Ordr’s See, Know, Secure Approach to Connected Device Security is Ideal for CPS Protection

As IT estates and their attack surfaces grow in complexity, cyber-physical systems (CPS) are getting more attention from cyber security professionals. Because organizations across all verticals  are adopting CPS to run operations more efficiently, connected devices are becoming more and more abundant. Some reports predict the number of Internet of Things (IoT), Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT) and other emerging specialized (XIoT) devices that populate sprawling corporate networks will exceed 24 billion by 2030. Those devices represent a critical interface between traditional IT and the hyper-connected sensors, controls, and other operational technologies (OT) comprising CPS these days.

Our own Chris Westphal blogged about cyber-physical systems recently, offering some background on what they are and identifying some of the security challenges associated with protecting them. A newly updated report by Gartner, 3 Initial Steps to Address Unsecure Cyber-Physical Systems, goes into more detail to help organizations struggling to understand their CPS infrastructure and establish a strategy to keep their CPS secure.

Threat Actors are Aggressive

The report makes it clear that threat actors are aggressively exploiting vulnerabilities inherent with CPS technologies and the threat to those organizations unprepared to defend them. In fact, Microsoft recently uncovered a “a sophisticated attack campaign” targeting IoT devices, while other new security research suggests malware targeting IoT devices has increased 700% since 2020.

As IT and OT converge, cybersecurity leaders need to identify their attack surface across both environments. Gartner’s report cites examples of attacks against organizations in healthcare, critical infrastructure, manufacturing, and public utilities illustrate the risks beyond cyber with potential impact  to individuals, public safety and economic stability, and serve as a warning to organizations relying on traditional IT security approaches. The report’s author, Gartner analyst Kattell Thielemann, puts it this way:

“Business-led Internet of Things or converged OT-IT projects have largely underestimated or ignored security and safety risks. Security and risk management leaders must go beyond data security by embracing cyber-physical system security efforts, or they will soon be overwhelmed by new threats.”

A Strategic CPS Security Foundation

That dire warning comes with the promise that, by taking the time to understand CPS infrastructure from a risk management perspective, CSOs, CISOs, and other security leaders can implement effective strategies for protecting those systems. Formulating a CPS security strategy starts by:

• Prioritizing discovery of all elements of the CPS environment;
• Anchoring security goals and policies based on insights derived from device data and industry-specific requirements like regulations and threat intelligence; and,
• Focusing on building maturity into the strategy based on an evolving Zero Trust approach.

Here at Ordr we call it a “See, Know, Secure” model for protecting connected devices, and the capabilities enabled by our platform dovetail well with the needs of organizations with CPS infrastructure. That’s because Ordr quickly discovers all CPS elements operating in the network, including those that were previously unknown or that connect and disconnect outside the control of IT management. This discovery happens in real-time, so there are never any blind spots.

Once discovered, we classify, map communications, analyze behavior, and assign a risk score to each device based on the data in the Ordr Data Lake—the industry’s most complete library of connected device intelligence. Our data lake is populated with millions of individual device profiles, including rich detail on each. We know their deterministic operational parameters, disclosed vulnerabilities, normal communications patterns, and other essential context that allows you to set policy.

A Potent Combination for CPS Protection

That combination of insight and capability supports automated responses whenever indicators of compromise are detected; and that means your network security gaps are identified and closed. Whether a CPS device is the vector, target, or in the path of an attack, Ordr can detect it and either stop it or help contain the spread.

The speed, complexity, and unique technical challenges endemic to cyber-physical systems operations means that legacy security tools and strategies are severely limited when applied to CPS infrastructure. Gartner recommends that CPS security “focus on safety, reliability, resilience, adaptability, and privacy.”

The Ordr platform is ideally suited to address these challenges. Learn about best practices to secure cyber physical systems to help you better grasp the complexities and establish a CPS security strategy that meets the needs specific to your organization.

In yet another sign that the vulnerability of the internet of things (IoT) is becoming a priority issue for both healthcare organizations that are adopting connected medical devices, and for a U.S. federal government concerned with mandating a stronger cybersecurity posture for America’s critical infrastructure and at-risk industries, Congress is now considering the bipartisan Protecting and Transforming Cyber Health Care (PATCH) Act of 2022. The PATCH Act (HR 7084) was introduced in the House of Representatives on March 15, and its companion bill (S 3983) was introduced in the Senate on March 31.

Intended to strengthen the security of connected medical devices—also known as the internet of medical things (IoMT)—the PATCH Act would compel medical device manufacturers to demonstrate that their products meet certain minimum security requirements before being approved for use. Among the mandatory measures:

• A plan to monitor, identify, and address vulnerabilities and exploits within a reasonable time once devices are approved and in use;
• A plan to coordinate communication and disclosure of any discovered vulnerabilities with the Food and Drug Administration (FDA);
• Processes for patching vulnerabilities and other needed updates throughout a device’s entire lifecycle; and,
• Disclosure of a software bill of materials (SBOM) to the FDA and device users.

The Threat is Real and Rising

The healthcare industry is among the most frequently targeted by threat actors, and heavily reliant on connected medical devices. One recent study found that as many as 75% of all medical devices contained at least one vulnerability, and another study found that the average hospital has an inventory of more than 3,850 IoMT devices. And, according to industry reports, 49% of smaller medical organizations don’t have a cyber-attack response plan in place, 679 U.S. hospitals were breached by cyberattacks in 2021, and the U.S. Department of Health and Human Services issued a warning that cyberattacks are likely to rise as cybergangs and state-sponsored hacker groups increase activity as a result of ongoing conflict in Eastern Europe.

Poor security and inadequate vulnerability disclosure is not just an issue plaguing the IoMT.  EE Times recently reported that, across all use cases, the security of connected devices is a major concern, and that manufacturers of such products are not reporting known issues and vulnerabilities with their goods. Our research report—Rise of the Machines 2021: State of Connected devices — IT, IoT, IoMT and OT—found that, in addition to IoMT, healthcare networks are populated with devices like Pelotons, smart speakers, game consoles, vending machines, and many more unmanaged devices, compounding security challenges.

PATCH Act and Action Needed

Ordr supports the PATCH Act and its goals of increasing security for healthcare organizations and the welfare of the millions of patients who rely on them for treatment. However, hospitals and other healthcare organizations cannot afford to wait for the PATCH Act to take effect if it ever becomes law. The threat to their IT networks is real and present. We recommend the immediate adoption of a number of security best practices to effect stronger security now, and to increase readiness and resiliency in the event of an attack. These include:

• Implement IoMT, IoT, and operational technology (OT) device discovery to compile and maintain a real-time inventory of devices: You can’t protect what you don’t know about. Security starts with real-time visibility of exactly what you have in your network and how those components are communicating in the network.
• Monitor all devices for suspicious behavior: Unlike most IT systems and software, medical devices, and many IoT and OT devices have deterministic functions. Any deviation from normal patterns can be an indication of attack or compromise. Using machine learning to baseline normal device behavior can ensure rapid response and threat mitigation.
• Track who is using your devices: By tracking and associating devices to users, you can identify compromised devices and also potential account misuse.
• Implement Zero Trust segmentation for vulnerable devices that cannot be patched: Zero Trust segmentation policies can keep these devices in operations by allowing “normal communications” required for its function, while limiting exposure.

Ordr, an unprecedented three-time leader in healthcare IoT security as determined by the independent KLAS Research, has the tools and expertise to help healthcare organizations see, control, and secure their entire connected device inventory. The Ordr platform is trusted by many of the world’s leading healthcare delivery organizations. You can trust us to protect your healthcare organization, too.

As we wrap up Cybersecurity Awareness Month, it’s worth noting that the final week’s theme is “The Future of Connected Devices”.

The theme seems timely as this is also the same week that CISA issued an advisory on an imminent ransomware attack against healthcare organizations. In the advisory, CISA, FBI, and HHS said they had credible information that malicious cyber actors were targeting the healthcare vertical with Trickbot malware, “often leading to ransomware attacks, data theft, and the disruption of healthcare services.”

Cyber attackers thrive on confusion and chaos, and it is clear that they are taking advantage of the current rise in COVID-19 cases.  As hospitals scramble to respond to the increase in cases, they are  deploying more medical and IoT devices that are potentially vulnerable to cyberattacks. We now know that attacks not only impact the bottom line (example ransomware payments) but can disrupt facilities in ways that may be fatal to patients.

Which brings us back to this week’s theme; it’s clear the future of connected devices is a critical problem that needs to be addressed. While this week’s headlines are about vulnerable healthcare organizations, IoT devices are so pervasive that securing them is a challenge that needs to be addressed in all industries. The future of connected devices requires collaboration among three entities – manufacturers of these devices, IT and cybersecurity teams, and IoT security vendors (like Ordr).

IoT Device Manufacturers

IoT device manufacturers play a key role in the future of connected devices. If more devices are built with security in mind, we can eliminate some fundamental issues such as insecure software stacks (that led to Ripple20 vulnerabilities), generic default passwords, or unsecured backdoors on devices.

Requirements are being built into government and industry standards. NIST has been working on a draft of foundational security functionality that needs to be built into products. The FDA now has oversight of medical device security. And, on September 14th, the House of Representatives voted in favor of the IoT Cybersecurity Improvement Act of 2020, that will establish minimum security standards for Internet of Things devices owned or controlled by the Federal Government.

Additionally, there are several IoT industry standards being worked on by the IoT Security Foundation, the IEEE, the Trusted Computing Group, the IoT World Alliance and the Industrial Internet Consortium Security Working Group.

IT and Cybersecurity Teams

IT and cybersecurity teams need to prioritize the security of connected devices in their network for two reasons. First, these devices are typically critical to their business and any issues will impact operations. Second, the massive volume of these devices, compared to managed endpoints such as laptops and servers, means that there is a massive attack surface that is new.

In order to successfully implement an IoT security program, IT and cybersecurity teams need to work with connected device owners that can range from biomedical and HTM teams, and physical security teams, to facilities or IT Operations teams. They also need to consider a comprehensive device security lifecycle for every device their bring into their environment, and demand the highest levels of security from manufacturers.

IoT Security Vendors

IoT security vendors need to continue to innovate because IoT devices will continue to have security shortcomings. Even if security standards forced device manufacturers to adhere to security standards today, many legacy devices will continue to exist.

Ordr is playing our role in making sure that our platform is easy to deploy, supports visibility and security of all devices – IoT, IoMT, OT, and can deliver value to all stakeholders. We’re also innovating with AI — the Ordr platform was built to have the resiliency to respond at the speed and scale necessary to deal with the massive volume of IoT devices. Our machine learning technology enables us to classify devices in a way that does not require manual intervention, allows us to baseline “normal” device behavior and automate action.

In summary, the future of connected devices holds tremendous promise for many industries. However, in order to truly realize the promise of these devices requires security. This is where multiple factors are required for success — collaboration across government and industry on regulation and standards, commitment from device manufacturers to build security into design, prioritization by IT, security and device owners security teams on IoT security projects , as well as continued innovation by IoT security vendors. The future of connected devices requires that we do this on an accelerated timetable to cope with the massive growth of IoT devices expected in the next 5 years.

Modern networks can be wild, unruly places populated by an ever-changing set of endpoints. There is no way to guarantee that a device can be trusted by default, because you can never be sure where a new device on your network originated or what’s running on it. That’s why the concept of zero trust network security is an effective replacement for outdated perimeter-based security strategies that segment trusted devices from the public Internet.

Instead of a one-and-done security check (i.e. user ID/password), zero trust security requires continuous validation for access as a user moves around a network regardless of their physical location and relationship to an organization.

Keep reading for tips on how and why to implement zero trust security, especially on networks that include unmanaged IoT devices, as well as best practices for achieving zero trust security, such as network segmentation.

What is zero trust network security?

Zero trust security is summed up as a principle of “never trust, always verify.”

In other words, a zero trust architecture means that whenever a new device appears on a network—or an existing device’s configuration changes—the device has no access to the network or the hosted resources until you have verified that the device should be granted access.

Zero trust security applies not just to devices that originate from outside a local network, but also those that appear inside it. Just because a business has a subnet that is firewalled off from the Internet—or a network running on a private IP address range—doesn’t mean that an employee could not bring an untrusted device online on that network, for example, or that an intruder who previously breached the network perimeter can’t deploy a malicious host on an internal network.

Zero trust principles and technologies

Zero trust security is founded upon several principles and practices, which help enforce the policy of not granting network access to devices until they are deemed trustworthy.

Inside and outside threats

Zero trust applies to devices regardless of whether they originate on a public or private network. You can’t rely on firewalls or private IP addresses as a way of guaranteeing that a device can be trusted. Instead, you must identify each device that exists on your network and ensure it can be trusted before you grant it access to network resources.

Least-privilege access

Determining that a device is trusted doesn’t mean granting it unfettered network access. Instead, adhere to a policy of least-privilege access, which means granting the device only the minimal access privileges it needs to operate. Don’t allow the device to run with open ports for services that aren’t actually necessary for the device to perform its function, and don’t allow network traffic among devices unless there is a reason for them to communicate with each other.

Multi-factor authentication

When you do grant access to network resources, enforcing multi-factor authentication (MFA) helps to mitigate the risk of abuse or privilege escalation by making it harder for intruders to steal or spoof access credentials. MFA is a security enhancement that allows a user to present two or more pieces of evidence when logging in to an account. These credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Credentials must come from two or more different categories to enhance security—so entering two or more different passwords would not be considered multi-factor.

Microsegmentation

Microsegmentation refers to the practice of granting access privileges to each device on a highly granular basis. Rather than applying blanket access-control policies to all devices of the same type, or across an entire subnet, you must adopt policies that are tailored to the individual needs of each device on the network.

By adhering to these principles, your business can put a zero trust network security into practice.

How to implement zero trust security

The previous section discussed high-level concepts that are a core part of zero trust security. Now, let’s take a look at specific practices that help in implementing a policy of zero trust.

Get visibility into the device attack surface

You can’t effectively determine access policies or assess whether devices can be trusted unless there is complete visibility into the devices that exist on your network.

Complete visibility means not only knowing where devices exist by listing IP addresses, but also establishing what each device consists of, such as:

• device make
• operating system
• location
• application/port usage
• vulnerability data
• FDA/device manufacturer alerts

It also means being able to quickly identify devices that:

• have outdated operating systems
• have FDA recalls
• are banned by governing bodies

Gaining this level of visibility requires constant scanning of your network in order to be aware of new devices as they come online, and also to know about changes to the state of existing devices. If a previously trusted device changes its IP address or opens a new port, for example, zero trust security requires you to assume the device can’t be trusted until the security of its new configuration is verified.

Identify at-risk devices

As you identify and assess the devices on the network, assign a risk score for each one. This evaluation reflects information about device details—such as which services it is running and when its software was last updated—as well as behavioral data about how the device seeks to interact with other devices.

By determining the risk level of each device, you gain a stronger sense of how much access to grant it, and whether to allow the device to access resources on a temporary or permanent basis.

Devices determined to be high-risk should be segmented entirely from the network. Those that are medium-risk may be granted access to basic services, like connectivity, but not access to protocols that could be easily abused, like telnet or SSH.

Remember, too, that risk assessment is not a one-time affair. You must continually reassess risk and recategorize the risk-status of each device if its configuration changes.

Understand device communication needs

In order to determine what level of access to grant to devices on the network, you must know each device’s purpose, and the resources it needs in order to perform its function.

With this visibility, you will know which protocols and ports to allow for each device. You can also granularly configure other endpoints each device is allowed to access.

Note, too, that just because a given port is open on a device, or it is running a particular kind of service, doesn’t mean it actually needs that port or service to be available. Don’t trust the device itself to tell you what it needs; instead, perform systematic assessments using centralized monitoring tools that provide insight into what each device requires.

Dynamically segment devices

It is not enough to apply access policies across an entire subnet or category of devices. Instead, perform microsegmentation by enforcing access policies tailored to each device, which govern the resources each device can and cannot access.

Access policies should be dynamic and updated constantly as device requirements change. For example, a device that needs to access network-attached storage in order to upload data should be granted access while the upload takes place, then have that access revoked when it is no longer necessary.

Continuous monitoring

New threats can emerge constantly, and you must monitor devices and network configuration on a constant, ongoing basis. Policies that suffice to mitigate security risks in one moment may be outdated the next.

Your ultimate goal should be to ensure that devices do only what you want them to do, only when you allow them to do it.

What are the benefits of zero trust network security?

By implementing a zero trust security policy, you gain several critical benefits:

Reduce business risk

By helping to prevent attacks that could disrupt workflows or take critical systems offline, zero trust security minimizes the overall risk to business continuity.

It also helps to defend against ransomware attacks, data theft, and other threats that can have steep financial and reputational consequences for the business.

Lower breach potential

Zero trust security ensures that devices are isolated and segmented by default. Even if attackers are able to deploy a malicious device on the network, or take control of one that is already deployed, damage is minimized if the device lacks access to network resources.

Consistency

With zero trust network security, you gain a consistent security process that applies to all devices across all components of your network. Zero trust security simplifies management by eliminating the need to enforce different policies in different contexts, or manage multiple monitoring and access-control systems.

Your end-users also benefit from consistent, streamlined security policies like multi-factor authentication, which provides an extra layer of protection even for users who fail to set secure passwords.

Getting started with zero trust

Implementing a zero trust architecture requires systematic, centralized visibility into the location and status of all devices on your network. Device information must be available in real time and updated continuously as the network changes.

While the implementation details will vary depending on specifics such as which types of devices you are managing and which software stacks are running in your network, Ordr Systems Control Engine (SCE) provides the centralized visibility you need for tracking both managed and unmanaged devices in your current environment. SCE automatically discovers and assesses each device on the network, then enforces an appropriate security policy. Ordr also automatically learns the unique communication patterns of each device in order to provide another layer of visibility into the security context of the network.

The Boy Who Cried Wolf is a story we’ve all heard many times in our lives.  It’s a story that originated in ancient Greece, an original fable of Aesop.

It’s been told many millions of times, in countless languages and undoubtedly with endless cultural variations.  Yet the core message of the fable remains: repeating false or hyperbolic threat information repeatedly serves to diminish significantly the response to the threat with each retelling; eventually and predictably, responses simply cease – creating a situation of great peril when actual danger appears.  The fable is thousands of years old, but its message is startlingly applicable for today’s enterprise IT and security teams.

In the modern enterprise, teams are presented with an exaggerated array of hysterical alarms and alerts on which they are expected to act – yet few have the time and resources to actually do so effectively. And with the high probability of false alarms coming from multiple applications at a rapid pace, it is increasingly difficult to effectively identify and prioritize those that need immediate response.  Even more concerning, staff resources are overwhelmed with addressing and assessing these alerts, reducing their ability to respond with urgency to every real threat. The alerts can become noise, and the entire enterprise is put at great risk.

Couple this fact with the explosion in quantity and heterogeneity of network-connected devices – the Hyper-Connected Enterprise– and it’s clear that we’re at an important tipping point in enterprise network security.  Traditional agent-based and human-generated security models simply cannot scale.  And the answer, despite what every new threat detection vendor tells you, is not in deploying more systems that create more alerts and further tax your already depleted resources.

The answer is, however, quite simple:  take control of the intelligent security infrastructure you already have, and utilize it to regulate and protect your network on your terms.

We’re proud to introduce the Ordr Systems Control Engine (SCE) app now available on Cortex by Palo Alto Networks.  In just a few minutes of configuration, Palo Alto Networks customers can begin to implement comprehensive, agentless security policies that utilize their best-in-class Palo Alto Networks Next-Generation Firewall infrastructure to regulate and protect every device connected to their enterprise network.  These policies can improve the perimeter protection of the enterprise by utilizing Palo Alto Networks next-generation firewalls at the network edge, and can significantly increase the security of the entire network – and prevent any East/West propagation of nefarious activity – by utilizing additional Palo Alto Networks next-generation firewalls inside the network protecting critical assets.  This AI-based policy automation and implementation can also segment and protect systems and processes by function, keeping facilities and physical security devices separate from the business-critical data infrastructure, for example.

The cloud-based Ordr SCE app seamlessly and immediately – without the need for any additional hardware such as sensors or analyzers – taps into the massive Cortex Data Lake to automatically identify and classify every device connected to your infrastructure.  Every device, such as IP cameras, HVAC control systems, access badge scanners, self-service kiosks, digital signage, infusion pumps, CT scanners, manufacturing control systems, barcode scanners…EVERY device.  Even the devices that find their way into your environment without your knowledge, like popular employee-owned devices such as Amazon Echo and Apple iPad.  The quantity and variety of these devices is almost unimaginable in the enterprise today…and it’s going to grow by orders of magnitude into the future.

The Ordr SCE not only identifies every device, it provides incredible granularity on exactly what every device is and precisely what each is doing.  We call this mapping the Device Flow Genome, a collection of incredibly valuable data that gives you the power to intelligently design and implement policies that are essential to the security of your organization.

Once you have this level of detail on what’s connected to your network, and what each is doing – and should be doing – the Ordr SCE gives you the power to take control of this vast array of devices to ensure effective protection today and into the future.  The Ordr SCE gives you powerful policy automation to regulate the behavior of every class of device so none are able to communicate in such manner – either inside or outside of your network – that exposes them to risk and vulnerability. And the Ordr SCE gives you the power to fully secure each class of device by implementing micro-segmentation and threat remediation policies with sophisticated and actionable artificial intelligence.

All without any software on or need to physically touch the connected devices. All utilizing the best-of-breed Palo Alto Networks next-generation firewall infrastructure you already have.  All with the power of Cortex, the industry’s only open and integrated AI-based continuous security platform.

Take Control. Visit the Cortex hub today to learn more about the Ordr Systems Control Engine app and contact us for more information.

SANTA CLARA, Calif., February 17, 2021 — Ordr, the leader in security for all connected devices, has been named a Representative Vendor in the 2021 Gartner Market Guide for Operational Technology Security.

The Gartner Market Guide identifies the convergence of IT and OT, calling for the need to address identifying all network connected devices, understanding how they are communicating and properly assessing the risks associated with them.

According to Katell Thielemann, Wam Voster, Barika Pace, and Ruggero Contu (the authors of the report), “Gartner end-user inquiries suggest that, across all industry verticals except for the most highly regulated, about 60% of organizations are still in the awareness phase, about 30% are in the discovery to firefighting phases, and only about 10% are truly in the integration and optimization phases. The proliferation of OT in a wide number of different verticals, ranging from medical to fast-moving consumer goods, and critical infrastructure further complicates the situation.”

As described in the report, the OT/CPS security journey aligns with six key phases. “Once they enter the “Oh Wow!” Phase [3], organizations realize that security — whether IT, OT, physical or supply chain — needs a whole-of-enterprise focus. Historical IT and OT functional differences are becoming a liability when security is involved. Due to design, age or function, the unique requirements of OT systems now add to IT security concerns in ways that can no longer be ignored. Modernization efforts bring risk, reliability and safety discussions to the forefront. As a result, leading organizations are starting to elevate OT security requirements into their enterprise risk management (ERM) efforts by adopting an integrated security strategy across IT, OT, CPS, physical security and supply chain security.”

Phase 3. “The “Oh Wow!” Moment: Invariably, proof of concepts (POCs) become eye openers. For example:

• Unmanaged assets are connected everywhere.
• OT networks that were initially designed to be highly segregated have become flatter than realized.
• Ports on all kinds of systems in all kinds of remote locations are wide open.
• OEMs are accessing the machines they sold remotely and no one is managing it.
• Disclosed vulnerabilities on old OSs have never been evaluated for possible patching.
• The functional silos between separate security disciplines (e.g., cybersecurity, physical security, supply chain security, product security, health and safety) are creating seams that bad actors can exploit.
• The realization sets in that operational environments where security is lacking are centers of value creation for most organizations; however, no centralized governance exists to start making sense of it all. Recognition develops that roles and responsibilities for a wide variety of (security related) processes and decisions have never been clear, let alone agreed on.”

“We take a whole-enterprise approach with our customers, starting with continuous and real-time asset discovery,” said Greg Murphy, CEO of Ordr. “Ordr’s platform is differentiated by our use of deep packet inspection to classify and provide visibility to all the connected devices – from traditional servers, workstations and PCs to IoT and OT devices — that can serve as attack vectors. We not only classify every device, we also profile device behavior using advanced machine learning, to risk score every communication flow and surface anomalies. Further, our customers have access to automated policy creation and proactive segmentation of devices or device groups for business-critical devices that cannot be taken out of service.”

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Ordr

Ordr makes it easy to secure every connected device, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT. Ordr Systems Control Engine uses deep packet inspection and advanced machine learning to discover every device, profile its risk and behavior, map all communications and protect it with automated policies. Organizations worldwide trust Ordr to provide real-time asset inventory, address risk and compliance and accelerate IT initiatives. Ordr is backed by top investors including Battery Ventures, Wing, and TenEleven Ventures. For more information, visit www.ordr.net and follow Ordr on Twitter and LinkedIn.

Zero Trust has emerged in the past ten years as the foundational approach to cybersecurity for many organizations. As the name implies, Zero Trust is about removing the presumption of trust for all users, i.e. “never trust, always verify”. Instead of a one-time access decision, trust is continuously addressed and evaluated, and access is limited to least privilege.

While the Zero Trust concept is fairly mature, its application to IoT and unmanaged devices is relatively new, but growing.

New research from EMA points to IoT as one of the top drivers for enterprise interest and investment in zero-trust networking (46% of enterprises).

The EMA report, “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation” based on a survey of 252 enterprise technology professionals, discovered the following:

• IoT drove healthcare, manufacturing, and professional IT services companies towards Zero Trust networking, while software and retail companies were the least influenced by IoT.
• IoT and other unmanaged devices present a challenge to Zero Trust networking policy design because they have no users associated with them and require an alternative way to authenticate connection requests. 38% of enterprises surveyed create tailored access privileges based on the functions and characteristics of individual devices or classes of devices. This means that 64% of enterprises establish generic access for all devices or devices are untrusted with limited access, or are untrusted and banned from the corporate network.
• Establishing a generic, minimum level of access privilege for IoT and unmanaged devices, such as an IoT VLAN, is popular among government agencies (50%) and healthcare organizations (55%). However, this strategy isn’t ideal as risks can differ even among a set of similar IoT devices based on behavior, vulnerabilities, manufacturer.
• The most important parameters for determining access privileges of unmanaged devices were cited as security status, device vulnerability and risks, owner of the device, and observed network behavior. This makes sense so that enterprises can use tailored policies and place devices in the right “trusted” areas of the environment.
• Enterprises are more likely to succeed with tailored policies for unmanaged devices if they formed a Zero Trust networking taskforce rather than relying on formal partnerships between network and security teams.
• Identifying and segregating IoT and other unmanaged devices is a top priority for healthcare organizations (55%). This is not a big surprise given the vast numbers of sensors, scanners, and other medical equipment that connect to networks in clinics, hospitals, and laboratories.
• The top issue that enterprises find most challenging to Zero Trust network segmentation are the high volume of changes and exceptions straining management capacity. This points to a need for network automation.
• 92% of enterprises want tools that simplify segmentation, specifically to address “exceptions/custom rules”, cross-tool support, and to automate/eliminate errors — this is especially true for IoT since there are so many different types of devices and their numbers are so large that automation is critical to drive Zero Trust segmentation

As the report shows, enterprises are recognizing the need to extend Zero Trust to unmanaged and IoT devices. 50% of enterprises in the EMA survey have started Zero Trust microsegmentation in the LAN where IoT lives. To do this effectively and without manual errors, automation is critical. Ordr can help. We help enterprises discover and profile devices so they know exactly what an IoT device is at a very granular level, how it is behaving, and protect these devices at the firewall and in the network via automated Zero Trust and microsegmentation policies.

We invite you to download the report summary here. For complete visibility into what’s in your network, sign up for our IoT Discovery Program at www.ordr.net/sensor.

SANTA CLARA, Calif., Feb. 16, 2022 /PRNewswire/ — Ordr, the leader in connected device security, has been named a market leader in the Healthcare IoT security industry for the third year running by KLAS Research –  a premier healthcare IT data and insights firm. In its latest report, “Healthcare IoT Security 2022: Moving beyond Device Visibility,” Ordr was recognized for its high market energy, significant customer consideration rate, breadth of functionality beyond visibility, strong technical background, and success with the largest and most sophisticated healthcare systems.

As the number of internet-connected devices continues to grow exponentially, healthcare delivery organizations have become lucrative targets for attack. Ordr gives healthcare providers full confidence in the visibility and security of every connected device on the network. Ordr received high marks from customers in the KLAS report for:Customers interviewed celebrated Ordr’s ability to provide value beyond just device visibility.

• Breadth of functionality beyond just visibility, including abnormal activity identification, traffic monitoring, and device utilization tracking;
• High customer satisfaction rates;
• High value across multiple stakeholders including Security, Clinical/Biomed and IT;
• Helpful training and education offerings, including the Masterclass webinar series;
• User interface enhancements; and,
• Strong technical background of the Ordr team in security, healthcare and networking.

Ordr was recognized by KLAS for client list transparency, and customers interviewed celebrated Ordr’s ability to provide value beyond just device visibility. In its report, KLAS noted that “Ordr customers (often very large health systems) use the platform to do more than simply see what devices are connected to their network—they also track device utilization, identify abnormal device activity, and monitor traffic.”

When asked about Ordr, one CISO commented, “I would definitely recommend the system. The major strength is complete visibility into the endpoints for the traffic that we send through the solution. That will assist us when we get into a more stringent RADIUS authentication requirement for our wired network. Another strength is the ability to see exactly what a device has talked to from either a profile view or a specific device view. We can see what ports were used, how many times the communication happened, and what the date and time were. We can get a rather slick visual representation of that and easily export it.”

Greg Murphy, Ordr CEO, said, “We’ve worked with some of the largest and most sophisticated thought leaders in healthcare since our inception. While they have been dealing with the dual pressures of the COVID-19 pandemic and escalating cyberattacks, we have maintained our focus on technology innovation and customer success. Our customers can confidently deliver care knowing that their devices and networks are secure. This recognition by KLAS for the third year running acknowledges the hard work of our team and reflects the value of the trusted partnerships we have built with our customers. This honor reinforces the importance of our mission to keep every healthcare organization safe via comprehensive device visibility, actionable clinical and security insights, and automated policies.”

Continued Growth Highlighted by KLAS Report

Ordr’s recognition in the 2022 KLAS report as a market leader in healthcare IoT security adds to a growing list of achievements over the past year, including:

• Rapid response on cybersecurity attacks including Log4j, Ripple20, SolarWinds and more;
• Receiving SOC 2 Type 2 Compliance by meeting AICPA strict standards on keeping customer data secure;
• The unveiling of new cybersecurity features including the Ransom-Aware Rapid Assessment service™ to enable organizations to respond to cyberattacks in minutes;
• Dramatic expansion in Ordr’s channel partner portfolio, in addition to a new partnership with CMCC Centre of Excellence and expansion of its partnership with Fortinet;
• The launch of a guide to assist healthcare organizations to meet the amended NHS Digital’s Data Security and Protection Toolkit criteria; and,
• Continued product innovation, expansions to the Board, and overall company growth.

For more information on how Ordr can help healthcare organizations, please visit https://ordr.net/solutions/healthcare/. A summary of the KLAS Healthcare IoT Security Report can be found here.

As healthcare organizations turn more and more to technology as a way to provide a higher quality of healthcare to their patients, and support skilled staff with a means of improving health outcomes for more people, healthcare technology management (HTM) professionals are finding themselves with a greater responsibility to more efficiently manage and mitigate risks from the healthcare IT estate. That is a huge task for smaller organizations, which means the tools they rely on have to be easy to deploy and use, specialized for defense of the healthcare threat landscape, and capable of reducing the burden of time-intensive tasks through automation.

Announcing Ordr Clinical Defender

That is why we just announced Ordr Clinical Defender, a tool to streamline the management of connected medical devices. Based on our advanced asset and risk management platform, and developed in cooperation with HTM professionals from some of the world’s best healthcare delivery organizations (HDOs), Ordr Clinical Defender will serve as a force multiplier for HTM teams, enabling them to more efficiently, accurately and automatically manage and protect their connected medical devices by:

• Automating real-time asset inventory;
• Addressing compliance by identifying missing, newly-connected, or misplaced devices;
• Mitigating risks by identifying devices with vulnerabilities and recalls;
• Leveraging device utilization insights to support maintenance and procurement decisions; and,
• Accelerating remediation efforts for devices with clinical risks.

The combination of these capabilities means that healthcare organizations can reduce clinical risks by prioritizing remediation of high-risk devices. Organizations can also save millions of dollars by having a real-time inventory of devices, being able to locate missing devices, and optimizing device utilization. Those savings come by reducing the amount of time HTM personnel spend simply looking for misplaced equipment—as much as one hour per shift. Device utilization insights with Ordr Clinical Defender also mean more efficient utilization of medical equipment, and more efficient spending on the procurement of new equipment.

Saving Time and Money

Research has found that there is a discrepancy of between 15-20% between assets registered in an organization’s computerized maintenance management system (CMMS) and devices actually deployed on an organization’s network. That results in inefficient decision making that can impact patient care, and it can also result in the unnecessary purchase of expensive new equipment simply because existing assets are not accounted for by HTM teams.

This lack of visibility increases an organization’s risk and compliance profile because devices operating beyond the visibility of HTM and IT personnel are unprotected and vulnerable to attack. And if a device known to contain a patient’s protected health information (PHI) goes missing, that could constitute a costly data breach. According to the most recent Ponemon-IBM Cost of a Data Breach Report, healthcare organizations incurred an average $9.23 million loss per incident. That figure is by-far the highest of any industry, and more than twice the overall average of $4.24 million.

Developed with HTM Experts, for HTM Professionals

Ordr Clinical Defender was developed with a number of capabilities designed to support the needs of healthcare organizations. Some of these include device-specific reporting and analytics, real-time asset discovery and inventory, automated CMMS data updating, identification of vulnerable clinical equipment, device usage reporting and analytics, guest network monitoring, and management features that facilitate patching, maintenance, and alerts whenever medical devices with PHI have not been seen on the network for more than 60 days.

Ordr Clinical Defender is the product of a collaborative partnership with some of the world’s leading healthcare organizations to develop and deliver a simplified product optimized for the needs of HTM professionals. And because it was developed in cooperation with HTM experts, it has everything HTM and clinical engineering teams need, and no unnecessary extras that might complicate operations. Ordr Clinical Defender means HTM teams have the power of efficient, accurate, and automated medical device management at their fingertips.

Today, in conjunction with Check Point’s IoT Protect Program announcement, we’re excited to not only highlight Ordr’s participation in the program, but also to announce the Ordr Systems Control Engine’s availability directly through Check Point. We’re excited to work with a great security partner with market leading technology.

When we built the Ordr SCE, we created a robust AI platform to deliver high-fidelity visibility and security for all unmanaged devices – IoT, IoMT and OT. However, we knew that was not enough. We also focused on automating the critical job of securing these devices, not only reducing the burden on security and networking teams but making previously complex management tasks simple and automatic.

After all, these unmanaged and IoT devices bring very different challenges to an organization. They often cannot be brought out of service, they cannot be scanned or patched, and you cannot install a security agent on them. But unlike end users, unmanaged and IoT devices have very specific and predictable communications patterns. Video cameras need to connect to a camera management system. Medical imaging devices need to communicate to a central PACS or DICOM server. Neither wakes up in the morning and decides to browse the web.

How does Ordr address this? Once we discover and categorize these devices, Ordr’s Flow Genome maps each device’s unique, customer-specific communications patterns and profiles exactly how it should communicate and behave. We then proactively create specific network segmentation policies for each category of device and enforce them on networking and security infrastructure to only allow these “sanctioned communications.”

This is a Zero Trust Network in action.

Ordr SCE does not create segmentation policy recommendations, guidelines, or suggestions. The policies do not need tweaking or customizing. They do not need updating when new devices join the network, or existing devices move to a new location or receive a new IP address. They do not need to be exported as a CSV file, manually uploaded into another system, and refreshed with a chron job. They fully integrate with Check Point’s APIs, providing full, automated context right in the Check Point IoT Protect Manager.

This is the differentiator of the Ordr and Check Point integration. Whether it is proactive segmentation or quarantining an infected device, we will dynamically create and enforce policies for IoT devices with one click of a button. As new devices are added to the network that match a particular device profile with an active policy, this new device will automatically be protected.

This is a huge benefit for any organization with Check Point infrastructure, as it protects your existing investment. At the same time, our ability to generate these policies alleviates the challenges of manually addressing risks and vulnerabilities across the hundreds of thousands of unmanaged and IoT devices that may exist in a network.

Benefits of combining the Check Point and Ordr solutions include:

• Automatic discovery and classification of IoT, IoMT and OT devices
• Direct integration of device context into the Check Point IoT Protect Manager, including asset type, make and model, OS version and risk information
• Use of Check Point’s advanced APIs to automatically send Ordr Zero Trust segmentation policies to the Check Point IoT Protect Manager for distribution to Check Point’s Quantum Security Gateways^TM
• Automatic updates of Check Point’s Quantum Security Gateways^TM with current device IP information, regardless of network location or dynamic addressing
• Dynamic generation of firewall zoning policies directly into Check Point IoT Protect Manager , allowing for protection and control of the IoT and OT environment within minutes

For more information on the joint integration, please check out our detailed Check Point partnership page here and the Check Point IoT Protect page.