Ordr Announces Integration with ServiceNow Vulnerability Response Read more here!

If Ralph Waldo Emerson had been a CISO and not a poet, he might have said, “Like life, Zero Trust is not a destination, but a journey.” And he’d be right, of course. For all the love Zero Trust has gotten from zealous marketers who promise that an investment in their cybersecurity product will deliver Zero Trust, the fact is that enterprises are far too dynamic for any one product to achieve that state. In fact, Zero Trust is not a static state, but an ideal that must be as dynamic as the environment in which it prevails.

Dynamic Environment, Dynamic Tool

When Ordr talks about Zero Trust, it is within the context of the challenges of protecting organizations that are increasingly reliant on connected devices to manage and run their operations. Devices within the domains of the Internet of things (IoT), Internet of medical things (IoMT), and operational technology (OT) are, by their nature, dynamic. They connect to and disconnect from networks often, finding a home where they are needed. They move around and increase an enterprise’s attack surface as they aggregate and grow in number. That kind of changeability and complexity requires a security platform like Ordr that has the speed and intelligence to discover, identify, and secure every device operating in the network.

According to the FBI, healthcare was the industry most targeted by ransomware gangs in 2021.

This is especially important for healthcare organizations that rely on IoT, IoMT, and OT devices to manage their facilities and provide a high level of care to patients. These devices gather data, provide diagnostics and therapeutic functions, and automate activity at all levels. But those devices also expand the attack surface of the organizations that deploy them, and threat actors have been taking advantage. According to the FBI, healthcare was the industry most targeted by ransomware gangs in 2021, affecting more than 550 organizations, compromising the protected health information (PHI) of more than 40 million people, and inflicting financial losses of $6.9 billion.

Wisdom of Old CISOs

Standing up to the threat requires thoughtful investments in security tools that address the specific needs of each organization, backed by a deliberate and strategic plan that maximizes the efficacy of those tools to achieve and maintain a continuous Zero Trust posture. And as Emerson said Zero Trust is a journey, another famous CISO, philosopher Lao Tzu said the journey of a thousand miles to Zero Trust begins with a single step. Fortunately for healthcare organizations looking to protect their IoT, IoMT, and OT assets, that single step is one of five in a connected device security maturity model that Ordr has outlined in a new ebook entitled  A Practical Guide: Implementing Connected Device Security for Healthcare Organizations.

Five Easy Pieces

Authored by Gartner veteran and Ordr strategic advisor Brad LaPorte, with close consultation by many of our own subject matter experts, “A Practical Guide” includes recommended actions, technical considerations, and helpful insights that complement each of the five steps of maturity for connected device security, which are:

  • Step One – Asset Visibility: a foundational exercise that must be launched and operationalized to discover and classify every device, and map its flows.
  • Step Two – Vulnerability and Risk Management: used to extend the capabilities of the organization to effectively see and know about all the devices present in the environment.
  • Step Three – Reactive Security: prioritization of activities necessary, such as blocking specific inbound and outbound communications to mitigate risks, risks.
  • Step Four – Proactive Security: establish automated policies to ensure rapid threat detection and prevention, and begin to implement proactive Zero Trust segmentation policies.
  • Step Five – Optimized Security: use of real time analysis and micro-segmentation to automate dynamic policy changes, scale protections reflective of an environment’s current state, and enable continuous improvement.

As you can see, each step in the maturity model builds on the previous step in sequence; there are no shortcuts. And the speed with which an organization progresses from Step One to Step Five will differ. It’s also important to recognize that, when starting from a place of no or incomplete connected device visibility, each step of the journey represents a significant improvement toward Zero Trust. And when a connected device security strategy is implemented and fully matured, it can be applied holistically across an entire organization or focused on multiple critical areas, in sequence or in parallel.

When starting from a place of no or incomplete connected device visibility, each step of the journey represents a significant improvement toward Zero Trust.

If you want to read A Practical Guide: Implementing Connected Device Security for Healthcare Organizations, you can download it here with our compliments. We’ve scheduled a webinar for January 19 to discuss the topic. Or, if you want to talk to one of our healthcare connected device security experts (or an expert in any other industry), get in touch. We’d love to hear from you.

In IT (information technology), asset management is the process of inventorying every asset that makes up the technology estate. Every piece of hardware and software, every service and application in use has to be tracked from the moment it is acquired until it is retired. Asset management is vital to keeping track of things like licenses, software updates, maintenance, depreciation, and other administrative aspects of enterprise technology ownership.

Asset management plays an essential, if unheralded role in cybersecurity. When you have an accurate and real-time accounting of all the assets that make up your IT environment, you can minimize the chances of an adversary finding a weak spot, or of an error that puts your systems and data at risk of a breach. That’s because cybersecurity asset management also involves things like patch management, access control, and assignment of user privileges.

The Challenges of Unmanaged and Hyperconnected Devices

One area that is difficult for traditional approaches to cybersecurity asset management is unmanaged and hyperconnected devices like IoT (internet of things). Many devices that are within the realm of IoT and that are connected to the enterprise are not traditional IT gear. This can range from devices that cannot be actively scanned to devices that slip through the cracks of NAC systems. (network access controller). Traditionally, whether the equipment is added with the knowledge of IT management, or whether it connects outside of the view of IT, it has to be monitored and tracked manually—and that is an impossible task given the number of devices in use today. And the problem is only going to get worse given predictions of increased deployment use. Juniper Research estimates IoT deployments will go from 36 billion devices today, to more than 83 billion by 2024.

When devices are undiscovered and unmanaged, they represent a potential point of entry for threat actors. And because the number of devices deployed in today’s sophisticated enterprises can reach five- and six-figures, organizations can’t afford to overlook them as a part of an IT security and management program. That is why a connected device security platform that foundationally performs cybersecurity asset inventory and management is an essential tool for the modern enterprise.

Three Keys to Success

To be effective at the task of cybersecurity asset management, organizations require a platform that is engineered for massive environments and is able to synthesize a significant amount of device data via machine learning and automation. That is because accurate device classification and behavioral baselining of device behavior inherently is made for machine learning.

The keys to successful cybersecurity asset management are:

  • Complete device discovery to ensure total visibility and accountability into your entire managed and unmanaged device inventory;
  • Real-time device monitoring and profiling to ensure you know the status of every connected asset, including configuration, communications patterns, and expected, unusual behavior, and more; and,
  • Automated policy generation and enforcement to support the protection of devices that are at risk of compromise, or that cannot be managed and secured by legacy or manual processes.

These are baseline capabilities that can close the security gaps that exist in enterprises that are struggling to manage their expanding connected device inventories. Many devices were never meant to be accessible to the public internet, but are now connected to online supply chain networks; many devices were made by companies that no longer exist, and are now unsupported; many devices operate on obsolete software and operating systems and are vulnerable to well-know exploits; many medical devices are prohibited from needed updates because of FDA mandates.

Discover ALL Your Devices with Ordr

Ordr discovers all managed and unmanaged devices connected to your network, monitors and profiles device use and behavior, and assesses security risks in real time, and automatically generates and enforces security and management policies, ensuring complete coverage across your entire inventory.

If you’re struggling with cybersecurity asset management, Ordr can help. For quick visibility and assessment of your connected devices, request a demo: https://ordr.net/request-a-demo/