CMDB (Configuration Management Database)
A repository tracking IT assets, configurations, and relationships. CMDBs typically have poor coverage of IoT, OT, and IoMT devices, creating blind spots that ORDR is designed to fill.
What is CMDB (Configuration Management Database)?
A repository tracking IT assets, configurations, and relationships. CMDBs typically have poor coverage of IoT, OT, and IoMT devices, creating blind spots that ORDR is designed to fill.
A Configuration Management Database (CMDB) is an IT operations repository that tracks assets (called Configuration Items or CIs), their attributes, and the relationships between them. CMDBs are the backbone of ITSM workflows: change management, incident response, service requests, and problem management all rely on the CMDB as the authoritative record of what's in the environment and how components depend on each other.
The security limitation of CMDBs is their scope. CMDBs are populated by IT operations teams and track assets that IT manages: servers, workstations, network infrastructure, and software. IoT devices, OT controllers, and medical devices are structurally excluded — they don't run agents that report to ITSM platforms, they're not provisioned through IT workflows, and they're often managed by different teams (facilities, clinical engineering, OT operations). Studies consistently find that CMDBs in healthcare and manufacturing environments contain fewer than 30% of the actual connected devices.
This coverage gap has direct security consequences. Security teams that rely on the CMDB as their asset inventory are working from a systematically incomplete picture. Vulnerability management programs that scope their work to CMDB-registered assets miss the majority of IoT and OT devices. Incident response teams that query the CMDB for context on an anomalous IP address frequently find no record, delaying containment.
Key Facts
- The average enterprise CMDB covers fewer than 40% of connected devices in environments with significant IoT/OT
- CMDB accuracy degrades by approximately 10–15% per year without active reconciliation
- ServiceNow, the leading CMDB platform, relies on agents and ITSM workflows that exclude unmanaged devices
- Security decisions made against an incomplete CMDB systematically miss the highest-risk device categories
How ORDR Addresses CMDB (Configuration Management Database)
ORDR integrates bidirectionally with CMDBs including ServiceNow, to both enrich the CMDB with discovered IoT and OT assets and to consume CMDB context for enriching ORDR's risk analysis. ORDR fills the gaps that CMDB population workflows miss, giving security teams a complete asset record that combines ITSM-managed IT assets with network-discovered IoT and OT devices.
See ORDR in actionFrequently Asked Questions
Complete visibility across your entire attack surface.
ORDR unifies IT, IoT, and OT asset intelligence so your team can see—and act on—what matters most.