Background 

On March 2, 2021, the Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, and Microsoft 365 Security teams released a blog post that disclosed multiple 0-day exploits that were being used to attack on-premises versions of Microsoft Exchange Server. The MSTIC team attributed the campaign to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology and Tactic, Techniques, and Procedures (TTPs). If not already addressed, we would urge you along with the Microsoft team to update on-premises systems immediately. Currently, there are no reports of Exchange Online being affected.

The vulnerabilities exploited are:

• CVE-2021-26855
• CVE-2021-26857
• CVE-2021-26858
• CVE-2021-27065

Who is HAFNIUM? 

HAFNIUM primarily targets entities in the United States across a number of industry sectors which have included targets in legal, higher education, government, and even including infectious disease researchers, policy think tanks, and NGOs.

In the past, HAFNIUM compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, a red team framework for mapping the attack surface of .NET. Once they’ve gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA, an end-to-end encrypted cloud storage and communication platform.

Impact Thus Far 

It has been reported that nearly 30,000 organizations, and as many as 250,000 individual users have been impacted. And, while Microsoft released a patch last week to shore up flaws in its email software, the remedy still leaves open a back door that can allow access to previously compromised servers and perpetuate further attacks by others. The back channels for remote access are most likely to impact credit unions, town governments and small businesses. Microsoft has two resources for learning more and patching:

• Microsoft Exchange Server Vulnerabilities Mitigations
• HAFNIUM targeting Exchange Servers with 0-day exploits

The White House is calling this an “Active Threat” and the President is apparently assembling an emergency group of government agencies as part of a “whole of government” approach.

“We can’t stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted,” the White House official said. 

It is likely time to reconsider on-premise exchange if you have it 

On-premises Exchange is incredibly difficult to manage and maintain from both an IT and security perspective. Exchange is usually tied integrally into a networks authentication sources and typically contains very sensitive data. Exchange has several configuration options that allow for interoperability with devices and services wanting to communicate over email (usually over insecure or basic authentications), however lacks the ability to properly secure these necessary configurations within Exchange itself and instead usually requires other security controls.

From a cybersecurity perspective on-premise Exchange is a nightmare because its complicated, tied integrally into authentication sources like Active Directory, holds very sensitive information, and typically has a large internet facing attack surface, and because of this it has several research teams solely focused on finding vulnerabilities to exploit within Exchange.

One of the best things Microsoft did with Exchange is begin hosting it within O365/Exchange Online and slowly removing support for insecure configurations. This made organizations running Exchange internally to either migrate to Exchange Online and remove the legacy systems and services that are no longer supported because it required insecure configurations, or unfortunately stick with on-premises Exchange and attempt to properly secure it themselves.

To drive the point home Microsoft themselves no longer run on-premises Exchange servers and have migrated the company to Exchange Online.

How Ordr Can Help 

As most organizations have moved to the cloud or at least a hybrid model, we have found there are not many on-premises Exchange servers out there amongst our customers. However, if they are out there, Ordr will be able to detect the devices and will alert the proper workflow based on the associated the CVEs that have been issued.

The past two years have been extremely challenging for healthcare providers. The pandemic thrust healthcare providers into an unprecedented period of transformation. It increased the importance of asset management as medical devices were mobilized and rapidly deployed to deal with the surge of patients. This was followed by the hybrid workforce trend and telemedicine adoption that extended the caregiving environment (and devices) beyond traditional hospital walls. At the same time, cyberattacks like ransomware increased in frequency and severity, reverting many hospitals to pen and paper and disrupting patient care.

The modern healthcare environment now must support the proliferation of connected medical devices that are critical to patient care and operations. Healthcare providers monitor these devices continuously and keep them functioning efficiently but must also protect them against cyberattacks.

Addressing Healthcare Provider Challenges

When Ordr and GE HealthCare first began collaborating, we spoke to several Biomedical & Healthcare Technology Management (HTM) and Security teams about the top challenges they were facing.

From these conversations, we learned there is untapped potential in optimizing healthcare networks with real-time data to improve clinical productivity, enable equipment uptime, simplify troubleshooting, and maximize the utilization of clinical assets. With hospital funding challenges and workforce turnover, the more efficient biomedical and HTM teams can be, and the fewer manual processes they have, the happier they will be.

Here are some of the challenges Biomed and Clinical Engineering teams are facing and how we are helping them:

• Locating devices and understanding utilization: Biomedical engineering and HTM teams can spend more than an hour per person per shift locating devices and patient data modules in the hospital. Often, once they finally locate the devices, they discover that the devices are in use and cannot be serviced, patched or updated.  Our new service offering helps eliminate this costly inefficiency, enabling biomed and HTM teams access to connectivity (physical or network) and near real-time utilization details for every device. They can locate specific devices for maintenance or troubleshooting, including GE HealthCare patient data modules and the bedside monitors to which they are connected.
• Visibility into devices and flows: Manual processes to discover and manage device fleets can be inefficient.  With this service, biomed and HTM teams will benefit from automated discovery and classification of devices, visibility into device flows and connectivity, and near real-time and accurate device data that can integrate into their existing CMMS. This reduces the need for biomed and HTM teams to perform labor-intensive and error-prone tasks of walking around hospitals trying to identify devices, their serial number and where they are connected to. Behavior anomaly alerting on traffic flows can help identify compliance issues such as medical devices moving to the guest VLAN.
• Monitoring and troubleshooting Intermittent outages: Biomed and HTM teams may not be aware of devices impacted by communications or performance issues until it’s too late. When medical devices are impacted by downtime, clinical workflows suffer. Essentially, clinicians’ ability to provide quality care is compromised If they are unable to use these devices or access the information they need to do their jobs and treat their patients. As part of the Ordr and GE HealthCare’s service offering, we have developed new application and network monitoring functionality for the CARESCAPE network. Healthcare systems can proactively identify issues before they impact clinical care. An early “diagnosis” of potential issues, along with granular insights for troubleshooting, can eliminate major failures, decrease downtime, and lower service costs.
• Vulnerability management:  When new vulnerabilities are published by manufacturers or software providers, it can take a great deal of time for healthcare providers to determine which of their devices are impacted, slowing their response time. Lack of accurate device data (OS, software version, etc.) can make it difficult to assess risk and identify devices with vulnerabilities. Our service offering enables hospital security and biomed/HTM teams to identify and focus on specific vulnerabilities affecting clinical assets under their management, prioritize vulnerabilities with Clinical Risk Scores, and self-manage the remediation process with simplified workflows and custom tags.

Why Ordr and GE HealthCare Collaboration

“Empowering Biomedical Technicians, Clinical Engineers, and Hospital IT with easy-to-use tools aimed at improving self-managed network security, productivity, and equipment uptime is key to enhancing critical patient care.” said Alla K. Woodson, GE Healthcare’s Global GM, Patient Care Solutions – Services & Consumables. “This network performance and security solution brings together the technology and scale of our two organizations to help ensure that our customers have visibility and access to actionable insights.”

“Hospitals and healthcare facilities rely on GE Healthcare’s CARESCAPE networks to host critical patient care devices, it is of the utmost importance that these networks – and everything connected to them – remain secure and operating at peak efficiency,” added Jim Hyman, CEO of Ordr. “The deep integration of the Ordr platform with the GE Healthcare CARESCAPE network will help give healthcare organizations comprehensive clinical asset visibility, security and performance capabilities they need to optimize and protect their environment of care.”

GE HealthCare’s Service Offering for CARESCAPE patient monitoring networks that harnesses the power of Ordr platform, will be available early this year.  For more details on the offering, contact info@ordr.net.

David Christenson

Senior Director, Service Technology, Patient Care Solutions

David Christenson is Senior Director, Service Technology, Patient Care Solutions at GE HealthCare. He has been with GE HealthCare for over 35 years and has held a number of engineering leadership roles including Engineering Director for both Diagnostic Cardiology and Patient Monitoring businesses, and as a Global Software Manager for the CT/PET business.

Santa Clara, CA – March 22, 2023 – Ordr, the leader in connected device security, today announced it has joined the ServiceNow® Service Graph Connector Program by integrating its ServiceNow Connector for Ordr with Service Graph, helping customers to quickly, easily, and reliably load third-party data into the system, enabling data quality, timeliness, and scalability.

Connectors validated by ServiceNow’s Service Graph Connector Program integrate the expertise of the ServiceNow partner ecosystem into Service Graph. 

“The Service Graph Connector for Ordr enables tighter integration between two essential solutions that multiple teams and tools depend on to manage and secure connected device deployments,” said Jim Brady, Vice President, Cybersecurity & Risk Management and CISO at Fairview Health Services. “With this new integration, security and HTM teams can operate with high confidence that the asset data they are working with is accurate and complete, so they can operate efficiently, react quickly, and more effectively manage risk at the hospital.”

The ServiceNow Connector for Ordr enables customers to:

• Maintain an up-to-date system of record for all connected devices with automated discovery, device classification, and the collection of granular device details and context.
• Ensure data accuracy with automated reconciliation of real-time device data provided by Ordr and existing device data in the ServiceNow Configuration Management Database (CMDB) to enrich IT workflows, and reduce operational costs with a centralized, accurate source of truth.
• Streamline device management tasks with granular device details and insights to help teams maintain an accurate view of the devices connected to their environment.
• Accelerate security efforts with critical device insights such as vulnerabilities, malicious activity, and active threats to understand device risk and network details.
• Simplify compliance requirements with accurate details for every connected device to help with reporting of device risk, risk management efforts, and other compliance reporting requirements.
• Improve device utilization with insights to help teams understand device load, balance demand, allocate budget, and make data-driven procurement decisions.

“The ServiceNow CMDB is a critical component in our connected device strategy,” said Shawn Fletcher, Sr. Enterprise Architect, Cybersecurity and Digital Solutions, St. Joseph’s Healthcare Hamilton. “ServiceNow integration with Ordr lets us leverage Ordr’s automatic asset discovery and rich device insights to streamline our asset inventory efforts. This has a direct impact on the ability to manage and secure our devices at scale and support the hospital’s goals to deliver outstanding patient care and innovative treatments.”

“Asset inventory is often step one and is at the core of so much that we do with our customers. Without an accurate inventory, helping our customers meet their goals can be challenging, especially when it comes to security,” said Matt Leclair, CEO, Advanced Cybersecurity Experts LLC. “The ServiceNow Connector for Ordr will help us accelerate that first step of achieving accuracy in the ServiceNow CMDB, so we can deliver value faster and ultimately help put them on a path to improve how they manage and reduce risk for their connected devices.”

ServiceNow Service Graph, the next-generation system of record for digital products and services, evolves the ServiceNow Configuration Management Database (CMDB) beyond inventory and asset management. By using ServiceNow Service Graph, IT organizations are empowered with a broad and deep data foundation for managing the entire lifecycle of digital products and services. Service Graph underpins all ServiceNow products, allowing customers to tie together technology, people, and processes into a service-oriented view. This connected approach enables customers to leverage their existing CMDB investment to rationalize portfolios, automate development and cloud operations, manage risk, and understand ROI, driving high-value business outcomes.

“ServiceNow is leading the future of work by creating great experiences for businesses,” said Brian Emerson, VP & GM, IT Operations Management Business at ServiceNow. “We are pleased to have Ordr integrate its ServiceNow Connector for Ordr to help further enhance satisfaction, build trust, accelerate time to value, and reduce risk for our joint customers.”

“Maintaining a comprehensive and accurate asset inventory is critical for all organizations. This can be a challenge in environments with a large number of unmanaged devices like IoT, IoMT, and OT,” said Gnanaprakasam Pandian, Chief Product Officer and Co-Founder of Ordr. “Organizations depend on a comprehensive and accurate view of their environment for everything from device management, incident response, and risk reduction efforts to meeting stringent requirements for compliance and cyber insurance. We’re proud to offer the Service Graph Connector for Ordr to help customers achieve the comprehensive and accurate asset inventory they need to simplify workflows, improve security, and accelerate incident response.”

The Service Graph Connector for Ordr is available now in the ServiceNow store.  

About Ordr

Ordr makes it easy to secure every connected device, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT. Ordr Systems Control Engine uses deep packet inspection and advanced machine learning to discover every device, profile its risk and behavior, map all communications and protect it with automated policies. Organizations worldwide trust Ordr to provide real-time asset inventory, address risk and compliance and accelerate IT initiatives. Ordr is backed by top investors including Battery Ventures, Wing Venture Capital, Ten Eleven Ventures, Northgate Capital, Kaiser Permanente Ventures, and Unusual Ventures. Stay up to date and follow Ordr on Twitter and LinkedIn.

ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. 

As healthcare organizations turn more and more to technology as a way to provide a higher quality of healthcare to their patients, and support skilled staff with a means of improving health outcomes for more people, healthcare technology management (HTM) professionals are finding themselves with a greater responsibility to more efficiently manage and mitigate risks from the healthcare IT estate. That is a huge task for smaller organizations, which means the tools they rely on have to be easy to deploy and use, specialized for defense of the healthcare threat landscape, and capable of reducing the burden of time-intensive tasks through automation.

Announcing Ordr Clinical Defender

That is why we just announced Ordr Clinical Defender, a tool to streamline the management of connected medical devices. Based on our advanced asset and risk management platform, and developed in cooperation with HTM professionals from some of the world’s best healthcare delivery organizations (HDOs), Ordr Clinical Defender will serve as a force multiplier for HTM teams, enabling them to more efficiently, accurately and automatically manage and protect their connected medical devices by:

• Automating real-time asset inventory;
• Addressing compliance by identifying missing, newly-connected, or misplaced devices;
• Mitigating risks by identifying devices with vulnerabilities and recalls;
• Leveraging device utilization insights to support maintenance and procurement decisions; and,
• Accelerating remediation efforts for devices with clinical risks.

The combination of these capabilities means that healthcare organizations can reduce clinical risks by prioritizing remediation of high-risk devices. Organizations can also save millions of dollars by having a real-time inventory of devices, being able to locate missing devices, and optimizing device utilization. Those savings come by reducing the amount of time HTM personnel spend simply looking for misplaced equipment—as much as one hour per shift. Device utilization insights with Ordr Clinical Defender also mean more efficient utilization of medical equipment, and more efficient spending on the procurement of new equipment.

Saving Time and Money

Research has found that there is a discrepancy of between 15-20% between assets registered in an organization’s computerized maintenance management system (CMMS) and devices actually deployed on an organization’s network. That results in inefficient decision making that can impact patient care, and it can also result in the unnecessary purchase of expensive new equipment simply because existing assets are not accounted for by HTM teams.

This lack of visibility increases an organization’s risk and compliance profile because devices operating beyond the visibility of HTM and IT personnel are unprotected and vulnerable to attack. And if a device known to contain a patient’s protected health information (PHI) goes missing, that could constitute a costly data breach. According to the most recent Ponemon-IBM Cost of a Data Breach Report, healthcare organizations incurred an average $9.23 million loss per incident. That figure is by-far the highest of any industry, and more than twice the overall average of $4.24 million.

Developed with HTM Experts, for HTM Professionals

Ordr Clinical Defender was developed with a number of capabilities designed to support the needs of healthcare organizations. Some of these include device-specific reporting and analytics, real-time asset discovery and inventory, automated CMMS data updating, identification of vulnerable clinical equipment, device usage reporting and analytics, guest network monitoring, and management features that facilitate patching, maintenance, and alerts whenever medical devices with PHI have not been seen on the network for more than 60 days.

Ordr Clinical Defender is the product of a collaborative partnership with some of the world’s leading healthcare organizations to develop and deliver a simplified product optimized for the needs of HTM professionals. And because it was developed in cooperation with HTM experts, it has everything HTM and clinical engineering teams need, and no unnecessary extras that might complicate operations. Ordr Clinical Defender means HTM teams have the power of efficient, accurate, and automated medical device management at their fingertips.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Cybersecurity incidents place us in tough spots, and it can be difficult to make all the right decisions. One of the best ways to determine the right course of action for your organization is to understand the tactics that are being used against you. The National Security Agency Director, General Paul M. Nakasone, warns that daily attacks should be expected over the next five years. It’s critical for organizations to be properly prepared. Successful cybersecurity attacks lend valuable information that can be used to formulate new protections—threats are getting smarter, but so is cybersecurity.

Ransomware comes in many shapes and sizes. Although it can be difficult to nail down every caveat of every instance of ransomware, there are certain variants of ransomware that come with hard-learned lessons. Wannacry is definitely in that category.

What is Wannacry Ransomware?

Wannacry ransomware is a form of ransomware, called crypto-ransomware, with worm capabilities that exploits the vulnerabilities in Microsoft Windows Server Messaging Block (SMBv1) protocol to compromise remote systems, spread to other hosts, and encrypt files. The ransom demands payment using the cryptocurrency Bitcoin. Wannacry ransomware propagates through an exploit known as EternalBlue, which was developed by the National Security Agency and stolen by the hacking group known as the Shadow Brokers. It was the Shadow Brokers who released it to the public.

How Does Wannacry Work?

Wannacry ransomware invades and encrypts files that can’t be decrypted unless the attackers hand over the specific encryption key. It also has worm-like capabilities, which enables Wannacry to propagate itself through infected systems to then go on and infect new systems.

Wannacry ransomware is coded in Microsoft’s Visual C++, and therefore, Wannacry targets the Microsoft Windows OS. More specifically, the ransomware targets a SMB v1  vulnerability in the Windows operating system, using an exploit referred to as EternalBlue. Once it gains access through Eternal Blue, it uses DoublePulsar to install itself and execute.

It’s important to note that Wannacry ransomware relies entirely upon EternalBlue exploiting the SMBv1 vulnerability. Before the major global attack, a patch for this vulnerability had already been issued. Having implemented the patch, a system couldn’t be infected by the Wannacry ransomware.

In the original version of Wannacry, there was a built-in kill switch—the ransomware would check to see if it could connect to a specific URL. If the check failed, the software executed. If the check reached an active URL, it would not execute the attack. When this vital information was discovered by security professionals, the URL was quickly registered and brought the attack to a close.

In Wannacry attacks since, there was still an active kill switch, but the URLs are different. However, in Wannacry’s newest evolution, which began in 2021, the ransomware no longer contains a kill switch.

What Was the Global Wannacry Ransomware Attack?

On May 12, 2017 at 3:44 am EST, the Wannacry ransomware attack launched itself on a global scale. The attack lasted for 7 hours and 19 minutes, and was halted by the registration of the built-in kill switch domain that had been coded inside. It compromised more than 200,000 devices in 150 countries and crippled organizations across a plethora of industries.

One of its more catastrophic impacts was the compromise of the National Health Service in Scotland and England. It affected everything from MRI machines, surgical theatres, and blood storage to diverting ambulances. Some other organizations that it affected were Telefonica in Spain, several state governments in India, FedEx, Honda, and the Chinese Public Security Bureau. Overall, the financial losses were estimated to range in the hundreds of millions for those affected by this Wannacry ransomware attack.

How to Prevent and Detect a Ransomware Attack

Ransomware of any kind is a frightening prospect, but big hitters like Wannacry have proven that there are measures to take that can keep systems safe. Even if there’s an initial breach, proper detection can mitigate the damage and lessen the overall impact of the cyber threat incident.

Prevention

Defending against ransomware, especially those reliant on specific exploits, can all boil down to adequate prevention tactics. These methods of prevention are effective against many types of malware, so they provide some best practices for an organization’s cybersecurity defense.

1. Focus on basic principles and drill often

A system is only as good as its foundation. Know your organization’s threat landscape and define critical assets. Implement multifactor authentication wherever possible. Encrypt data and conduct vulnerability testing. Always keep systems patched—Wannacry is a hard way to learn the lesson on the importance of patching.

2. Have a plan

Cybersecurity threats can happen anytime, anywhere, and an organization needs to be prepared and involved in threat prevention. Define security policies and make sure all compliance for the industry is followed. Involve stakeholders and major decision makers. Help everyone to know their part in mitigative risk—it’s truly a company-wide effort.

3. Improve continuously

Security is never stationary. Like the technology it protects, cybersecurity must evolve over time. An organization should look at their security posture and threat landscape as an iterative process. Over time, new vulnerabilities are discovered and patched, or new technology is integrated. It’s essential to continuously evaluate risk and security measures.

4. Implement Zero Trust

Zero Trust rests on the principle of “trust no one”. Implementing least privilege and microsegmentation are key ways to defend against ransomware and other modern malware, or at minimum Zero Trust segmentation policies can stop propagation within the network. Monitor traffic patterns and look for device behavior changes. Modern threats require a modern solution.

Detection

Prevention is one piece of the puzzle, but detection is also important. There are several stages of the cyber kill chain  at which ransomware can be detected.

To enable effective detection:

• Have a comprehensive real-time asset inventory so you know where devices are.
• Use an integrated threat detection engine to monitor traffic, both north-south and east-west.
• Use a machine-learning to baseline normal patterns of behavior for devices to surface anomalous behaviors indicative of a compromised device.
• Integrate with threat intelligence solutions to identify new indicators of compromise.
• Automate policies to quickly isolate infected devices or  mitigate risks from an attack.

Detecting sophisticated ransomware requires a robust security solution like Ordr. Ordr  monitors internal lateral movement and uses known behavioral baselines to detect unusual or suspicious traffic, which could flag early ransomware activity. Ordr profiles every device and maps every device communications pattern If suspicious activity is detected, Ordr can immediately track down and identify the infected asset, track down infection roots and automatically create policies to mitigate risks from the attack.

Be Prepared for a Ransomware Attack

Wannacry ransomware drove home that patching is an essential point of cybersecurity. One exploit led to a compromise that touched 150 countries and over 200,000 devices. Wannacry began as a dangerous crypto-ransomware with worm-like capabilities and a built-in kill switch, and continues to be a risk today as there are a million plus devices that remain unpatched.

In order to protect your organization from Wannacry ransomware and other malware, it’s critical to learn details of the major attacks. Define who, what, when, where, and how a specific attack occurred, and analyze and convert that information into action plans so you can improve your cybersecurity measures and ensure your organization isn’t the next victim.

An advanced security solution can help your organization build its security fortress. With Ordr, you can see all your connected devices and identify those at-risk, practice Zero Trust microsegmentation to reduce the attack surface, monitor traffic using behavioral base patterns and watch for east-west lateral movement, and much more. Ordr helps you understand the purpose and operation of all devices connected to your network, and automates management and security policies to ensure maximal protection. Should you fall under attack, Ordr can help you rapidly isolate and protect infected devices.

It’s not often that, in a high-tech industry like security, a company can pioneer an emerging market, and then continue to lead that market for the next five years. This is why our recognition as a Healthcare IoT Security market leader—for the third straight year—by KLAS Research in its latest report, “Healthcare IoT Security 2022: Moving beyond Device Visibility,” is such a milestone achievement for us.

We are so grateful to our customers who engaged with KLAS and provided feedback to them. We couldn’t have done it without you! Ordr received high marks from customers in the KLAS report for:

• Breadth of functionality beyond just visibility, including abnormal activity identification, traffic monitoring, and device utilization tracking;
• High customer satisfaction rates;
• High value across multiple stakeholders including Security, Clinical/Biomed and IT;
• Helpful training and education offerings, including the Masterclass webinar series;
• User interface enhancements; and,
• Strong technical background of the Ordr team in security, healthcare and networking.

There are several aspects of the report that are important to highlight.

1.     3-Time Leader with High Customer Satisfaction Rates

In 2019, when we first appeared in the KLAS report, the market was just emerging. In November 2020, we were named a market leader for the 2^nd time. In 2022 again, we’re named a market leader. In the same report, KLAS highlighted our client list transparency.

For healthcare organizations, we emphasize the value of working with a partner with a consistent track record of leadership in healthcare. That consistency and focus is something we’re really proud of.

2.     Evolution of Our Customers from Visibility to Risk Insights and Security

Customers interviewed celebrated Ordr’s ability to provide value beyond device visibility. In its report, KLAS noted that, “Ordr customers (often very large health systems) use the platform to do more than simply see what devices are connected to their network—they also track device utilization, identify abnormal device activity, and monitor traffic.”

This is an important distinction.

As an early vendor in this market, working with so many large healthcare system customers over the last couple of years, our customers have moved beyond visibility (“See”) towards the “Know” and “Secure” part of their connected device security lifecycle. Many healthcare customers utilize Ordr as the source of truth for both device and network context as well as flow level analytics for policy generation. Our customers depend on us for critical risk and clinical insights, and we’ve successfully implemented Zero Trust policies to support their initiatives.

The KLAS report also celebrated our ability to deliver high value across the domains of different stakeholders. Observe the broad range of ways different users within a healthcare organization – Clinical/biomed engineering, security and networking– are using Ordr in these KLAS customer insights, and the outcomes we’ve delivered:

“On the clinical engineering side, the value of the product comes from utilizing the product. We look at whether things are performing as expected or whether the system requires patching. We can get patches from the vendor, but we may miss something, and that makes things very difficult. With Ordr’s system, we can identify which things have been patched and which haven’t. We are also feeding the data into the asset management tool so that we know exactly which systems are involved in our work. The data is very rich and useful.”

“I would definitely recommend the system. The major strength is complete visibility into the endpoints for the traffic that we send through the solution. That will assist us when we get into a more stringent RADIUS authentication requirement for our wired network. Another strength is the ability to see exactly what a device has talked to from either a profile view or a specific device view. We can see what ports were used, how many times the communication happened, and what the date and time were. We can get a rather slick visual representation of that and easily export it.”

“The biggest outcome is a significant decrease in the amount of incident response time. We have used Ordr Platform as a part of our incident response with ransomware. Because we couldn’t run our antivirus on our machines, we were able to go in and identify the specific machines in Ordr Platform and provide a picture to the field support. The network engineers had already logged in to Ordr Platform, saw the traffic, and then killed the port so that it couldn’t communicate. That was very handy so that when a field support person walked into the room, they knew exactly where they were going. We were able to get the medical devices back up and running on our network and segmented really quickly. Ordr made that quick turnaround happen. We have factored the utilization of Ordr Platform into our incident response plans. We have been able to reduce our response time by hours. We already had a really robust response time and plan, and the system sped things up significantly.”

3.     Preferred by the Top Healthcare Delivery Organizations (HDOs)

Top healthcare organizations, including 3 of the top 6 HDOs in the world use Ordr. Addressing the needs of these large and sophisticated healthcare organizations is NOT easy and requires a mature product that can meet requirements of accuracy, scale, resiliency and reliability. Our customers have higher levels of expectations with Ordr and we are a critical part of their mission critical security journey. Designing a system to discover 15,000 connected devices for asset inventory in a single hospital is far different than designing a solution for 500,000 devices across an entire healthcare system, delivering granular profiling, device flow mapping, clinical and security risk insights, and segmentation policies.

We are proud of the fact that as we continue to evolve our product and through our many years in the market, we continue to receive some of the highest ratings and deliver the highest levels of transparency to KLAS.

And when it comes to delivering value for healthcare providers, we are just getting started. Stay tuned to this space to see what’s coming next from Ordr.

Danelle Au

Danelle Au has more than 20 years of experience bringing new technologies to market. Prior to Ordr, she was CMO at Blue Hexagon, a deep learning for malware protection company, and CMO at SafeBreach where she helped build the marketing organization and and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. Patents. She has an MSEE from UC Berkeley

In recognition of International Women’s Day, we spent some time with one of Ordr’s many talented female employees: customer success escalation engineer Pallavi Raj.

Pallavi, who began her career at Ordr as a software engineer, has been with us for what she describes as an “enriching one year and four months.” Before coming here, she earned an MS in biotechnology/bioinformatics from Georgetown University, and an MS in MIS (information systems) from the University of Colorado, Denver, Business School. Impressive educational accomplishments.

Prior to pursuing her advanced degrees, Pallavi worked as a content editor with a multi-channel health and nutrition media company responsible for managing connected TV channels like Health Smart, which sparked her interest in information technology. Then she moved on to become a portal manager and digital business operations analyst at Blue Shield of California, playing an instrumental role in launching native mobile apps for both android and iOS customers of Blue Shield.

Those hands-on experiences gave her an understanding of the many facets of technology’s influence on business, and especially in healthcare, that would come into play in her current role at Ordr.

Ordr: What drew you to a career in tech?

Pallavi Raj: As the saying goes, “A person does not gain knowledge by merely possessing an insatiable thirst for it, but by seeking for the means to quench it.” Being a staunch advocate of this philosophy, I strongly stand by the fact that, to shine in an innovative workplace, one should always aim for the perfect combination of analytical and technological proficiency, coupled with a scientific mind and leadership qualities.

Belonging to a family of software engineers, doctors, and technology entrepreneurs, I was always inclined towards being part of the technology domain. I went ahead and earned my master’s in biotechnology with a bioinformatics track from Georgetown University. This course of study exposed me to the amalgamation of biological sciences and information technology, and to the boundless data science possibilities this blend could bring.

Ordr: What was it that drew you to pursue a role at Ordr?

Pallavi: I went on to pursue another MS in information systems to gain momentum in the IT industry. This education proved extremely beneficial in comprehending cybersecurity principles, advanced networking concepts, and database management, as well as the full scope of other technology and management courses that I took during my time at University of Colorado, Denver. The degree was a blend of technical concepts with cybersecurity concentration and managerial concepts focused on business intelligence and programming.

Ordr provided me the golden opportunity to incorporate both my professional experience and academic attributes. Working at Ordr has brought me one step closer to understanding how to develop various skills that could help in harnessing the power of technology, while applying what I have learned in a highly innovative environment.

Ordr: Who has served as a mentor for you, and how have they influenced your career to date?

Pallavi: For me, mentoring means inspiring, guiding, and spearheading the right skills at the right time by the right people. Some of the influential mentors in my life have been my brother who is a senior executive at Amazon; my husband, who has a great deal of rich experience working in the technology sector; and my parents, who are doctors and professors, and have always encouraged me to be an empowered technology talent.

Ordr: How has your experience at Ordr influenced your perspective on tech?

Pallavi: Organizations face a vast array of emerging cybersecurity and vulnerability management challenges, and a higher risk of security breaches due to increased adoption of IoT and other connected devices. Ordr addresses these issues with an innovative mix of artificial intelligence and network packet analysis to support a zero-trust posture for our customers. And in addition to security, we also deliver vital extensive asset management, continuous visibility, and segmentation capabilities. Seeing this from the inside has given me a new perspective and appreciation for what’s possible with a well-designed technology framework.

Ordr: What have you learned in your time here that has surprised you?

Pallavi: One of several surprising elements of my journey at Ordr so far has been observing how the company has not only risen to become a world-class leader in healthcare security, but continues to innovate to do more. Our customers are managing hyper-connected enterprise architectures, and we support them by leveraging machine learning technology where real-time data gets generated, processed, and classified at a humongous scale.

What Ordr has achieved not only in healthcare environments, but for manufacturing, financial services, and critical infrastructure operators around the globe by discovering, identifying, and securing IoT devices against cyber threats has been an incredible learning experience for me.

Ordr: What is the biggest non-technical strength that you bring to your role as a customer success escalation engineer?

Pallavi: I have always been an advocate of expanding my versatility in different areas that can help me to foster positivity and productivity. Having recently assumed a new role here as a customer success escalation engineer, I can apply my problem-solving, self-starter, and communications skills on behalf of our customers to ensure their satisfaction. I believe my optimistic approach towards feedback, my ability to work collaboratively, and my love of lifelong learning are my biggest strengths.

Ordr: What advice would you give to yourself if you could go back to when you were in high school?

Pallavi: I would tell my younger self, “Don’t be afraid to listen to your inner self when it comes to choosing the difficult and challenging path. It might sound risky, but it will lead down a road with unique possibilities and immensely proud accomplishments.”

Ordr: What is your proudest achievement outside of the workplace?

Pallavi: I am proudest of my flexibility in transitioning from a biological background to the IT sector. Finding solutions to difficult problems has always been a strength, and my background dealing with and researching data, and having an experimental mindset, played a crucial role in changing gears for my career.

Danelle Au

Danelle Au has more than 20 years of experience bringing new technologies to market. Prior to Ordr, she was CMO at Blue Hexagon, a deep learning for malware protection company, and CMO at SafeBreach where she helped build the marketing organization and and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. Patents. She has an MSEE from UC Berkeley

It’s an exciting time at Ordr. Since securing our Series C funding in June we’ve been growing and building for a future that relies more and more on connected devices. Ordr’s mission is to protect those connected assets, and we execute against that mission passionately each day by building the world’s most accurate and complete device context repository using network intelligence.

Many factors are now coming together to drive the next level of growth for Ordr:

• Our connected device security market is growing rapidly.
• Our balance sheet is stronger than ever, fueled by our customer growth and the support of our investors.
• Our product-market fit is seamless.
• Our team is more energized than ever.

On top of this durable foundation, we welcome a leader who will lead Ordr to greater heights. I want to personally extend a warm welcome to Jim Hyman, our new CEO.

Thank You, Greg Murphy

Greg Murphy led the company for the last four years and has been an integral part of our success. I want to thank Greg for all his contributions to Ordr. It is difficult to fully convey our appreciation and gratitude to Greg in simple words, but his consistent thoughtfulness and emphasis on teamwork will continue to reverberate in our hallways. The business momentum, along with the customer-first culture established under his exceptional leadership is woven into our core values and sets us up for the next growth phase.

Greg has truly positioned the company for future success, and we are immensely proud of our work to solve very complex security problems for our customers. Under Greg’s leadership we built an unrivaled security platform from the ground up, with rich features and a flexible open interface, on the foundation of a modern tech stack. Today, Ordr has an impressive and growing list of leading healthcare and enterprise customers using our products to safeguard their devices, their networks, and their entire business. These organizations- some of the world’s largest–validate our approach and strategy every day.

Welcome, Jim Hyman

Jim Hyman joins us at this important time, bringing an incredible background and deep experience to spearhead Ordr’s mission and supercharge our growth. Jim has taken businesses like ZScaler, Trusteer (acquired by IBM), and IronPort (acquired by Cisco) from the initial stages to business success. Most recently, Jim was the COO & CRO of Synack, a crowdsourced security company and undisputed leader in its space. Jim is a world-class executive with expertise in go-to-market execution and operations strategy, and brings to us a passion for customer success and growth.

I am excited about our next transformational stage and look forward to partnering with Jim as we execute our mission, accelerate our growth, and rapidly expand Ordr’s use cases for multiple personas across our target verticals. We will continue to build the world’s most formidable data lake—the Ordr Data Lake—to become the single source of truth for connected devices. We remain committed to innovation, creativity, and problem-solving for our customers.

Welcome to Ordr 2.0

Our partner-centric and customer-first culture will continue to be a priority, supported by our exceptionally talented and passionate team. I feel fortunate to be at a company in the leading position of a dynamic and growing market. More than ever, now is the time to accelerate our growth with Jim leading the charge.

I want to personally thank you all for your support over the years as we put our heads down to take our business to the next level. Welcome to Ordr 2.0!

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.