Avoiding the security hazards that come with OT/IT Convergence

For decades, factories, utility operations, and healthcare centers have relied on operational technology (OT) systems for daily functionality – monitoring production processes, distributing electricity, running MRI machines, etc. These systems have largely stood apart from whatever IT structure the factory, utility, or healthcare center might have in place. (And for some, such as older utilities, IT itself has been limited or non-existent.)

Two forces are upsetting the status quo for such OT systems: 1) the drive toward digital transformation made by integrating OT and IT and 2) the ever-more-aggressive attacks on security that may bring operations to a halt, with potentially catastrophic results for the organizations and those they serve.

It’s a frightening prospect, one that requires a careful, deliberate effort to understand the nature of the dangers for an individual organization and develop an appropriate response. Fortunately, solutions exist to enable organizations to up their digital capability while safeguarding their operations. But first, let’s look at how the progress from no protection to an integrated, resilient system takes place.

Phase One: Awareness of Potential Vulnerabilities

Alert leaders of organizations relying on OT begin to realize the growing threat they may face as they read reports relevant to their sector:

• Healthcare organizations: Breaches in the U.S. rose by 55% in 2020 over 2019.
• Utilities: Blind spots in the power generation industry brought on by digital transformation makes them more vulnerable to cyberattacks.
• Manufacturing: The sector became the second most targeted industry in 2020, with a 300% increase from 2019 due in part to the shift to Industry 4.0.

The report on utilities by Yokogawa, a Japanese-based international electrical and software company, crystallizes the problem. While the shift to open systems makes a utility more adaptive to demand, enhances analytical capabilities, and facilitates interoperability, it also “has unlocked a door that was once firmly kept shut,” as hackers are well aware.

Phase Two: Taking Stock of Weaknesses

Next, organizations examine their own potential points of entry for those who would do them harm. Often, they’re alarmed to recognize how many devices are unmanaged, ports are open, and functional silos are in place that keep various security measures from being integrated. The magnitude of the vulnerabilities begins to dawn on them as they see they’re exposed on several fronts: cyber, physical, supply chains, etc., with no centralized way to assess risks, let alone manage and prioritize responses to them.

Phase Three: Attacks, Firefighting and the Shift to Centralization

All the theorizing about weaknesses and vulnerabilities shifts to practicalities and urgency when an organization has a security breach. As the military axiom goes, “No plan survives contact with the enemy.” Organizations move quickly to defend themselves in an ad hoc fashion as best they can. But a rush to shut off one entry point in a network may result in halting operations on a wide scale – a consequence that might have been avoided if the network were segmented so attacks in one section could be addressed while the others were left uninterrupted.

In addition to the problems caused by an unbalanced remediation measure, organizations suddenly panic with the realization that this may be the first of many successful breaches and they have no idea what attacks might be next, nor how they can readily respond effectively and efficiently.

This leads to the conclusion that others (including vendors selling solutions to the problem) have reached: Security needs to be unified, with threats and insights gathered in one centralized location. Silos may have had their time and place in their organization as a way to ensure each function ran well. But modern manufacturers, utilities, and healthcare organizations know that information needs to be free-flowing across all departments. What’s more, external partners must be part of the data-sharing effort, with the risks they represent fully understood and managed.

Phase Four: Implementing a Centralized Security Platform

At this point, an organization may be desperate to find any tool that can help, only to be frustrated to learn from peers who’ve acquired platforms designed for the purpose that implementation is slow and cumbersome. So, while additional planning may be the furthest thing from the minds of organizational leaders who’ve recently been attacked, they eventually see the need to carefully review their options and pick the right solution.

What’s needed is a product that has anticipated the implementation challenges and devised a deployment that goes quickly and painlessly. This is what Ordr was designed to do for manufacturers, utilities, and healthcare organizations – the groups most in need of such protection – as well as other organizations needed to blend OT and IT.

Within hours of deployment Ordr discovers all pertinent information about every connected device, and new devices are discovered in real-time as they connect. All devices are understood for their vulnerabilities, recalls, weak passwords or certificates. Because Ordr scans in a passive, agentless and zero-touch manner, it doesn’t affect the operation of even the most sensitive IoT device. And no matter who the operational owner of the IoT, IoMT or OT device is, the Ordr platform can manage it: automating responses, implementing role-based access controls, and providing customized views for individual stakeholders.

The advantages of converging operational technology with information technology are clear: greater efficiencies, improved capabilities, and cost reduction. But the risks are real, too: unlocking that door that was once firmly shut. Organizations that fully embrace the promise of digital transformation while safeguarding themselves against its security vulnerabilities are in the best position to achieve their organizational objectives and serve their customers safely and effectively.

To see how Ordr can help your organization, one of our industry experts would be happy to give you a personalized demonstration. Use this request form to do so.

Brad LaPorte is a former Gartner analyst and is now a partner in the consulting firm, High Tide Advisors.

Brad LaPorte

Former Gartner Analyst and partner High-Tide Advisor.

We launched OrdrAI CAASM+ this week. I’m incredibly proud of our CAASM solution; we’ve spent a long time working with both prospects and customers in understanding the market requirements, addressing their specific needs, and developing a solution that addresses the flaws in existing products. We’ve also built on our foundational strengths in solving asset management and security challenges in the most complex verticals. 

First let’s discuss the business reasons, and then the, “What, why, and why Ordr?” questions.

The bottom line business reason for OrdrAI CAASM+ is: with the explosive growth of attack surface volume and diversity, it’s impossible to do asset inventory management without a modern software solution. Furthermore, with the rising frequency of cybersecurity incidents affecting enterprise organizations, it’s imperative that security teams not only identify what assets they own, but also know what’s running on those assets, including software operating versions, access and permissions, and what they are accessing. These insights provide CISOs and security teams with the confidence to maintain compliance, by delivering a prioritized list of vulnerabilities and risks that enable rapid, automated action.  

Introduction to CAASM (Cyber Asset and Attack Surface Management)

Cyber asset management focuses on complete, unified, and accurate visibility of all assets in the enterprise, including users, devices, software applications, installed software, and cloud resources. Attack surface management focuses on identifying vulnerabilities that can be exploited by hackers. We take this a step further by providing asset intelligence that creates deep, accurate context for every single asset. We believe that asset visibility alone falls short in empowering teams to proactively safeguard their attack surface. Comprehensive asset intelligence is essential for teams to proactively surface and fix asset risks and exposures. 

What does that mean? To me, asset intelligence encompasses the following: 

• Accurate, deep context for every asset: this is essential to ensure that you have the most accurate and complete data available for every asset to make effective security decisions. This deep context is essential, for example, with vulnerability management — knowing the software operating system and application details of a particular asset along with the support owner is important to be able to identify if you’re vulnerable and remediate. Accurate and deep context is also the foundation to surface insights on security coverage gaps and compliance violations. 
• Risk-based vulnerability prioritization: this is a critical component of asset intelligence. CAASM prioritizes risks based on business impact and provides a unified view as a single source of truth for surfacing security gaps and vulnerabilities. It serves to simplify evidence gathering for audits, and accelerates incident response should there be a breach. 

Why CAASM? And why is it critical for security teams to invest in CAASM solutions now?

The expansion of attack surfaces from digital transformation is happening in every enterprise, driving two key risk factors:

1. Expanding enterprise boundaries: Digital transformation is causing enterprises to grow beyond traditional borders, encompassing cloud workloads, hybrid workforces, remote offices, and supply chain integration. As the boundaries expand so does the attack surface.
2. Exploding number and types of assets: The volume and diversity of assets—from managed IT, to unmanaged IoT and OT—is skyrocketing. This leads to more significant vulnerabilities, and unmanaged devices also bring with them more unpatched vulnerabilities that lead to an increased threat surface.

All of this is compounded by the massive number of third-party tools we have running. Many of these help us with managing risks and vulnerabilities but they also lead to confusion with different feeds, duplicative asset counts, and disparate sources of data.  

CAASM addresses these challenges by providing comprehensive and accurate visibility, consolidating siloed information, surfacing risks and exposures, and enabling efficient risk remediation and compliance reporting.

Why OrdrAI CAASM+?

We believe we can uniquely address the asset management challenges security teams are struggling to deal with today. In enterprise environments where asset landscapes are complex and interconnected, Ordr CAASM+ bridges the gap between physical and digital assets with comprehensive, accurate visibility. Our offering extends beyond traditional API-reliant methods, capturing data for all assets including often overlooked devices, such as IoT, OT and industrial controllers, and legacy systems. Data and business insights are the foundation of the OrdrAI Asset Intelligence platform, which is grounded in three principles: comprehensiveness, extensive depth of coverage, and trusted and proven accuracy.

The problems we’re solving aren’t new. Ordr has spent a long time analyzing the requirements for CAASM and we’ve worked very closely applying that experience in combination with input from key enterprises to build our CAASM+ product. Here’s how OrdrAI differentiates against other solutions: 

• Comprehensiveness: Ordr’s multidimensional data collection strategy eliminates blind spots by going beyond API-only methods, capturing data from all devices including those which cannot have agents installed, such as IoT and OT devices.

• Depth of Coverage: With a crowdsourced library of millions of assets and AI/ML classification techniques, Ordr provides accurate asset identification, eliminating duplicates and facilitating automated enterprise workflows.

• Accuracy: Ordr’s proprietary data collection method–such as Ordr Software Inventory Collector and mapping engine–empower teams with accurate, real-time asset inventory and insights needed for security practitioners to find and fix risks and exposures.

• Generative AI-Powered Queries: when a cybersecurity issue hits the headlines, or a CISO inquires about a vulnerability (for example, “Are we vulnerable to ScreenConnect or MOVEit?” “Are all my managed endpoints protected with my EDR solution?” “Are there Axis video surveillance cameras in my network?”), how quickly can you answer these questions?  We’ve made it easy with Generative AI-powered queries that do not require learning a new language, or navigating countless reports or dashboards. 

• Expansion to OrdrAI Protect: OrdrAI CAASM+ addresses asset attack surface management challenges. For customers with mission-critical IT, IoT, IoMT, and OT devices, we offer a building block approach to implement OrdrAI Protect for advanced threat and anomaly detection, behavioral intelligence and segmentation capabilities. 

Personally, I am super excited about launching the OrdrAI CAASM+ solution. And we look forward to engaging with enterprise security teams as they deploy OrdrAI CAASM+ and benefit from our class-leading asset intelligence insights. 

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Recently Ordr spent time talking to our clients about the Cybersecurity Maturity Model Certification (CMMC): what it is, why it’s important, and how they can prepare for it as it relates to the world of devices and IoT. Ordr is the leader in IoT cybersecurity, ranging from mid-market businesses to large enterprises; many of whom offer services to the Department of Defense (DoD). Because of this, it is incumbent on us to know how the CMMC will apply to our clients infrastructure and to be able to help our clients achieve certification. We realize, and educate our clients that the DoD’s new CMMC isn’t just another framework.

To help our forward-looking clients meet future CMMC requirements, Ordr is already working to map the security controls that IoT and device components require against the CMMC checklist. In order to plan for the CMMC, it is crucial that our clients and potential clients understand how IoT and device configurations are being considered as part of this new maturity model.

First let’s break down what CMMC is. In the Fall of 2020, the U.S. Government will begin requiring organizations to become compliant with CMMC. This is being done primarily to help more organizations fix low rates of compliance associated with NIST 800-171. CMMC will become a requirement designed to permit only businesses with a valid CMMC certification to bid on and win contracts with the US Government. The U.S. Department of Defense (DoD) obviously recognizes that all contractors are not alike, and is using the modifications of the CMMC and its “levels” to make this compliance endeavor more palatable for a broader swath of potential contracting organizations. The CMMC is a tiered model that has the potential to impact every business in the Defense Industrial Base (DIB). To be sure, this is no “small” endeavor.

Soon – contractors in the DoD supply chain will need to be evaluated against this maturity model by a third-party auditor. CMMC contains seventeen capability domains, each of which encompasses a different area of security. Each of these domains will be evaluated on a level from one to five — five being the most mature — and the organization will be assigned an overall CMMC level based on their evaluation results.

CMMC is a big deal for DIB companies because the level that an organization achieves will determine which DoD contracts they’re eligible to bid on and win. Get a 5, the world is your oyster; get a 1 and it limits your available opportunities.

For sure CMMC is daunting. The capability domains outlined in CMMC are very broad, and entail everything from physical security to personnel security to asset management and essentially any other applicable security control that the government can think of. That sounds nearly impossible, and it certainly could be, but in reality CMMC happened to help organizations understand the complexity and breadth of achieving a true security posture. Hopefully CMMC will help mitigate some of the pencil whipping and box checking security failures that have plagued contractors in the past.

Because CMMC is broad, it is critical that any organization wanting to compete and win lucrative contracts heed the call to ensure they consider their IoT/OT security vulnerabilities, as well as their other security controls and programs. Modern exploits and attacks usually cross IT/OT infrastructures at some point. After all, everything is “connected” today. This means that without IoT visibility and accountability the entire network is potentially threatened, and the CMMC auditors know that.

There are very few CMMC domains that don’t apply to IoT network devices. Asset discovery, threat detection, incident response are part of any intelligent or complete response package. One can easily see why they are integral to the CMMC requirements.

While CMMC has many other requirements, much of what it mandates can be summed up pretty simply. Here are a few basic considerations that can help set your organization on the right track to achieving CMMC compliance specifically related to your IoT/OT network devices.

1) Do you have visibility, access, analytics or even the capability to understand IoT devices?

You can’t defend what you don’t cannot see. And you cannot defend any enterprise if you don’t know about the totality of devices or “assets” in a network. Ordr works with organizations to gain that visibility into their IT and IoT networks. In doing this our systems help your team understand how those assets communicate and are connected to each other.

Without that insight and knowledge, it’s impossible to prioritize risks, detect active threats already operating in your environment, or prove that your security posture is strong enough and doing its job. All of those things are key to CMMC compliance across a variety of domains. Being candid, it is impossible to fully secure your networks without having IoT/OT network device visibility.

2) How resilient is your overall IoT/IT network architecture?

CMMC focuses on building a stronger cybersecurity posture in DoD supply chain contractors, and as part of that, CMMC requires an organization to detail how they have built a strong overall approach for securing all network connected devices.

Part of having a sound security posture is to make sure that all devices only communicate with the internet as intended. Stronger network segmentation improves security. Ordr makes network segmentation easy by using ML/AI-assisted automation..

3) Can you identify and remediate IoT/OT device vulnerabilities in your network?

Key CMMC requirements focus on identifying and addressing vulnerabilities across all devices and infrastructure components. For networks with IoT/OT devcies, that could mean CVEs, malfunctioning devices, or the presence of unauthorized ports or rogue applications. CMMC requires that you’re able to detect and prioritize vulnerabilities like this. If your organization cannot do this, you will have a hard time achieving higher levels of compliance. Ordr shines in this area and can rapidly enable this action.

4) Can you detect exploits with all your IoT/OT devices?

IoT and device threats are a very different animal than detecting threats that target legacy IT systems and endpoints. Typically, embedded IoT/ICS devices do not support agents and may not be visible to your IT teams or tools. Because of this gap in security, your organization may be required to incorporate IoT and device aware analytics to detect abnormal machine behavior that could help identify an attack.

This is not an area where current IT approaches can be used in the IoT/OT device environment. The requirements for these unmanaged devices are very different.

Lastly, Ordr can be deployed to help avoid the pain and cost of an extended audit. Like every other federal certification requirement, a 3rd party is going to audit your company for compliance, and that will include your IoT devices, device security controls and asset inventory. Think about this from a financial perspective. With auditors, time is money. If an organization pays an auditor an hourly rate of $300 per hour – the longer it takes the auditor to review and understand your environment, including all the IoT devices, the more billable hours and costs you will accumulate. To minimize the time and costs, it makes sense to have an accurate inventory and full visibility of every asset, including IoT devices, before the auditors arrive. With auditors, nothing exists unless it is documented. Ask Ordr to assist with preparing for your CMMC and FISMA audits.

To see how Ordr maps to CMMC in our White Paper.

In the late 1990s, I was just starting out in my career in tech. As an electronics engineer, I was busy designing and building circuits, installing and maintaining systems, and gaining as much experience as I could to broaden my horizons. I enjoyed the work, but things changed in late 2001, and opportunities in tech contracted dramatically. Looking for stability and a chance to apply my skills in a growth market, I moved to healthcare and became a biomedical technician with little to no understanding of the field and the rewarding experience it offered.

I thrived as a biomed. My background in electrical engineering blended well with the need to integrate and manage the influx of innovative medical technologies that hospitals were using to improve their ability to deliver positive patient outcomes. I soon earned my CBET certification, and over the coming years, progressed to a BMET 2 and then BMET 3.

ACA Changed Healthcare Cybersecurity Dynamics

Around that time, the Affordable Care Act (ACA) was passed, and with it came a push to accelerate the adoption of electronic medical records (EMR). That meant the devices I was working with were now becoming connected to the hospital network to improve workflows and reduce errors. I saw the risks that came along with that trend, so I began investigating what protections were in place to ensure patient safety and privacy. Manufacturers were frantically adapting products to meet the needs of rapidly changing care delivery strategies. These adaptations, although functional, did not take cybersecurity into account. Recognizing the danger that network-connected medical devices posed to IT networks in healthcare environments, I began working closely with security teams to help them understand these unfamiliar technologies and how they affected security and IT operations, but also impacted patient care.

Back then, IT management was laser-focused on protecting data and systems; patient safety was not a part of their mandate. But unlike installing or servicing a server, you can’t just take something like an infusion pump or patient monitor offline if there’s an update needed. Nothing works in a bubble in IT once it is connected to the network. There are downstream effects, security implications, and new regulatory regimes to satisfy. That meant we had to rethink our approach to the design and management of the emerging healthcare IT estate. Biomeds were now working alongside traditional IT management to address the influences of things like connected medical device inventory, patching strategies, vulnerability management, and cyber risk assessments.

The Start of Whole Hospital Cybersecurity

Looking back, it was the start of what at Ordr we call the “whole hospital” approach to protecting healthcare IT environments, and that is what attracted me to Ordr. I knew firsthand how difficult it was for Healthcare Technology Management (HTM) and IT management to discover, identify, manage, and secure their Internet of Medical Things (IoMT) devices. Traditional methods for conducting IoMT asset management (often including manual labor) are slow, inaccurate, and error prone. The result is an incomplete, moment-in-time snapshot of what devices are operating on the network and an inaccurate assessment of where the risks are.

But with the Ordr whole hospital approach to healthcare IT security, CISOs have the tools needed to discover and profile IoMT, Internet of Things (IoT), and operational technology (OT) in real-time, and with the clarity that comes from access to the Ordr Data Lake with its rich library of profiles on millions of devices. The Ordr technology suite enables Biomedical Engineers/HTMs, CISOs, and IT operations managers to embrace the SEE, KNOW, SECURE philosophy of connected device security with the confidence that comes from knowing you have accurate information and precise insights for decision making—and automations to act quickly when threats arise.

Five Keys to Improving Healthcare Cybersecurity

Ordr delivers value for healthcare organizations in five important ways:

1. Automating asset inventory to identify what’s connected to the hospital network. Ordr discovers and monitors every connected device in real time, understands how devices connect and communicate on the network, and provides insights to locate devices across the environment. This allows hospitals to allocate resources doing manual inventory to higher value tasks, and enables HTM and security teams to easily locate devices for maintenance or incident response.
2. Know risks and vulnerabilities such as devices with outdated operating systems and vulnerabilities, complete with device risk scores. This information enables teams to know their attack surface, prioritize patching and reduce risk. It also addresses a key security gap as some devices like medical and IoT devices are typically not scanned by traditional vulnerability management solutions because of impact to operations.
3. Improving collaboration between teams HTM, security, and IT teams by providing a complete picture of every device, with deep context (serial number, manufacturer, model, operating system, and more), understanding of how devices interact, device owners and device utilization. Operating from a single source of truth about assets improves hospital efficiencies.
4. Detecting threats such as devices with exploits, communicating to malicious domains, or behaving abnormally. Ordr can automate workflows to assign tickets to the appropriate device owner, or create segmentation policies to limit compromised devices to “baseline” behavior.
5. Demonstrate ROI not only in the context of device management and security, but by maximizing medical device utilization efficiency. By understanding how devices are being used, and when, hospitals can identify areas of over or under usage, manage maintenance schedules and optimize capital spend.

I recently recorded a webinar with more information about connected device security for healthcare organizations. If you have questions about how Ordr can help your organization compile, track, and manage its complete asset inventory in real-time, improve its security posture through the whole hospital approach, and effect better utilization of its existing medical devices, reach out and let us know.

Benjamin Stock

Benjamin Stock is the Director of Healthcare Product Management at Ordr. Previously, Ben worked as the Director of Clinical Equipment Systems and Project Support at SSM Health St. Louis, MO. With more than 15 years of experience in healthcare technology management, his wealth of knowledge in the Clinical Engineering space allows him to be a wonderful advocate for Ordr healthcare customers. Ben is also a Certified Biomedical Equipment Technician (CBET).

SANTA CLARA, Calif., Aug. 30, 2023 /PRNewswire/ — Ordr, the leader in connected device security, today shared that it has experienced a significant increase in industry demand for its connected device security platform. Ordr enables security and IT teams to discover and secure every connected asset across their whole organization – from laptops and traditional IT equipment, to especially vulnerable Internet of Things (IoT), Internet of Medical Things (IoMT), Operational Technology (OT), and Cyber-Physical Systems.

“With industries as diverse as healthcare, manufacturing, financial services, smart cities, government and higher education coming to depend on connected devices to conduct their daily operations, it is no surprise that security has become a top priority,” said Jim Hyman, CEO of Ordr. “Organizations need the granular visibility that Ordr delivers, enabling teams to see what devices are connecting to their network, where they are connected, and what they’re doing when connected. It’s only with this real-time context that organizations can accurately identify their complete attack surface and mitigate risks via automated policies.”

Ordr’s AI-powered platform gives organizations a single source of truth for every connected device, revealing the entire attack surface, including vulnerabilities, exploits and anomalies. With the digital transformation-driven expansion of devices across industries, the number of connections that must be secured by an organization increases dramatically every day. In addition, in industries such as healthcare and manufacturing, connected devices have a long lifecycle, often outliving the operating system and security software installed on it and creating an instant security issue.

“Enterprises today are embracing Zero Trust as a modern cybersecurity strategy, but extending it to connected devices including IT, IoT, IoMT and OT can be increasingly challenging. We’ve been seeing great momentum bringing together our extensive cybersecurity experience with  Ordr’s technology to discover every asset in the network, identify the attack surface, and automate the creation of segmentation policies to secure them. We look forward to our continued partnership with Ordr to further strengthen our customers’ security posture,” said Mark Grassmann, Cybersecurity Practice Principal, Alchemy Technology Group.

It has become harder and harder for resource-constrained IT and security teams to ensure they have a full understanding of their attack surface – and for them to have the proper policies in place to mitigate those situations. The visibility and control Ordr brings is helping reduce risks, and decrease incident response by hours, particularly when context is used to enrich CMDB, SIEMs, XDRs and security operations tools.

Ordr’s industry momentum includes:

Customer Growth

• Ordr continues to maintain its leadership position in healthcare while expanding its footprint in critical markets like manufacturing, financial services, higher education and government. Ordr enterprise ARR growth increased by 249% from 1H 2022 to 1H 2023.

Industry Recognition

• Ordr was named to the 2023 Startup 50 list, recognizing innovative technology companies that are already solving real industry problems.
• Analyst firm Enterprise Management Associates (EMA) named Ordr a “Leading Security Visionary” in its annual Vendor Vision Report.
• Ordr was selected as a 2023 Intellyx Digital Innovator Award winner by industry research firm Intellyx.
• The company was named one of the “10 Coolest IoT Security Companies: The 2023 Internet Of Things 50” by publication CRN.
• Industry publication ChannelPro named Ordr a 2023 “Vendor on the Vanguard.”
• The Ordr platform was awarded a “2022 IoT Excellence Award” in early January 2023 by IoT Evolution.
• The company was named a “Soonicorn” by Tracxn in its “Internet of Things Infrastructure Startups 2023” list of top IoT companies to watch.

Product Innovation

• Ordr recently announced version 8.2 of its platform, including new integrations with leading mobile device management, endpoint detection and response, threat intelligence, and Zero Trust providers.
• Ordr was recognized as a representative vendor in the 2023 Gartner Market Guide for Cyber-Physical Systems Protection Platforms and a July 2023 report by Gartner on Reference Architecture for Integrating OT and Modern IT.
• Ordr was recognized as a representative vendor in the 2023 Gartner Market Guide for Medical Device Security Solutions.
• Ordr was also included as a representative vendor for Cyber Asset Attack Surface Management category in the Gartner Hype Cycle for Security Operations 2023, and the Gartner Hype Cycle for Workload and Network Security 2023,
• Ordr was recognized as a top performer for an unprecedented fourth year by KLAS Research in its recent “Healthcare IoT Security 2023: An Update on Vendor Performance and Deep Adopter Utilization” report.

Industry-Leading Partnerships and Integrations

• GE HealthCare and Ordr teamed up to deliver broad visibility, performance monitoring, security, and governance of all clinical assets on GE’s CARESCAPE network, providing customers with enhanced self-management capabilities for their critical patient care devices.
• A new integration between Ordr and ServiceNow was announced, helping customers to quickly, easily, and reliably populate their CMDBs with third-party data, enabling data quality, timeliness, and scalability.
• Ordr partnered with Dubai-based Spire Solutions, the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).
• The company partnered with U.K.- based Next Generation Security (NGS), a specialist cybersecurity reseller providing consultancy, support, and managed services.
• Ordr teamed with Sodexo Healthcare Technology Management to create a managed HTM and cybersecurity solution combining the strengths of Ordr’s connected device security platform with Sodexo’s healthcare technology management (HTM) services expertise.
• Ordr also named CDW and World Wide Technology (WWT) as its 2022 Partners of the Year, reinforcing the importance of both partnerships to the company and its customers.

Contact us for more information about how Ordr can help teams discover and secure every connected device across their organization.

In recognition of International Women’s Day, we spent some time with one of Ordr’s many talented female employees: customer success escalation engineer Pallavi Raj.

Pallavi, who began her career at Ordr as a software engineer, has been with us for what she describes as an “enriching one year and four months.” Before coming here, she earned an MS in biotechnology/bioinformatics from Georgetown University, and an MS in MIS (information systems) from the University of Colorado, Denver, Business School. Impressive educational accomplishments.

Prior to pursuing her advanced degrees, Pallavi worked as a content editor with a multi-channel health and nutrition media company responsible for managing connected TV channels like Health Smart, which sparked her interest in information technology. Then she moved on to become a portal manager and digital business operations analyst at Blue Shield of California, playing an instrumental role in launching native mobile apps for both android and iOS customers of Blue Shield.

Those hands-on experiences gave her an understanding of the many facets of technology’s influence on business, and especially in healthcare, that would come into play in her current role at Ordr.

Ordr: What drew you to a career in tech?

Pallavi Raj: As the saying goes, “A person does not gain knowledge by merely possessing an insatiable thirst for it, but by seeking for the means to quench it.” Being a staunch advocate of this philosophy, I strongly stand by the fact that, to shine in an innovative workplace, one should always aim for the perfect combination of analytical and technological proficiency, coupled with a scientific mind and leadership qualities.

Belonging to a family of software engineers, doctors, and technology entrepreneurs, I was always inclined towards being part of the technology domain. I went ahead and earned my master’s in biotechnology with a bioinformatics track from Georgetown University. This course of study exposed me to the amalgamation of biological sciences and information technology, and to the boundless data science possibilities this blend could bring.

Ordr: What was it that drew you to pursue a role at Ordr?

Pallavi: I went on to pursue another MS in information systems to gain momentum in the IT industry. This education proved extremely beneficial in comprehending cybersecurity principles, advanced networking concepts, and database management, as well as the full scope of other technology and management courses that I took during my time at University of Colorado, Denver. The degree was a blend of technical concepts with cybersecurity concentration and managerial concepts focused on business intelligence and programming.

Ordr provided me the golden opportunity to incorporate both my professional experience and academic attributes. Working at Ordr has brought me one step closer to understanding how to develop various skills that could help in harnessing the power of technology, while applying what I have learned in a highly innovative environment.

Ordr: Who has served as a mentor for you, and how have they influenced your career to date?

Pallavi: For me, mentoring means inspiring, guiding, and spearheading the right skills at the right time by the right people. Some of the influential mentors in my life have been my brother who is a senior executive at Amazon; my husband, who has a great deal of rich experience working in the technology sector; and my parents, who are doctors and professors, and have always encouraged me to be an empowered technology talent.

Ordr: How has your experience at Ordr influenced your perspective on tech?

Pallavi: Organizations face a vast array of emerging cybersecurity and vulnerability management challenges, and a higher risk of security breaches due to increased adoption of IoT and other connected devices. Ordr addresses these issues with an innovative mix of artificial intelligence and network packet analysis to support a zero-trust posture for our customers. And in addition to security, we also deliver vital extensive asset management, continuous visibility, and segmentation capabilities. Seeing this from the inside has given me a new perspective and appreciation for what’s possible with a well-designed technology framework.

Ordr: What have you learned in your time here that has surprised you?

Pallavi: One of several surprising elements of my journey at Ordr so far has been observing how the company has not only risen to become a world-class leader in healthcare security, but continues to innovate to do more. Our customers are managing hyper-connected enterprise architectures, and we support them by leveraging machine learning technology where real-time data gets generated, processed, and classified at a humongous scale.

What Ordr has achieved not only in healthcare environments, but for manufacturing, financial services, and critical infrastructure operators around the globe by discovering, identifying, and securing IoT devices against cyber threats has been an incredible learning experience for me.

Ordr: What is the biggest non-technical strength that you bring to your role as a customer success escalation engineer?

Pallavi: I have always been an advocate of expanding my versatility in different areas that can help me to foster positivity and productivity. Having recently assumed a new role here as a customer success escalation engineer, I can apply my problem-solving, self-starter, and communications skills on behalf of our customers to ensure their satisfaction. I believe my optimistic approach towards feedback, my ability to work collaboratively, and my love of lifelong learning are my biggest strengths.

Ordr: What advice would you give to yourself if you could go back to when you were in high school?

Pallavi: I would tell my younger self, “Don’t be afraid to listen to your inner self when it comes to choosing the difficult and challenging path. It might sound risky, but it will lead down a road with unique possibilities and immensely proud accomplishments.”

Ordr: What is your proudest achievement outside of the workplace?

Pallavi: I am proudest of my flexibility in transitioning from a biological background to the IT sector. Finding solutions to difficult problems has always been a strength, and my background dealing with and researching data, and having an experimental mindset, played a crucial role in changing gears for my career.

Danelle Au

Danelle Au has more than 20 years of experience bringing new technologies to market. Prior to Ordr, she was CMO at Blue Hexagon, a deep learning for malware protection company, and CMO at SafeBreach where she helped build the marketing organization and and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. Patents. She has an MSEE from UC Berkeley

There has been a lot of attention paid to ransomware over the last few years, and with good reason. In 2021 Fierce Healthcare reported a 470% increase in ransomware attacks on the healthcare industry in 2020 compared to the previous year. Threat actors saw an opportunity to take advantage of pandemic chaos to target a vulnerable sector of the economy and got to work. Healthcare took the brunt, but no industry was safe. The FBI’s Internet Crime Complaint Center (IC3) reported a more than 20% increase in ransomware investigations overall during that same period and said ransomware payouts increased at an even higher pace as a result. And according to Security Magazine more recent analysis shows the ransomware threat continued to rise through 2023, with more attacks, new gangs, and manufacturers emerging as a favorite target.

But ransomware isn’t the only danger to IT networks and data integrity. More common attacks, where the goal isn’t to lock down valuable information but siphon it off, remain a major threat to businesses. In fact, the most recent IC3 annual report said the FBI received 2,385 ransomware complaints accounting for losses of more than $34.3 million, while overall the Bureau fielded over 800,000 cybercrime complaints with losses of more than $10.3 billion during 2022.

A Complete, Real-Time View

Countering cyberthreats of every type is vital to protecting an organization’s business and operational interests, the safety of individuals, and to safeguarding assets like finances and intellectual property. Many types of cyberattacks share common attributes and indicators of compromise (IoC) like point of entry and vector, lateral movement, and disruptions to normal communications patterns. Identifying these can be difficult without a complete and real-time view of the assets comprising the network, and detailed profiles of each device connected to it. That is why a “whole enterprise” approach to cybersecurity must be adopted to maximize threat prevention.

This is especially important when considering the growing reliance many organizations have on the Internet of Things (IoT) and associated technologies like the Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT), operational technologies (OT), cyber physical systems, and other types of connected devices. Attackers don’t care what kind of devices the organization has deployed, only the operating system it runs. And because many devices use obsolete, unsupported operating systems, they are easy to exploit and to quickly traverse the network toward their goal.

Zero Trust Support

It makes sense, then, that a whole enterprise approach is the logical way to address cybersecurity because it includes full asset visibility combined with rich operational insights to give security teams the ability to recognize unexpected communications patterns and make informed security decisions in response. That is the Ordr See, Know, Secure philosophy to connected device security and it is why we have invested so much into building a platform that not only reveals an organization’s full connected device inventory in real-time, but layers in both intelligence and automation that enable dynamic policy creation and enforcement and support Zero Trust security initiatives.

That is important because connected devices are increasingly targeted by threat actors who use notoriously unsecure IoT, IoMT, OT and other devices as either an attack vector or path of lateral movement once inside the enterprise. They know that if 20% of an organization’s connected devices are outside the view of security, they are less likely to be detected and thwarted, and that their efforts stand a much higher chance of success.

Seven Keys to Fighting Back

To counter this threat, Ordr enables seven key capabilities in the fight against cyberattacks:

• Discovery of all connected devices.
• Identification of device communications with prohibited countries, prohibited IPs, and malicious URLs.
• Communications baselining and identification of communication anomalies.
• Identification of devices running vulnerable protocols with the ability to disable or monitor as needed.
• Identification of devices running unpatched and/or vulnerable software and OSes through the Ordr Software Inventory Collector.
• Segmentation or quarantining as a compensating control for devices that cannot be updated.
• Retrospective analysis to evaluate past compromised communications patterns when new IoC and threat intelligence are released.

Recent Attacks Illustrate the Threat

Several recent, high-profile threat campaigns illustrate how these capabilities and a whole enterprise approach to cybersecurity can help prevent or minimize the effects of an attack. Exploiting vulnerabilities in Fortra’s GoAnywhere managed file transfer product, Progress Software’s MOVEit managed file transfer product, and the RDStealer weapon targeting remote desktop applications allowed threat groups to plant malware, including ransomware, in hundreds of organizations and execute the exfiltration of millions of data files containing sensitive personal and corporate information. Even when attacks use zero-day vulnerabilities to compromise network security undetected, the exfiltration of data may itself trigger automated policy enforcement, minimizing the event’s impact.

Ordr is a key component in the whole enterprise cybersecurity strategies of many top healthcare, manufacturing, financial services, and other organizations that recognize their growing reliance on connected devices could leave them vulnerable. Using Ordr, they now SEE, KNOW, and SECURE their systems and data.

Srinivas Loke

Srinivas Loke is Vice President of Product Management at Ordr. Srinivas has a passion for cybersecurity with a deep understanding of network, end point, cloud and IoT security. Prior to Ordr, he led product teams at Aruba, Pulse Secure, FireEye and McAfee. He loves taking 1.0 products to the market and furthering cutting edge technologies that are solving customer problems.

The world seems upside down at the moment, and it is difficult not to be anxious and stressed. There were times in my past when during stressful moments, I would take a welcomed trip to the Bronx Zoo.  The escape from the hustle and noise of the city was a welcome reprieve. I quite enjoyed the simplicity of a walk to visit the animals and wildlife. My personal favorite was the rhinos, healthy and fit yet calm and proud.

Keeping the Animals Separate

When you enter the Bronx Zoo in New York City, you will notice that the animals are separate in particular areas. At the southern end of the park, there is the African Plains section with the giraffes and wild dogs, and it’s also where you can see the fierce lions basking in the sun. Over by the Himalayan highlands is where visitors can observe the snow leopard and the red panda.  So awesome those little red pandas. Between the mountains and the plains, you will find playful characters in the baboon reserve.

There is, of course, a separate world of reptiles, the birds of prey, even Madagascar! Where ring-tailed lemurs roam playfully. At the north section of the zoo by the fountain, the circle is the aquatic birdhouse, the sea bird aviary and the birds of prey.  To the east of the main foundation at the Fordham Road gate is where you whisk away to the high plains and see the Bison grazing. Everything in the animal kingdom in its place, everything in order.

Covering over 265 acres, the Bronx zoo is one of the largest in the US and first opened its doors in 1899. Sections and regions are well organized, and every animal, reptile, bird, you name it, is grouped logically together: kingdom, phylum, class, order, family, genus, and species. The ordering makes sense, everything is in their natural habitat, and you won’t find an antelope sharing a snack with the penguins. The order of things is intuitive, and the segmentation implemented adds a layer of protection.

Segmentation Keeps Threats at Bay

Segmentation can also help mitigate risk. At the zoo, you can have external threats, bad actors coming from the outside, and causing damage and internal risk when you can have havoc from the inside. In 2001, an otherwise normal man climbed a 20-foot wall entered the gorilla enclosure, and stripped down to his boxer shorts, telling the NYPD later that he wanted to be “one with the gorillas.” In 2007 Javan langurs (an old-world monkey form the colobinae subfamily) was placed together with Oriental small-clawed otters. The monkeys proceeded with well, monkey business, and it didn’t end well for one of them, a tragic example of internal risk.

Likewise, there are external and internal risks that large enterprises deal with every day. From hospitals to banks to retail operations, information is valuable, and hackers will do anything to attack from the outside to get access to valuable information.  An example of internal risk is when compromised employees or vendors go after sensitive information, or if an employee unknowingly grants access to an attacker by clicking on a phishing link in an email.

Similar to the order of things at the zoo, we help organizations segment their networks in a manner that makes sense. We can divide networks granularly down to the workload level and define specific security policies for these specific segments and workloads. So instead of just using gates and fences seen at some local animal farm, it’s a more secure process where movement can be monitored, communications can be traced, and all the animals can roam but stay in their respective regions.

If and when a deviation occurs (a crocodile gets out, or a device in the ER room talks to the finance department), our system can take remedial action right away. If a green peafowl escapes, there is no need to close the entire zoo. Our system is smart enough to contain the bird in the right area.

Segmentation Keeps Red Pandas and Networks Safe

With Ordr, we can help reduce the number of alerts and alarms and act fast when something unexpected happens. We proactively protect the enterprise network, and traffic is analyzed at multiple layers. Our SCE system creates a conversation map called the flow genome for every connected device. We can identify all communications between the various segment and VLANs, and we leverage AI to baseline normal communication behavior and then translates these behaviors into a device-specific security policy. The red panda will be proud.  

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

The past two years have been extremely challenging for healthcare providers. The pandemic thrust healthcare providers into an unprecedented period of transformation. It increased the importance of asset management as medical devices were mobilized and rapidly deployed to deal with the surge of patients. This was followed by the hybrid workforce trend and telemedicine adoption that extended the caregiving environment (and devices) beyond traditional hospital walls. At the same time, cyberattacks like ransomware increased in frequency and severity, reverting many hospitals to pen and paper and disrupting patient care.

The modern healthcare environment now must support the proliferation of connected medical devices that are critical to patient care and operations. Healthcare providers monitor these devices continuously and keep them functioning efficiently but must also protect them against cyberattacks.

Addressing Healthcare Provider Challenges

When Ordr and GE HealthCare first began collaborating, we spoke to several Biomedical & Healthcare Technology Management (HTM) and Security teams about the top challenges they were facing.

From these conversations, we learned there is untapped potential in optimizing healthcare networks with real-time data to improve clinical productivity, enable equipment uptime, simplify troubleshooting, and maximize the utilization of clinical assets. With hospital funding challenges and workforce turnover, the more efficient biomedical and HTM teams can be, and the fewer manual processes they have, the happier they will be.

Here are some of the challenges Biomed and Clinical Engineering teams are facing and how we are helping them:

• Locating devices and understanding utilization: Biomedical engineering and HTM teams can spend more than an hour per person per shift locating devices and patient data modules in the hospital. Often, once they finally locate the devices, they discover that the devices are in use and cannot be serviced, patched or updated.  Our new service offering helps eliminate this costly inefficiency, enabling biomed and HTM teams access to connectivity (physical or network) and near real-time utilization details for every device. They can locate specific devices for maintenance or troubleshooting, including GE HealthCare patient data modules and the bedside monitors to which they are connected.
• Visibility into devices and flows: Manual processes to discover and manage device fleets can be inefficient.  With this service, biomed and HTM teams will benefit from automated discovery and classification of devices, visibility into device flows and connectivity, and near real-time and accurate device data that can integrate into their existing CMMS. This reduces the need for biomed and HTM teams to perform labor-intensive and error-prone tasks of walking around hospitals trying to identify devices, their serial number and where they are connected to. Behavior anomaly alerting on traffic flows can help identify compliance issues such as medical devices moving to the guest VLAN.
• Monitoring and troubleshooting Intermittent outages: Biomed and HTM teams may not be aware of devices impacted by communications or performance issues until it’s too late. When medical devices are impacted by downtime, clinical workflows suffer. Essentially, clinicians’ ability to provide quality care is compromised If they are unable to use these devices or access the information they need to do their jobs and treat their patients. As part of the Ordr and GE HealthCare’s service offering, we have developed new application and network monitoring functionality for the CARESCAPE network. Healthcare systems can proactively identify issues before they impact clinical care. An early “diagnosis” of potential issues, along with granular insights for troubleshooting, can eliminate major failures, decrease downtime, and lower service costs.
• Vulnerability management:  When new vulnerabilities are published by manufacturers or software providers, it can take a great deal of time for healthcare providers to determine which of their devices are impacted, slowing their response time. Lack of accurate device data (OS, software version, etc.) can make it difficult to assess risk and identify devices with vulnerabilities. Our service offering enables hospital security and biomed/HTM teams to identify and focus on specific vulnerabilities affecting clinical assets under their management, prioritize vulnerabilities with Clinical Risk Scores, and self-manage the remediation process with simplified workflows and custom tags.

Why Ordr and GE HealthCare Collaboration

“Empowering Biomedical Technicians, Clinical Engineers, and Hospital IT with easy-to-use tools aimed at improving self-managed network security, productivity, and equipment uptime is key to enhancing critical patient care.” said Alla K. Woodson, GE Healthcare’s Global GM, Patient Care Solutions – Services & Consumables. “This network performance and security solution brings together the technology and scale of our two organizations to help ensure that our customers have visibility and access to actionable insights.”

“Hospitals and healthcare facilities rely on GE Healthcare’s CARESCAPE networks to host critical patient care devices, it is of the utmost importance that these networks – and everything connected to them – remain secure and operating at peak efficiency,” added Jim Hyman, CEO of Ordr. “The deep integration of the Ordr platform with the GE Healthcare CARESCAPE network will help give healthcare organizations comprehensive clinical asset visibility, security and performance capabilities they need to optimize and protect their environment of care.”

GE HealthCare’s Service Offering for CARESCAPE patient monitoring networks that harnesses the power of Ordr platform, will be available early this year.  For more details on the offering, contact info@ordr.net.

David Christenson

Senior Director, Service Technology, Patient Care Solutions

David Christenson is Senior Director, Service Technology, Patient Care Solutions at GE HealthCare. He has been with GE HealthCare for over 35 years and has held a number of engineering leadership roles including Engineering Director for both Diagnostic Cardiology and Patient Monitoring businesses, and as a Global Software Manager for the CT/PET business.