The United States is constantly under attack from bad actors, including nation states and financial opportunists. Threats to critical infrastructure and services such as public transportation can have far-reaching impacts on the economy, public safety, and national security. 

Following the 2021 ransomware attack on the Colonial Pipeline, the Transportation Security Administration (TSA) issued directives in 2022 to bolster security for U.S. pipelines. These directives were issued as part of an overarching executive order to protect critical infrastructure from “degradation, destruction, or malfunctioning of systems that control this infrastructure.” [Reference: National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems (July 29, 2021).]    

In October 2022, Security Directives 1580-21-01A, 1582-21-01A, and 1580/82-2022-01 were announced to include surface transportation systems and associated infrastructure such as passenger railroads and rail systems. In March 2023, an emergency amendment was added to extend the directives to TSA-regulated airport and aircraft operators.  

What is at the core of these security directives? 

In summary, the directives mandate that impacted entities such as railroad, airline, and airport owners and operators must: 

• Develop a TSA-approved implementation plan that describes the specific measures taken to achieve cybersecurity outcomes; and,  
• Develop a TSA-approved assessment plan that describes how the specific measures will be assessed for effectiveness. 

Specific measures outlined include the following actions: 

1. Implement network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate in the event that an Information Technology system has been compromised; 
2. Implement access control measures to secure and prevent unauthorized access to Critical Cyber Systems; 
3. Implement continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect Critical Cyber System operations; and, 
4. Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware on Critical Cyber Systems in a timely manner using a risk-based methodology. 

[Reference: Security Directive 1580/82-2022-01C] 

Introducing Ordr…

Ordr is a comprehensive operational technology (OT) and IT asset discovery and classification solution that helps to ensure that only trusted systems can access the network. Ordr calculates risk based on device type, model, operating system, and patch status, and continuously monitors communications for threat activity and anomalous behavior. Ordr then dynamically groups devices based on organizational requirements and automatically generates and provisions network segmentation policies.  

The following table lists the four specific measures encompassed in the TSA mandates in more details and how Ordr helps to address each one. 
 

For additional information on how Ordr can accelerate compliance with TSA cybersecurity mandates for critical infrastructure to protect public transportation for airlines, railroads, rail systems, and pipelines, contact us to discuss further.

Craig Hyps

As an Ordr Fellow, Craig drives next-generation solutions that enable organizations to keep pace with the hyper-connected Internet of Things (IoT) and Operational Technology (OT) through automated classification and segmentation using ML/AI on big data platforms. Prior to joining Ordr in 2018, Craig was a 20+ year veteran with Cisco Systems defining Cisco’s policy and access control solutions including Identity Services Engine (ISE) and Software-Defined Access (SDA). He was a leading force behind its super-scaling architecture and the advancement of NAC for IoT. Craig is an active member of the IEEE 2933 Working Group focused on Trust and Identity best practices and standards for Clinical IoT. Craig is also a frequent presenter and author on the topic of Zero Trust and network segmentation for the rapidly expanding growth and convergence of IT, IoT, and OT devices.

Santa Clara, CA, March 2, 2022 – Ordr, the leader in connected device security, today announced the availability of Ordr Clinical Defender. Built on Ordr’s foundational asset and risk management features, and developed with best practices from the top healthcare delivery organizations (HDOs) in the world, Ordr Clinical Defender enables Healthcare Technology Management (HTM) teams to more efficiently and accurately manage their connected medical devices.

HTM teams today face significant challenges in managing the explosive growth of connected medical devices critical to patient care. There is typically a 15-20% discrepancy between assets registered in a computerized maintenance management system (CMMS), and assets deployed on the network. This increases risks for healthcare organizations as unknown devices increase the attack surface, and missing devices may contain protected health information (PHI), putting the organization in jeopardy of a costly HIPAA data breach violation.

Furthermore, HTM teams spend an average of 30-60 minutes per person, per shift, looking for equipment. At a cost of $100 per hour, reducing this time can lead to significant cost savings. In addition, addressing clinical risks like identifying devices running outdated operating systems can drag on for weeks due to the lack of accurate data, making organizations vulnerable to cyberattacks.

Ordr Clinical Defender, running on the new Ordr 8 Software release, provides focused, actionable, and accurate HTM insights and workflows, so HTM and clinical engineering teams can: 

• Automate real-time asset inventory without impacting device operations;
• Address compliance by identifying missing, newly-connected, or misplaced devices;
• Mitigate risks by identifying devices with vulnerabilities and recalls;
• Accelerate remediation efforts for devices with clinical risks; and,
• Save millions of dollars by optimizing device utilization. 

“The thing we were astonished by was the visualization of the Ordr data. We found quite a few devices that had very out-of-date operating systems that we were not aware of, that we’re now addressing from an upgrade standpoint. We were able to mitigate those risks before anything happens,” said Chuck Christian, VP Technology and CTO, Franciscan Alliance. 

“It is refreshing to work with a vendor that actually listens and empathizes with issues and pain points from customers. It’s exciting to see the rubber meet the road in terms of suggestions and requests. Ordr’s Clinical Defender dashboard is both modern and functional. Kudos to the team,” said Jeremiah Green, Information Security Manager, University of Rochester and University Rochester Medical Center.

Ordr Clinical Defender and Ordr 8 capabilities include:

• Data Shaper for users to customize the Ordr platform and quickly zero in on the information and insights most relevant to them; for example, enabling HTM users to only view specific medical devices they are responsible for within that hospital, or location, or that are using a specific protocol or access method.
• Asset Inventory and Analysis highlights critical information for real-time visibility and compliance:
  • Real-time automated asset inventory, correlated with CMMS data; 
  • Identify newly connected devices in the last 24 hours to ensure no new medical equipment is installed without following proper procedures; and,
  • Identify medical devices with Protected Health Information (PHI) that have not been seen on the network for more than 60 days. 
• Connectivity and Location Analysis pinpoints devices in the wrong zone, VLAN or subnets:
  • Locate missing devices by identifying device details, and physical and network location; and, 
  • Monitor VLANs for rogue or misconfigured clinical equipment. 
• Clinical Risk Insights and Workflows enable prioritized risk remediation:
  • Identify devices with vulnerabilities and FDA recalls; 
  • Prioritize clinical risk patching and remediation by impact;
  • Integrate with IT Service Management (ITSM) tools to automate process for remediation; and, 
  • Simplified sharing option to share device details with other users in the organization for further analysis.
• Device Utilization summarizes usage of devices and fleets:
  • Identify appropriate schedule for maintenance; 
  • Identify usage of specific devices to support procurement decisions; and,
  • Analyze usage to improve efficiencies of under-utilized equipment.
• Simplified action framework to enable quick enforcement of policies across a set of target devices.
• Simplified search to make it easy to identify device insights no matter where users are in the Ordr interface.

“In my previous role, I was an Ordr customer, benefitting from the power of the Ordr platform and actively participating in the evolution of the platform. Ordr’s powerful platform captures not just device information but a true lifecycle view, identifying where a device is located within the network topology and how it communicates and behaves throughout the organization. This unique lifecycle view is particularly beneficial in healthcare. The launch of the Ordr Clinical Defender will be invaluable to HTM/Biomed teams that can now more effectively manage their medical devices and clinical risks,” said Ken Koos, Optiv Consultant, ICS and IOT Product Security.

“We’ve partnered closely with the leading healthcare organizations in the world to develop a simplified and optimized product for HTM. It’s everything HTM and clinical engineering teams need to more efficiently perform their most critical tasks. We’re excited to bring the value and benefits of the Ordr platform to a new set of stakeholders,” said Gnanaprakasam Pandian, Chief Product Officer and co-founder of Ordr.

To learn more about the Ordr Clinical Defender, visit www.ordr.net/platform.

Part VI of VI on Control

Who, What and For Real?

With all the antics and the daily drama, it’s not easy keeping up with the Kardashians.  Kim, Kourtney, Khloe, how do you keep up with everything they do? An oftentimes, it is quite unexpected what they do. Thinking about the Kardashians made me empathize with the hospital IT staff who have the unenviable task of keeping tabs of all the users and applications that are crisscrossing a major healthcare network. How do we easily keep track of everything without multiple systems that need to be stitched together?

When thousands of people are moving about in and out of a hospital, understanding what each and every user is doing is not easy. The problem is made more difficult since not all users are created equal and access for some people to certain devices is allowed but access to others is not. An MRI machine, for example, some medical personal are allowed to use it but some people are not. Easy stuff right with access control, right? But it can get complicated.

User profiles are often set up via an Active Directory yet sometimes a user can be created locally on the fly so it’s important to discern the difference between the two as this can be a big area of potential security weakness. Sometimes, profiles are created as users log in to a device and just add more new users, forgetting to delete the user if the session was a one-timer. For real, this happens more than you think. It helps to be contextually aware to understand not just who has access, but when the login occurred, and how long a session for a particular medical device lasted. A user provisioned on a CT scanner can potentially have access to the entire patient record database in a hospital. Think about that, the least protected device is potentially the gateway to the most valuable data.

Access and Convenience via Applications

Who doesn’t love apps that give users access with convenience? In hospitals and other enterprises for that matter, mission-critical business applications are used to come in and out of the network helping to drive overall productivity with the added convenience of remote use. Doctors use mobile applications all the time and it’s important from a security point of view that an organization understands what devices were accessed and whether or not it was done so appropriately via the corporate network or inadvertently by the guest network. Sometimes we see credentials shared across multiple users so it is important to safeguard how many people are claiming to be an admin for example.

In the application kingdom, there are supervisory protocols like TELNET (port 23), FTP (port 21), SSH (port 22), SNMP (161) and others that are usually used by system administrators. As an example, SSH enables an administrator to securely connect to a remote server and perform necessary operations on that server. These supervisory applications are routinely used by admins to operate, debug, transfer data and fix things on the servers. And these applications are used in all Operating Systems including Microsoft Windows.

Understanding applications is one thing but what’s also important is to understand the flow and what is actually happening in a session. If there is a regular port 22 session with a known regular device that is fine but shouldn’t someone proactively ring the alarm if the SSH session comes from a different or even worse from an unknown un-authorized person? And wouldn’t it be helpful to know which stations are performing how many sessions to quickly understand any abnormal behavior?

Stealing the Keys

The problem in relying on supervisory commands to operate critical devices can leave you vulnerable if by chance the credentials are stolen. If this occurs, then brace yourself as anything can happen. Hackers can change code, manipulate machines, it can be quite the issue so if anything, the faster the detection, the more damage can be contained.

Application control is essential and it is important to quickly see something that looks out of the normal behavior as this can be an early sign of malicious behavior. If there are specific pediatric centric applications, take the necessary step to see who and when it is accessing and for what purpose. Is a medical device being accessed too often? It may not be just a utilization issue but rather an indication that something is off.

Take Control

The Ordr system control engine has the ability to track every user and every application, all the time. It’s one holistic platform for all your visibility needs. We can provide the insight into each medical machine, and tell you who logs in, when the machine was used and for how long. That’s helping you take control. We can further map specific devices to specific users to provide the granular detail helping you to take proactive security to the next level.

On applications, we have the capability to track applications and any device or workstation that uses that specific application. Specifically, command applications such as SSH flows between machines are closely monitored and we can show you all the secure shell sessions of any device at any point in time. Keeping track of the countless users and applications is not easy but we can make it easier in an AI-based system that keeps learning and gets smarter with each use.  Now only if we can automate Kylie Jenner’s jet setting whereabouts.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Healthcare has been one of the key verticals for Ordr since our inception as CloudPost Networks. Over the last couple of years, we’ve helped many healthcare organizations address visibiity and security for their unmanaged and IoT devices. In turn, we’ve worked with our customers to evolve our solution and address new use cases.

As a result, we’re grateful and proud to have been named a market leader (with the highest market share) in the new KLAS Research report, Decision Insights: Healthcare IoT Security for the second year in a row. If you’re not familiar with KLAS Research, they are a healthcare IT data and insights company. One of the most unusual aspects of KLAS Research is that they actually interview real clients with questions such as “Are customers happy with a vendor’s products and with customer service?” “Do they have a positive impression of their vendor?” “Do they think their organization has benefited from adopting the vendor’s software?” KLAS is lauded in the industry for their accurate, honest and impartial research.

Market Leader for Second Straight Year 

The KLAS Healthcare IoT Security Report defined the following as key capabilities for an IoT Security solution.

In addition, KLAS spoke to more than 51 customers on which vendors were being selected and why. They had this to say in their report, “ Ordr, who has contracted with some of the largest health systems, has continued to be one of the market leaders in terms of wins and considerations for the second straight year, resulting in their current leading market share.” 

KLAS also noted that we were praised by customers for:

• The breadth and number of devices Ordr can detect;
• The highly granular visibility the solution provides;
• Ordr’s culture of “flexibility and willingness to partner;”
• Strong technology integrations that help drive value with the solution; and,
• High customer satisfaction.

We thank all healthcare organizations who participated in the KLAS interviews. We’re excited to continue our growth with our customers, helping to discover, profile and secure connected devices. Thank you to two of our customer advisory board members Skip Rollins and Jeff Vinson,  who supported us throughout our journey and contributed to our release.

“COVID-19 has forced healthcare organizations to double-down on prioritizing security while balancing other organizational priorities and needs. CIOs need to find ways to support the business,” said Skip Rollins, CIO, Freeman Health. “Ordr is a tool we lean on not only for visibility and security of unmanaged and IoT devices, but for device utilization insights. Details about how often a device is being used helps us to optimize device allocation and support procurement decisions.” 

“Most healthcare organizations don’t realize that a vending machine may be connected to the same network as a critical life-saving device like a ventilator,” said Jeffrey Vinson, CISO, Harris Health. “We have partnered with Ordr because the company provides the most comprehensive IoT security solution that goes beyond simple device inventory. Ordr discovers all connected devices, helps us identify risks and malicious behaviors in devices, and can automatically generate segmentation policies to secure high-risk devices.” 

We are excited to continue our growth with our customers, helping to discover, profile and secure connected devices.

Danelle Au

Danelle Au has more than 20 years of experience bringing new technologies to market. Prior to Ordr, she was CMO at Blue Hexagon, a deep learning for malware protection company, and CMO at SafeBreach where she helped build the marketing organization and and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. Patents. She has an MSEE from UC Berkeley

Revelations by former Twitter cybersecurity chief-turned-whistleblower Peiter “Mudge” Zatko had tongues wagging across the industry Tuesday morning. Articles by CNN and the Washington Post included details from a 200-page letter Zatko sent to Congress, the Federal Trade Commission (FTC), Securities and Exchange Commission (SEC), and Department of Justice (DOJ) detailing claims of poor security practices and management by the social media giant. Zatko alleges Twitter’s security program is rife with bad practice, vulnerable devices, and executive apathy in violation of privacy and security assurances it made to regulators following a major data breach in 2020.

According to CNN, one of the concerning allegations is that, “About half of the company’s 500,000 servers run on outdated software that does not support basic security features such as encryption for stored data or regular security updates by vendors.” The report also claims that, of the computers employees use for work—including accessing sensitive production environments—“4 in 10 devices do not meet basic security standards.”

Twitter denies Zatko’s accusations and told CNN in a written statement, “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.”

Device Vulnerability is an Unavoidable Reality

Whatever the outcome of any subsequent investigation, the situation described by Zatko might have many CISOs sleeping fitfully tonight as an environment populated by vulnerable devices is more common that many will publicly admit. And it doesn’t mean that the tech and security leaders in those organizations are derelict in their duties. Often, running such at-risk gear is an unavoidable necessity.

Industrial IT environments frequently include state-of-the-art IoT (internet of things) technology on the same network as equipment and operational technology (OT) that is decades old, running with obsolete operating systems and unsupported software. Such devices were not built to be secure because they were never intended to be connected to the public internet.

In healthcare organizations the challenges are even greater. Many connected medical devices in the realm of what is known as the internet of medical things (IoMT) must remain in service for the sake of patient safety, even if those devices are known to exhibit vulnerabilities. And because of FDA regulations intended to maintain a device’s operational integrity, typical patch management practices cannot be followed when vulnerabilities are discovered.

Unknown, Unseen, Unmanaged

Compounding the challenge for cybersecurity leaders is that many of these devices are unmanaged, and may operate outside the view of IT management. That adds up to potentially thousands of IoTdevices, building controls, security equipment, consumer-grade tech, and other unknown, unseen, and unsecured devices operating at risk on the network. The result is critical healthcare, manufacturing, and public and commercial infrastructure environments with an enormous attack surface and, using legacy tools and traditional strategies, with no way to understand the scale of the risk and secure the enterprise. Fortunately, there is a solution to close this gap.

The Ordr platform “passively” scans an enterprise network to discover and classify all the devices that are connected, including medical devices, operational technology, building controls, traditional IT systems  and more. Within minutes of deployment, Ordr provides full, real-time visibility of the environment fromIoT, IoMT, OT, and other connected devices comprising the organization’s complete asset inventory, as well as how the devices are connected, and what other systems they are communicating with.

Ordr has You Covered

Ordr identifies risks for every device via an integrated threat detection engine, threat intelligence feeds, and continuously enriching device profiles within the Ordr DataLake. Ordr also monitors and compares device activity against a baseline of “normal,” good behavior.  Because devices are deterministic and therefore should operate within specific, narrow parameters based on functions, abnormal behaviors that may be indicative of a cyberattack are easier to identify. Any suspicious behavior or unexpected communications patterns trigger automated alerts. When that happens, Ordr can dynamically generate Zero Trust security policies to contain an attack, while keeping mission-critical devices in service.

Read more about the award-winning Ordr connected device security platform, here, or contact us with any questions you may have about how we can help you secure your enterprise environment.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

The risks associated with a large, connected device attack surface are getting harder to ignore. In recent weeks the U.S. Cybersecurity Infrastructure & Security Agency (CISA) and National Security Agency (NSA) issued a joint advisory on threats associated with operational technology (OT) such as the industrial control systems (ICS) that many critical infrastructure organizations rely on to run their facilities. Overseas the European Union enacted two new regulations mandating stricter cybersecurity requirements for connected medical devices, otherwise known as the internet of medical things (IoMT).

Ordr has been working hard to provide the means for organizations in industries like healthcare, financial services, manufacturing, life sciences, and government to protect themselves from those threats since 2015. And we are always happy when those efforts are recognized because it means more awareness of the dangers to critical systems and of the tools available to keep them protected.

Ordr Recognized as a Leader in Healthcare IoT Security

On September 20, International Data Corporation (IDC), one of the leading information technology market intelligence advisors, recognized Ordr as a leading innovator in IoMT security solutions in their report, IDC Innovators: Healthcare IoT Security Products, 2022.

IDC describes healthcare organizations as “high-value targets for cyberattacks. As more medical devices are connected, the attack surface that bad actors can exploit has increased dramatically and a single breach can lead to a multitude of undesirable outcomes. Meanwhile, traditional information technology (IT) cybersecurity solutions are not designed to protect the wide range of medical devices used in supporting healthcare.”

Ordr Provides Ground-to-Cloud Protection

Ordr’s platform provides protection for those environments by enabling complete ground-to-cloud visibility of all IoMT, IoT, and OT devices whether they are on-premises or remote, no matter if they are communicating locally or across complex digital supply chains. Then, we provide precise, contextual, real-time understanding of the operations and data flows of each device on the network, automating dynamic security policy generation and enforcement in the event a threat is detected. We can do this because the Ordr Data Lake is populated with detailed operational profiles for millions of devices.

When any device strays from its deterministic parameters, Ordr detects that change and automates proscribed actions to protect the device and its operational ecosystem. This is vital to preventing attacks against connected devices, containing threats by blocking lateral movement to and from connected devices, and maintaining operational resiliency for critical infrastructure targets, like hospitals and healthcare organizations, that are frequently targeted by ransomware gangs.

Ransomware an Ever-Present Threat

“Ransomware is an ever-present threat and can be particularly devastating in the healthcare sector, where even a few minutes of downtime can have deadly consequences. Protecting connected medical devices, many of which were not designed with security in mind, is now a top priority for IT and biomedical engineering departments. Medical IoMT security products provide much needed ‘context’ about devices and how they are being used so that smart decisions can be made to reduce their cybersecurity risks,” said Ed Lee, research director, Internet of Things and Intelligent Edge: Security at IDC.

In addition to this recognition from IDC, Ordr was named a healthcare IoT security market leader for an unprecedented third straight year by KLAS Research, recognized as a member of the CyberTech100 most innovative and pioneering companies that are helping financial institutions combat cyber threats and fraud, and is trusted by leading healthcare organizations like Cleveland Clinic, Dayton Children’s Hospital, Mayo Clinic, Freeman Health, and many more.

See why Ordr continues to earn kudos and customers, get in touch and we can provide a demonstration or answer your questions.

Chris Westphal

Head of Product Marketing

Chris is the Head of Product Marketing at Ordr where he helps drive awareness for connected device security and the value of the Ordr solution. Chris brings more than two decades of experience to his role with a background in enterprise security, cloud, and data center technologies. Most recently, Chris was head of product marketing at Salt Security, the leader in API protection, and has held product marketing leadership roles at companies including VMware, Illumio, and Adallom (acquired by Microsoft).

The Cyber & Infrastructure Security Agency (CISA) recently issued two security advisories highlighting vulnerabilities associated with connected devices made by medical technology firm Becton, Dickinson & Co. (BD). The advisories follow disclosures BD made to CISA, and describe security flaws in the company’s Pyxis and Synapsys product lines.

Among the vulnerabilities described in the advisories are the use of default and shared credentials in the Pyxis products and “insufficient” session expiration for the Synapsys informatics platform. Both flaws could leave the devices vulnerable to exploitation by threat actors who could then gain access to sensitive patient protected health information (PHI) or even affect the delivery of correct treatment.

Device Vulnerabilities Put Network and Patient Safety at Risk

The disclosure of these security flaws by BD, and the subsequent advisories issued by CISA, underscores the risk to both network and patient security when vulnerable  internet of medical things (IoMT) devices are deployed within healthcare environments. Even when such devices must remain in service and cannot be patched, allowing them to continue operation without taking steps to mitigate their associated risks should be regarded as a dereliction of duty.

In this current case, BD recommends a number of steps to close the now-known security gaps, including:

• Limit physical access to only authorized personnel;

• Tightly control management of system passwords provided to authorized users;

• Monitor and log network traffic attempting to reach the affected products for suspicious activity;

• Isolate affected products in a secure VLAN or behind firewalls with restricted access that only permits communication with trusted hosts in other networks when needed; and,

• Work with your local BD support team to ensure that patching and virus definitions are up to date. The BD Remote Support Services Solution for automated patching and virus definition management is an available solution for customer accounts.

From an IT and security operations standpoint, these steps may be difficult for hospitals and other healthcare delivery organizations (HDOs), especially in larger organizations with no means for effecting proper asset management. This leaves questions like: Does my organization have these devices in inventory and where are they located? What software versions are installed? Are they in use and unable to be taken out of service?

Ordr can answer these questions and easily address the recommendations by BD above.

See, Know, Secure, Every Connected Device

Our See, Know, Secure approach to connected device security means our customers can find and identify all the BD connected assets—as well as other connected devices operating in the network—within minutes of deployment. Once Ordr has discovered the devices, their specific make, model, and other operational data are identified, the BD products that are impacted by this vulnerability can be  monitored for any anomalous behavior that could be an indicator of compromise (IOC).

Ordr can identify which BD devices are being accessed by which user, and track which users were logged into a specific device, at what time, duration and more.

Ordr also enables security teams to proactively segment the impacted BD devices, and to set Zero Trust security policies specific to each. In the event that a device is compromised, and we detect anomalies such as a suspicious communications pattern or other operations outside of defined parameters—our segmentation policies limit  an attack’s potential “blast radius” by isolating affected devices and network segments, and allowing security teams to take mitigating actions within minutes of a breach.

Ordr Can Help Secure Your Devices and Environment

With studies suggesting that as many as three-quarters of all connected medical devices currently in service contain at least one security vulnerability, and that half may contain two or more, it is critically important for hospitals and HDOs to do what is necessary to gain the upper-hand on connected device inventory, management, and security.  For more information about how the Ordr can assist in this endeavor, please visit our site to learn more about our asset inventory management and security platform, or contact us with questions specific to your organization’s situation.

Darrell Kesti

Darrell is VP Sales at Ordr. He joined Ordr as one of the original Account Executives in October of 2018 to help launch the field organization. In his prior role as Ordr’s Director of Healthcare Sales, Darrell drove significant growth in healthcare sales and helped position Ordr as the leader in connected device security. Darrell has had over 20+ years of Sales Leadership, Account Management, and Field Engineering experience supporting customers and partners while with leading security and networking organizations – ForeScout Technologies, FireEye, Mandiant, F5 Networks, and Secure Computing Corporation. Darrell earned a Bachelor of Science in Electrical and Computer Engineering from the University of Minnesota, Duluth.

While watching Keith Whitby, Section Head of Healthcare Technology Management Cybersecurity and Operations at Mayo Clinic, and Pandian Gnanaprakasam, Chief Product Officer at Ordr, discuss strategies for securing connected devices and HIoT in a recent webinar, I found the following to be insightful information that you can apply to your organization’s cybersecurity efforts.

Gaps in Medical Device Security

One of the first steps in securing IoMT and healthcare technology (health tech) devices is accounting for the gaps in medical device security. Evaluating equipment coming in, understanding the security risks related to those, and building a plan of mitigating controls that should be applied to equipment are all important aspects of device security, but they must be operationalized.

At Mayo Clinic, previous security assessments were done on an asset by asset basis. This lack of operational framework limited the implementation of device security procedures. Once Mayo Clinic created a standardized process across the organization, the framework could be followed for all medical equipment and new IoT and OT devices.

The Unique Nature of Medical Devices and Health Tech

Medical equipment, systems, and health tech are different from standard IoT and IT systems. Hospitals must follow regulatory guidelines from the U.S. Food and Drug Administration (FDA), College of American Pathologists (CAP) and Joint Commission on Accreditation of Healthcare Organizations (JCAHO), while medical devices in physicians’ offices do not have to follow the same rules. HloT devices come with their own unique challenges, from unsupported devices to service keys being required.

Security Challenges: Size and Scope

Medical organizations can span large geographical areas, including multiple states and hundreds of buildings. They can also have tens of thousands of connected medical devices, hundreds of vendors and thousands of models. The magnitude of medical device networks challenges IT teams to efficiently secure many devices at once. Networks of devices can have inventory discrepancies, and mismatched data from their CMMS and NAC.

Medical devices have complex systems that require intensive work to patch and manage vulnerabilities. Part of the process of setting a framework for securing health tech devices involves figuring out who will be implementing security standards and applications. Health tech devices need both specially trained IT technicians and unique applications to deploy security solutions.

Mayo Clinic: HTM Role in Cybersecurity

At Mayo Clinic, the cybersecurity team in Healthcare Technology Management is the operational arm of IT. The team has developed a structured system and standardized approach to securing medical equipment and health tech systems. They ensure equipment meets organizational and cybersecurity requirements throughout its lifecycle.

• Core Team: Mayo Clinic’s Core Team of HTM Cybersecurity developed a security framework for IoT and health tech based on National Institute of Standards and Technology (NIST) and Association for the Advancement of Medical Instrumentation (AAMI) standards. They also developed a HTM vulnerability management program guide, so that when a vulnerability is found, there is a clear process for remediation.
• Information Security Engineers: Besides technicians, the HTM team also has HTM associate infosec engineers, who create vulnerability management procedures, apply controls to medical devices and add new equipment to Mayo’s network.
• SPAD: The Security, Privacy, Architecture, Data team, or Security Assessment Team manages medical device purchases, device intake assessments, and helps to construct security lifecycle profiles at Mayo Clinic.

Cybersecurity Execution

Over the past two years, the HTM Cybersecurity Program has added significant security value, improving intake process efficiency, establishing an algorithm to calculate and track security risks, and more.

Mayo Clinic developed their IoT/health tech device security through proactive security, building upon multiple areas of cybersecurity, including:

• Policy & Process: Setting device security standards and leveraging known security incidents, regulatory compliance as well as internal audit observations
• Lifecycle Profile: Addressing security issues within the equipment lifecycle, creating Security Lifecycle Profiles that provide a roadmap for device security and management from the pre-purchase stage to decommissioning
• Tools Deployment: Creating a security specific manual for devices, documenting what tools need to be deployed for different device types and models
• Fleet Risk Assessment: Adopting a fleet approach rather than device by device security
• Vulnerability Management: Maintaining device security, tracking vulnerabilities and prioritizing remediation
• SPAD: Initial intake triage and categorization of hardware and software, and routing those devices to the appropriate review groups
• Patch Management: Deploying a medical device patch installation automation utility tool
• Training & Industry workgroups: Participating in industry workgroups to contribute medical device security knowledge

How Ordr Can Help

Mayo Clinic identified Ordr as a key tool to execute and automate security operations. Ordr is able to improve data quality for asset inventory, detect networked devices, classify devices, provide insights into connected device actions and help micro-segmentation efforts.

The Ordr Systems Control Engine (SCE) gives organizations the power to enable visibility and security of their network-connected devices, with a simple and powerful solution to identify, classify, profile the behavior and risk and automate action for every network-connected device in the enterprise. To learn more about how Ordr can enable an effective IoT security strategy for your organization, request a demo today to start the conversation.

Santa Clara, CA – May 3, 2022 – Ordr, the leader in connected device security, announced the availability of the Ordr Sensor as a hosted application on the Cisco Catalyst 9000 series switches. The company’s latest integration with Cisco extends seamless visibility, comprehensive insights and security for connected devices in every environment – including data center, campus, and branch offices. Ordr and Cisco have a deep and long standing partnership, in which Ordr provides deep visibility and context that enables customers to leverage the full power of Cisco’s infrastructure – including Cisco Meraki, Cisco Identity Services Engine (ISE), Cisco Software-Defined Access (SDA) and Cisco Trustsec – to secure their IT, IoT (Internet of Things), OT (Operational Technology) and IoMT (Internet of Medical Things) devices.

“You cannot secure the modern enterprise without understanding what devices are connected to your network, what they are doing, and what vulnerabilities they have,” said Pandian Gnanaprakasam, Chief Product Officer and co-founder of Ordr. “It has been operationally challenging for some organizations to gain this level of visibility for all devices, in all locations. Now, in any environment with Cisco Catalyst 9000 series switches, Ordr enables IT organizations to immediately see and secure all these devices.”

Ordr makes it easy to keep the connected enterprise secure by showing customers exactly what devices are in their environment, the systems they communicate with, and the risks they bring, while providing automated policies to secure them. Ordr not only identifies devices with vulnerabilities, weak ciphers, expired certificates, and active threats, but also uses machine learning to continuously baseline normal behavior. The combination of device and risk insights, behavioral analysis, and automated policy creation accelerates Cisco ISE and SDA deployments. 

“Embedding Ordr within the Cisco Catalyst 9000 allows customers to discover and secure connected devices in locations where it is not possible or not practical to deploy a hardware sensor, such as a branch office or other remote location. This, combined with Ordr’s strengths in accelerating Cisco ISE and SDA deployments, will streamline Zero Trust security for every organization,” said Chris Kuhl CTO and CISO, Dayton Children’s Hospital. 

“The explosive growth of connected devices means companies are more invested than ever in visibility and security solutions,” added Rob Parsons, Director, Network and Security Practice/Portfolio at Insight. “Remote offices are often underserved by security because they lack integration with core security tools. Ordr’s connected device security platform and Cisco’s industry-leading switching products combine to create a powerful value proposition for our clients. The results are simplified deployments, comprehensive visibility across every office, and accelerated Zero Trust and Cisco ISE initiatives.”

With this integration, even in smaller office locations, enterprises gain comprehensive visibility into connected assets, risks, network connectivity, device behavior, and utilization, as well as the ability to apply segmentation to the network edge. 

Key Ordr and Cisco Catalyst 9000 Integration Benefits

• Secure More Devices: Extend Ordr to secure connected devices in data center, campus, branch office, or other remote locations. 
• Quick Deployment: The Ordr sensor is deployed in a matter of minutes as a pre-packaged Docker container application hosted on any Cisco Catalyst 9000 switch, and can be easily deployed to hundreds of switches from the Cisco DNA Center. 
• Reduced Footprint and Cost: By leveraging existing Cisco Catalyst 9000 switches as distributed Ordr sensors, the deployment footprint and costs are reduced.
• No Performance Impact: Ordr takes advantage of Cisco Catalyst 9000’s dedicated application hosting compute, storage, and memory – so there’s no impact to switch performance.

Accelerating Security Across the Cisco Product Suite 

Ordr’s close relationship with Cisco includes integrations with multiple products, including the Cisco ISE, Cisco SDA, Cisco Catalyst 9000 switching family, Cisco Meraki, Cisco TrustSec, Cisco Secure Network Analytics (Stealthwatch), and Cisco Prime Infrastructure.

In addition, Ordr has recently become a Cisco Meraki Ecosystem Partner. Now available on the Cisco Meraki Marketplace, Ordr helps customers analyze their Meraki cloud data to see, know, and secure all connected devices, across all campus, branch, small office/home office (SOHO), and VPN connections.

Ordr’s deep integrations across the Cisco portfolio help customers add the end-to-end visibility and security needed to accelerate the deployment of Cisco ISE and SDA solutions. Ordr’s device classification, network awareness, security intelligence, and ability to auto-generate enforcement rules simplify the process of creating, provisioning, and managing an IoT, IoMT and OT segmentation policy.

For more information about how Ordr can help strengthen the visibility, security and overall management of all your Cisco deployments, please visit www.ordr.net/partners/cisco.

About Ordr:

Ordr makes it easy to secure every connected device, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT. Ordr Systems Control Engine uses deep packet inspection and advanced machine learning to discover every device, profile its risk and behavior, map all communications and protect it with automated policies. Organizations worldwide trust Ordr to provide real-time asset inventory, address risk and compliance and accelerate IT initiatives. Ordr is backed by top investors including Battery Ventures, Wing, and TenEleven Ventures. 

For more information, visit www.ordr.net and follow Ordr on Twitter and LinkedIn.

Santa Clara, CA – March 22, 2023 – Ordr, the leader in connected device security, today announced it has joined the ServiceNow® Service Graph Connector Program by integrating its ServiceNow Connector for Ordr with Service Graph, helping customers to quickly, easily, and reliably load third-party data into the system, enabling data quality, timeliness, and scalability.

Connectors validated by ServiceNow’s Service Graph Connector Program integrate the expertise of the ServiceNow partner ecosystem into Service Graph. 

“The Service Graph Connector for Ordr enables tighter integration between two essential solutions that multiple teams and tools depend on to manage and secure connected device deployments,” said Jim Brady, Vice President, Cybersecurity & Risk Management and CISO at Fairview Health Services. “With this new integration, security and HTM teams can operate with high confidence that the asset data they are working with is accurate and complete, so they can operate efficiently, react quickly, and more effectively manage risk at the hospital.”

The ServiceNow Connector for Ordr enables customers to:

• Maintain an up-to-date system of record for all connected devices with automated discovery, device classification, and the collection of granular device details and context.
• Ensure data accuracy with automated reconciliation of real-time device data provided by Ordr and existing device data in the ServiceNow Configuration Management Database (CMDB) to enrich IT workflows, and reduce operational costs with a centralized, accurate source of truth.
• Streamline device management tasks with granular device details and insights to help teams maintain an accurate view of the devices connected to their environment.
• Accelerate security efforts with critical device insights such as vulnerabilities, malicious activity, and active threats to understand device risk and network details.
• Simplify compliance requirements with accurate details for every connected device to help with reporting of device risk, risk management efforts, and other compliance reporting requirements.
• Improve device utilization with insights to help teams understand device load, balance demand, allocate budget, and make data-driven procurement decisions.

“The ServiceNow CMDB is a critical component in our connected device strategy,” said Shawn Fletcher, Sr. Enterprise Architect, Cybersecurity and Digital Solutions, St. Joseph’s Healthcare Hamilton. “ServiceNow integration with Ordr lets us leverage Ordr’s automatic asset discovery and rich device insights to streamline our asset inventory efforts. This has a direct impact on the ability to manage and secure our devices at scale and support the hospital’s goals to deliver outstanding patient care and innovative treatments.”

“Asset inventory is often step one and is at the core of so much that we do with our customers. Without an accurate inventory, helping our customers meet their goals can be challenging, especially when it comes to security,” said Matt Leclair, CEO, Advanced Cybersecurity Experts LLC. “The ServiceNow Connector for Ordr will help us accelerate that first step of achieving accuracy in the ServiceNow CMDB, so we can deliver value faster and ultimately help put them on a path to improve how they manage and reduce risk for their connected devices.”

ServiceNow Service Graph, the next-generation system of record for digital products and services, evolves the ServiceNow Configuration Management Database (CMDB) beyond inventory and asset management. By using ServiceNow Service Graph, IT organizations are empowered with a broad and deep data foundation for managing the entire lifecycle of digital products and services. Service Graph underpins all ServiceNow products, allowing customers to tie together technology, people, and processes into a service-oriented view. This connected approach enables customers to leverage their existing CMDB investment to rationalize portfolios, automate development and cloud operations, manage risk, and understand ROI, driving high-value business outcomes.

“ServiceNow is leading the future of work by creating great experiences for businesses,” said Brian Emerson, VP & GM, IT Operations Management Business at ServiceNow. “We are pleased to have Ordr integrate its ServiceNow Connector for Ordr to help further enhance satisfaction, build trust, accelerate time to value, and reduce risk for our joint customers.”

“Maintaining a comprehensive and accurate asset inventory is critical for all organizations. This can be a challenge in environments with a large number of unmanaged devices like IoT, IoMT, and OT,” said Gnanaprakasam Pandian, Chief Product Officer and Co-Founder of Ordr. “Organizations depend on a comprehensive and accurate view of their environment for everything from device management, incident response, and risk reduction efforts to meeting stringent requirements for compliance and cyber insurance. We’re proud to offer the Service Graph Connector for Ordr to help customers achieve the comprehensive and accurate asset inventory they need to simplify workflows, improve security, and accelerate incident response.”

The Service Graph Connector for Ordr is available now in the ServiceNow store.  

About Ordr

Ordr makes it easy to secure every connected device, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT. Ordr Systems Control Engine uses deep packet inspection and advanced machine learning to discover every device, profile its risk and behavior, map all communications and protect it with automated policies. Organizations worldwide trust Ordr to provide real-time asset inventory, address risk and compliance and accelerate IT initiatives. Ordr is backed by top investors including Battery Ventures, Wing Venture Capital, Ten Eleven Ventures, Northgate Capital, Kaiser Permanente Ventures, and Unusual Ventures. Stay up to date and follow Ordr on Twitter and LinkedIn.

ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries.