people and the network
  • Preserving service availability
  • Improving operational efficiency

Those goals never change, even when the tools and strategies for achieving them do. And what’s more, they are transferable to other contexts as well: keeping manufacturing equipment operational and staff safe on the shop floor, preserving service availability for financial transactions, maintaining the operational efficiency of constituent services, etc. Consistent with these goals, here are some key initiatives and capabilities that are driving this new wave of transformation and pushing the boundaries of operational potential.

  • Remote workforce support (i.e., work from home);
  • Remote facility, branch, and clinic operations;
  • Contractor and equipment maintenance support and outsourcing;
  • Data center transformation and migration to hybrid cloud;
  • Digital supply chain enablement; and,
  • Mergers and acquisitions.

These use cases show how, more and more, connected devices are integral to fulfilling an organization’s mission. And as the inventory of connected devices expands—including the Internet of Things (IoT), Internet of Medical Things (IoMT), operational technologies (OT), mobile, and other devices—those deployments reflect the evolution of the technology. Assets that were once under tight control, on-premises and behind the firewall, are now expanding and connecting beyond traditional boundaries, across multiple network dimensions, and outside of the view and control of IT.

Here are some examples:

  • Access from Any Device – IT, IoT, IoMT, OT, IoXT.
  • Access from Anywhere – remote sites, remote workers, telemedicine.
  • Deployed Anywhere – private and public cloud, virtualized data centers.
  • Modern Apps/Mobile Apps – XaaS, training, collaboration, any device-anywhere-any deployment support.
  • Ecosystem – third party apps, supply chain access, mergers and acquisitions.

What Keeps the CXOs Up at Night?

IT leaders tasked with driving new digital transformation initiatives understand that success goes well beyond merely integrating new technologies and getting them up and running. Enjoying the multitude of benefits that can follow the completion of a technology refresh comes with many elements contributing to the pucker factor that keeps a CXO awake at night. An expanded and expanding attack surface is at the heart of this unease. Acknowledging that fact, and the factors that play into those concerns, is the first step in planning for and addressing them during the transformation process, rather than promising yourself that you’ll “get to it eventually.” Some pucker factors are reflected in several troubling trends.

Surge in Ransomware Attacks

Ransomware attacks are now more frequent, sophisticated, and severe than ever—and getting worse. Attackers know that many organizations will pay huge ransoms because costs associated with downtime and operational disruption may be even higher than what attackers demand. In healthcare, disruptions caused by ransomware can have life and death consequences.

Prevention is the best way to deal with the ransomware threat, but old school methods simply don’t work. Prevention demands accurate and timely detection, and response automation that can block an attack from progressing to its target destination. You need a way to detect ransomware early, before it has encrypted your organization’s files, because then it’s too late to take effective action.

State-Sponsored Attacks

Adversarial nation states have become adept at using the ambiguity of cyberwarfare to launch attacks on critical infrastructure and economic targets, as well as organizations that hold valuable intellectual property. The tools and methods developed for these campaigns are rarely confined to a limited set of organizations either, as sowing chaos is part of the strategy.

For example, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and Treasury Department issued a joint advisory about North Korean Maui ransomware targeting the healthcare industry. Similarly, Russian threat actors have been hard at work compromising connected devices and using them as a platform for attacks, including data exfiltration after establishing communications with command-and-control servers in Russia.

Digital Supply Chain Security

Digital supply chains that allow for remote and automated service between organizations have been a boon for operational efficiency—and for threat actors able to compromise those connections for their own ends. The SolarWinds Orion attack targeting U.S. federal agencies and commercial enterprises illustrated how damaging supply chain attacks can be.

Vulnerable SolarWinds servers sitting inside agency and corporate networks, operating with privileged access to IT systems, proved to be a gold mine for hackers to exploit and get whatever data they need, including high level state and military secrets.

Shadow IoT

One big security challenge faced by enterprises today is the presence of connected devices on their networks operating outside the view of IT security and operations. Known as “shadow IoT,” these devices epitomize the mantra you can’t protect what you can’t see. A recent Five Fifty report by McKinsey highlights the risk of the proliferation of devices connecting to the network as shadow IoT (such as the infamous hack of a casino using a connected aquarium thermometer as the vector of attack) and lack of readiness for most organizations.

Often these systems operate with outdated OSes, are unpatched, and unmanaged. Without proper onboarding—or a security platform able to detect, identify, profile, and monitor any device that connects to the network—any organization with shadow IoT operating within its IT estate is at risk of an attack.

How Ordr Helps Enable Secure Digital Transformation

Ordr’s mantra from the beginning has been to enable our customers to SEE, KNOW, and SECURE every device that is connected to their organization. To do this, we establish the most comprehensive and accurate single source of connected device truth in the Ordr Data Lake for each of our customers. This starts with automatically discovering and accurately classifying every connected device because you can’t secure what you can’t see.

From this foundation of visibility Ordr provides a complete view of the connected device attack surface including how devices are connected and communicating, which devices are vulnerable, and the unique risk each device represents in the environment.

Integrations across the security, networking, and IT ecosystem are integral to the Ordr solution. These integrations enhance the already rich view Ordr has of connected devices by centralizing additional data points and device details. A good example of this are the recent integrations with Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) platforms in the recent Ordr 8.2 release.

Integrations also enable Ordr to enrich the tools and workflows used every day and improve how teams manage and secure devices. An example here is the recent integration with the ServiceNow Service Graph Connector to help customers ensure the data in their CMDB is complete, up to date, and accurate. Another example is how Ordr device insights are used to optimize vulnerability scanning with Qualys.

Integrations also help teams take action to address vulnerabilities, respond to active threats, proactively improve protections, and ultimately reduce risk. Ordr automates the creation of security policies and enforces those policies by integrating with a customer’s existing security and network infrastructure. With this approach Ordr customers are able to quickly block attacks, quarantine compromises devices, segment vulnerable devices, and accelerate Zero Trust projects to proactively improve security.

We continue to drive innovations across the Ordr platform and expand with integrations across the security, networking, and IT ecosystem to provide our customers with a single source of truth for all their connected devices. Reach out for a demo and to learn how Ordr can help you SEE, KNOW, and SECURE, all your connected devices.

The HIMSS 2023 conference kicks off this week in Chicago, Illinois from April 17 – April 21 2023. This year’s theme is on “Health that connects” and “Tech that cares”. We’re excited to be sharing best practices on securing connected devices in healthcare, implementing Zero Trust segmentation and accelerating medical device security programs. You won’t want to miss hearing directly from our customers including J.D. Whitlock, CIO of Dayton Children’s and Keith Whitby, Division Chair, HTM, from Mayo Clinic in our speaking sessions. We also have a lot of partner activities. Check out everything we’re doing at HIMSS here.

Connect with Us

Join us for demos and discussions with our product experts at our Booth #4333. Book a 1-1 meeting for a deep dive into how we address critical use cases. Attend our speaking sessions.

Accelerating Your Medical Device Security Program

  • Speakers: Keith Whitby, Division Chair, HTM, Mayo Clinic and Jim Hyman, CEO, Ordr
  • When: Wednesday, April 19, 2023, 11:30 am CDT
  • Where: McCormick Center, South Building, Level 1, S105 C

This session is one of eighteen HIMSS CXO Experience endorsed sessions, and one of fourteen sessions that are a part of the HIMSS 23 Digital Health Transformation Series.

Zero Trust in Healthcare is Not an All Or Nothing Option

  • Speaker: Danelle Au, CMO, Ordr
  • When: Monday, April 17, 2023, 10:30 am CDT
  • Where: McCormick Center, South Building, Level 1, S102

Practical Approach to Securing Every Connected Device in Healthcare

  • Speaker: Darrell Kesti, VP Sales, Ordr
  • When: Tuesday, April 18, 2023, 1:15 pm CDT
  • Where: McCormick Center, South Building, Level 2, Hall A, Booth 4309-4333, Cybersecurity Command Center – Theater B

Better Together With Ordr and Our Partners

As an industry, and particularly in a highly targeted vertical like healthcare, we are stronger and better together when we collaborate. We are proud to work with so healthcare, networking and security partners. See first-hand our strong partner integrations with Cisco, Cisco Meraki, ServiceNow, Fortinet, and others at HIMSS:

Cisco:

  • Check out Ordr and Cisco Integrations at the Security Workstation in Cisco (Booth 2225) from April 18-20th in the afternoons
  • Attend our Fireside Chat with CIO J.D Whitlock on Zero Trust on Tuesday April 18th
  • An Ordr and Cisco “Happy Hour” will be held in the booth at 4:00 pm CDT immediately following this fireside chat.

Sodexo:

Sodexo will feature their HTM Cybersecurity managed services powered by Ordr on April 18th, 2023 from 2:30 – 3:30 pm CDT (Booth 8315)

GE HealthCare:

GE HealthCare will feature their ReadySee services offering powered by Ordr (Booth 1712)

ServiceNow:

  • Participate in our ServiceNow partner Bingo Card that will include a visit to the Ordr Booth
  • Attend our speaking session on our integration – “Maintain an Accurate, Real-time Asset Inventory with Ordr and ServiceNow”
    • Speaker: Srinivas Loke, VP Product Management, Ordr
    • When: Wednesday, April 19, 2023, 4:00 pm CDT
    • Where: McCormick Center, ServiceNow Booth3609

CrowdStrike:

Visit an Ordr demo station to see CrowdStrike and Ordr integration up close at Booth#4332

We can’t wait to see you in person!

Great news! Ordr just announced the availability of the Service Graph Connector for Ordr in the ServiceNow Store. This integration is exciting for our customers, who can now maintain an up-to-date system of record for all assets so organizations can operate efficiently, react quickly, and manage risks more effectively.

Service Graph Connector for Ordr now available in the ServiceNow Store

Ordr provides the most comprehensive, accurate, real-time inventory of connected assets as a single source of truth. As the threat surface continuously evolves and expands, it is critical to ensure asset inventories are complete and provide the context to address risk proactively and reactively. With ServiceNow and Ordr’s bidirectional integration, Ordr’s device, network, and risk context are combined with the business context of ServiceNow. And the new Service Graph Connector for Ordr makes the integration more manageable and robust.

You now get a robust, most comprehensive, accurate real-time inventory of connected assets—from traditional IT to IoT, IoMT, and OT — and their risks in the ServiceNow Configuration Management Database (CMDB) to optimize enterprise-wide workflows and assess and manage risks.

Top Ten Security Risks of Incomplete and Outdated Asset Inventories

As given below, there are significant entry points that cybercriminals can exploit. With the combination of Ordr and ServiceNow, security and IT teams can identify and mitigate the following asset risks.

  1. Banned Equipment (Section 889)
    To protect national security, the federal government bans products manufactured by prohibited companies such as Kaspersky, Huawei, and Hikvision. These banned products can have vulnerabilities if exploited, resulting in the loss of intellectual property. The mandate covers new procurement and requires reporting within one business day if any prohibited asset is discovered in inventory.
  1. Unauthorized Devices
    Every unauthorized device that bypasses IT and operational tools and connects to a corporate network will expand the attack surface and could introduce significant risk. When the flash news of new vulnerabilities impacting corporate tools is announced, tracking all those instances of the compromised device can be challenging. This can include devices used in production and increasingly non-production or POV (Proof of Value) environments. The combination of Ordr and ServiceNow can proactively detect devices that can access other corporate servers and other precious devices and remove them from the network after the trial period.
  1. Orphaned/Missing Devices
    Maintaining good asset hygiene is always a best practice for improving security posture. It is critical to ensure that all assets registered and recorded by the procurement team are tracked and compared against all the devices connecting to the network. Any gaps should be reconciled proactively before it results in security concerns.
  1. Manufacturer Recall / FDA Recall
    Manufacturers may issue recall notices and security bulletins for significant vulnerabilities discovered. This is prevalent in regulated industries with mission-critical medical and industrial equipment devices. Similarly, from a federal regulation perspective, there can be recalls for sensitive equipment such as medical devices. Ordr can collate all recall announcements from multiple sources and tag all devices impacted; this context can be shared with ServiceNow.
  1. Default Credentials
    Business groups typically install IoT devices such as cameras in batches. The person responsible for the installation is usually not technical and often needs to gain knowledge or experience to change default passwords. It is unrealistic, if not impossible, to have a process to choose multiple unique passwords for physical security cameras when hundreds to thousands are going up in the ceiling. Think of the risk when hundreds of devices default to “Password1”. These passwords are not rotated periodically using over-the-air methods, like a password policy that enforces periodic password changes for laptops and desktops. An asset management system that combines the Ordr “default password discovery” feature with ServiceNow CMDB can alert administrators to update the credentials associated with these devices.
  1. Rogue Wireless/Switches that are bridging traffic to the internet (5G/LTE/Guest Wi-Fi)
    Unauthorized devices usually connect to a corporate open port and a set of devices using a daisy chain mechanism. Suppose the consumer-grade switches/routers come with LTE or link to the Guest Wi-Fi network. In this case, taking corporate data and exfiltrating without going through all the border controls exercised by firewalls becomes easier. It is a vast attack surface. Even when a good asset management and visibility solution is implemented, one needs a sophisticated tool to understand this daisy chain mechanism throughout the network to keep an exact list of these devices and implement a solution to eliminate them. An asset management system must integrate with a sophisticated visibility tool to detect and eliminate these daisy chain devices; this is why the Ordr and ServiceNow integration is so powerful.
  1. Non-Compliant Devices
    When a corporate Antivirus (AV)/Endpoint Detection Response (EDR) policy mandates that all IT endpoints (e.g., laptops, mobile, desktops) need to have a robust agent/software installed, it is not easy to audit all the devices and pull a list of those that do not have the required software installed. One step further than that is how challenging it is to ensure all those EDR agents are continuously running and receiving updates periodically to detect and thwart the latest attacks.Expired Certificates: We have all experienced how frantic it is to fix a certificate issue when a critical server stops working with expired certs. With a good asset management strategy, corporate IT can track all certificate expirations and implement a plan to address them periodically. Both these insights are readily available with Ordr and can be shared with ServiceNow.
  1. Local User Accounts without Domain Joins
    All users accessing a system must be part of Windows Active Directory (AD), if possible. This is especially critical in the case of older Windows machines that usually have a lot of unpatched vulnerabilities. Even if the device is part of the domain controller, sometimes operators can create local users on these machines. This practice must be watched closely, and a list of all locally-made user accounts must be extracted and reported continuously. When hackers create local user accounts and leave them dormant for later exploitation, it is easy to identify and remove those inactive accounts and fix the machines with malware infections.
  1. End-of-Life / Outdated OS
    Assets running end-of-life and outdated operating systems pose a significant risk to the organization. The first step is to identify these end-of-life devices. This can be a struggle without a solution like Ordr and ServiceNow that not only delivers accurate real-time inventory but now extends visibility to IoT, IoMT, and OT devices that often have longer operating cycles than traditional IT endpoints.Note that upgrading all devices running end-of-life or outdated OS is a logical way to address potential risks. But upgrading these devices in regulated industries such as healthcare, manufacturing, and banking might not be possible due to backward compatibility issues. In some cases, an update to a device will trigger the need to re-certify the device with federal regulators. For all these cases, it is prudent to have a segmentation strategy to isolate outdated and at-risk devices from other parts of your environment, which could get be easily accomplished with Ordr’s behavioral baselining and automated Zero Trust policies.
  1. Unpatched Devices Vulnerable to Exploitation
    This is the most important reason one should embark on an asset management strategy to get an accurate view of all connected devices and their associated details. An asset management strategy must include identifying operating system (OS) versions and patch levels for each connected device. This makes it easy to highlight the exact CVEs (Common Vulnerabilities and Exposures) that are still open and vulnerable that a potential hacker could exploit. Having this list as a work item and tracking how the patching for these devices is progressing is one of the most foundational aspects of cyber security an organization can initiate.

Asset Management Aligned to Risk Reduction

An incomplete and inaccurate asset inventory poses many risks. The risks can extend from non-compliance to safety and regulatory concerns. On top of that, add the problems of security breaches, which can cause high financial and reputation costs to organizations.

Understanding your attack surface by implementing a robust asset management strategy that identifies and closely tracks vulnerabilities and threats from the entire asset universe of IT, OT, IoT, ICS, BMS, and IoMT (Internet of Medical Things) will minimize the risk imposed on an organization. We are proud to offer the Service Graph Connector for Ordr to help customers achieve the comprehensive and accurate asset inventory they need to simplify workflows, improve security, and accelerate incident response.

The Boy Who Cried Wolf is a story we’ve all heard many times in our lives.  It’s a story that originated in ancient Greece, an original fable of Aesop.    It’s been told many millions of times, in countless languages and undoubtedly with endless cultural variations.  Yet the core message of the fable remains: repeating false or hyperbolic threat information repeatedly serves to diminish significantly the response to the threat with each retelling; eventually and predictably, responses simply cease – creating a situation of great peril when actual danger appears.  The fable is thousands of years old, but its message is startlingly applicable for today’s enterprise IT and security teams.

In the modern enterprise, teams are presented with an exaggerated array of hysterical alarms and alerts on which they are expected to act – yet few have the time and resources to actually do so effectively. And with the high probability of false alarms coming from multiple applications at a rapid pace, it is increasingly difficult to effectively identify and prioritize those that need immediate response.  Even more concerning, staff resources are overwhelmed with addressing and assessing these alerts, reducing their ability to respond with urgency to every real threat. The alerts can become noise, and the entire enterprise is put at great risk.

Couple this fact with the explosion in quantity and heterogeneity of network-connected devices – the Hyper-Connected Enterprise– and it’s clear that we’re at an important tipping point in enterprise network security.  Traditional agent-based and human-generated security models simply cannot scale.  And the answer, despite what every new threat detection vendor tells you, is not in deploying more systems that create more alerts and further tax your already depleted resources.

The answer is, however, quite simple:  take control of the intelligent security infrastructure you already have, and utilize it to regulate and protect your network on your terms.

We’re proud to introduce the Ordr Systems Control Engine (SCE) app now available on Cortex™ by Palo Alto Networks.  In just a few minutes of configuration, Palo Alto Networks customers can begin to implement comprehensive, agentless security policies that utilize their best-in-class Palo Alto Networks Next-Generation Firewall infrastructure to regulate and protect every device connected to their enterprise network.  These policies can improve the perimeter protection of the enterprise by utilizing Palo Alto Networks next-generation firewalls at the network edge, and can significantly increase the security of the entire network – and prevent any East/West propagation of nefarious activity – by utilizing additional Palo Alto Networks next-generation firewalls inside the network protecting critical assets.  This AI-based policy automation and implementation can also segment and protect systems and processes by function, keeping facilities and physical security devices separate from the business-critical data infrastructure, for example.

The cloud-based Ordr SCE app seamlessly and immediately – without the need for any additional hardware such as sensors or analyzers – taps into the massive Cortex Data Lake to automatically identify and classify every device connected to your infrastructure.  Every device, such as IP cameras, HVAC control systems, access badge scanners, self-service kiosks, digital signage, infusion pumps, CT scanners, manufacturing control systems, barcode scanners…EVERY device.  Even the devices that find their way into your environment without your knowledge, like popular employee-owned devices such as Amazon Echo and Apple iPad.  The quantity and variety of these devices is almost unimaginable in the enterprise today…and it’s going to grow by orders of magnitude into the future.

The Ordr SCE not only identifies every device, it provides incredible granularity on exactly what every device is and precisely what each is doing.  We call this mapping the Device Flow Genome, a collection of incredibly valuable data that gives you the power to intelligently design and implement policies that are essential to the security of your organization.

Once you have this level of detail on what’s connected to your network, and what each is doing – and should be doing – the Ordr SCE gives you the power to take control of this vast array of devices to ensure effective protection today and into the future.  The Ordr SCE gives you powerful policy automation to regulate the behavior of every class of device so none are able to communicate in such manner – either inside or outside of your network – that exposes them to risk and vulnerability. And the Ordr SCE gives you the power to fully secure each class of device by implementing micro-segmentation and threat remediation policies with sophisticated and actionable artificial intelligence.

All without any software on or need to physically touch the connected devices. All utilizing the best-of-breed Palo Alto Networks next-generation firewall infrastructure you already have.  All with the power of Cortex, the industry’s only open and integrated AI-based continuous security platform.

Take Control.  Visit the Cortex hub today to learn more about the Ordr Systems Control Engine app.  Or contact us for more information or to schedule a 30 minute demo.