Santa Clara, CA – October 25, 2022 – Ordr, the leader in connected device security, has been awarded four new patents for the visibility and security of the ever-increasing number of devices accessing today’s enterprise networks.

Connected devices are transforming industries and business operations. However, each new device and connection increases an organization’s attack surface. In industries such as healthcare and manufacturing, a cyberattack impacting a connected device can easily disrupt the entire business, or become a life-threatening situation. IoT and OT devices in particular can be essential to digital transformation strategies, but present unique cybersecurity challenges because they are not always designed with security in mind.

“Ordr continues to make significant investments in our technology to enable our customers to address critical connected device security problems. These patents validate the innovation behind our platform  – from visualization of a device profile, mapping of how devices are communicating, to baselining normal behavior so that anomalies can be surfaced. We have best-in-class technology, and the most mature and innovative patent portfolio in this market,” said Pandian Gnanaprakasam, co-founder and Chief Product Officer at Ordr.

Ordr’s new patents represent unique innovations that position the company and its technology as the platform of choice for connected device security, healthcare IoT and IoMT security, and cyber asset and attack surface management (CAASM) challenges:

• Determining A Device Profile And Anomalous Behavior Associated With A Device In A Network (U.S. Patent 10742687) – This patent highlights Ordr’s ability to group devices and map their communication flows in real-time for behavioral detection. Ordr uses machine learning to baseline the normal behavior of a specific device with a similar set of devices over a specific period of time, to identify anomalies. This behavioral-based anomaly detection is applicable for all agentless devices including medical devices, IT devices such as printers and phones, and IoT devices such as building management systems and video surveillance systems.
• Presenting, At A Graphical User Interface, Device Photos And Risk Categories Associated With Devices In A Network (U.S. Patent 10979447) – Ordr’s Data Lake includes a knowledge base that identifies devices based on static, dynamic, and flow-level behavioral attributes. Ordr has unique innovations in classifying millions of devices using machine learning and a novel hierarchical organization technique to scale the classification process. Ordr uses this breakthrough technology to classify devices accurately and at scale, with granular details like manufacturer, make, model and more, including the exact picture of the device on the Ordr dashboard, to facilitate asset inventory and incident response. For example, more than 28,000 printers in the Ordr knowledge base are classified with this technology, and this knowledge database grows daily with machine learning.
• Presenting, At A Graphical User Interface (GUI), A Constellation View Of Communications Associated With Node Groups In A Network (U.S. Patents 10928987, 10656795) – Ordr employs a novel approach to group devices on multiple dimensions. For example, a group can be based on devices – printers, medical devices, cameras, etc. A group can also be defined based on the VLANs they belong to, subnets, or device categories (such as infusion pumps, CT scanners, etc), or business entities such as research departments or operating theater area and so on. Ordr has patented the ability to graphically show this “organization” using a novel technique to make it easy to examine group-to-group communication and its deviations and anomalies. This is critical for pre-segmentation planning to develop policies on what to allow and deny. This is also a great visualization tool to track policy controls post-segmentation enforcement to ensure any business workflow is not affected while malicious traffic is caught immediately.

SANTA CLARA, Calif., Feb. 16, 2022 /PRNewswire/ — Ordr, the leader in connected device security, has been named a market leader in the Healthcare IoT security industry for the third year running by KLAS Research –  a premier healthcare IT data and insights firm. In its latest report, “Healthcare IoT Security 2022: Moving beyond Device Visibility,” Ordr was recognized for its high market energy, significant customer consideration rate, breadth of functionality beyond visibility, strong technical background, and success with the largest and most sophisticated healthcare systems.

As the number of internet-connected devices continues to grow exponentially, healthcare delivery organizations have become lucrative targets for attack. Ordr gives healthcare providers full confidence in the visibility and security of every connected device on the network. Ordr received high marks from customers in the KLAS report for:Customers interviewed celebrated Ordr’s ability to provide value beyond just device visibility.

• Breadth of functionality beyond just visibility, including abnormal activity identification, traffic monitoring, and device utilization tracking;
• High customer satisfaction rates;
• High value across multiple stakeholders including Security, Clinical/Biomed and IT;
• Helpful training and education offerings, including the Masterclass webinar series;
• User interface enhancements; and,
• Strong technical background of the Ordr team in security, healthcare and networking.

Ordr was recognized by KLAS for client list transparency, and customers interviewed celebrated Ordr’s ability to provide value beyond just device visibility. In its report, KLAS noted that “Ordr customers (often very large health systems) use the platform to do more than simply see what devices are connected to their network—they also track device utilization, identify abnormal device activity, and monitor traffic.”

When asked about Ordr, one CISO commented, “I would definitely recommend the system. The major strength is complete visibility into the endpoints for the traffic that we send through the solution. That will assist us when we get into a more stringent RADIUS authentication requirement for our wired network. Another strength is the ability to see exactly what a device has talked to from either a profile view or a specific device view. We can see what ports were used, how many times the communication happened, and what the date and time were. We can get a rather slick visual representation of that and easily export it.”

Greg Murphy, Ordr CEO, said, “We’ve worked with some of the largest and most sophisticated thought leaders in healthcare since our inception. While they have been dealing with the dual pressures of the COVID-19 pandemic and escalating cyberattacks, we have maintained our focus on technology innovation and customer success. Our customers can confidently deliver care knowing that their devices and networks are secure. This recognition by KLAS for the third year running acknowledges the hard work of our team and reflects the value of the trusted partnerships we have built with our customers. This honor reinforces the importance of our mission to keep every healthcare organization safe via comprehensive device visibility, actionable clinical and security insights, and automated policies.”

Continued Growth Highlighted by KLAS Report

Ordr’s recognition in the 2022 KLAS report as a market leader in healthcare IoT security adds to a growing list of achievements over the past year, including:

• Rapid response on cybersecurity attacks including Log4j, Ripple20, SolarWinds and more;
• Receiving SOC 2 Type 2 Compliance by meeting AICPA strict standards on keeping customer data secure;
• The unveiling of new cybersecurity features including the Ransom-Aware Rapid Assessment service™ to enable organizations to respond to cyberattacks in minutes;
• Dramatic expansion in Ordr’s channel partner portfolio, in addition to a new partnership with CMCC Centre of Excellence and expansion of its partnership with Fortinet;
• The launch of a guide to assist healthcare organizations to meet the amended NHS Digital’s Data Security and Protection Toolkit criteria; and,
• Continued product innovation, expansions to the Board, and overall company growth.

For more information on how Ordr can help healthcare organizations, please visit https://ordr.net/solutions/healthcare/. A summary of the KLAS Healthcare IoT Security Report can be found here.

Santa Clara, CA, March 2, 2022 – Ordr, the leader in connected device security, today announced the availability of Ordr Clinical Defender. Built on Ordr’s foundational asset and risk management features, and developed with best practices from the top healthcare delivery organizations (HDOs) in the world, Ordr Clinical Defender enables Healthcare Technology Management (HTM) teams to more efficiently and accurately manage their connected medical devices.

HTM teams today face significant challenges in managing the explosive growth of connected medical devices critical to patient care. There is typically a 15-20% discrepancy between assets registered in a computerized maintenance management system (CMMS), and assets deployed on the network. This increases risks for healthcare organizations as unknown devices increase the attack surface, and missing devices may contain protected health information (PHI), putting the organization in jeopardy of a costly HIPAA data breach violation.

Furthermore, HTM teams spend an average of 30-60 minutes per person, per shift, looking for equipment. At a cost of $100 per hour, reducing this time can lead to significant cost savings. In addition, addressing clinical risks like identifying devices running outdated operating systems can drag on for weeks due to the lack of accurate data, making organizations vulnerable to cyberattacks.

Ordr Clinical Defender, running on the new Ordr 8 Software release, provides focused, actionable, and accurate HTM insights and workflows, so HTM and clinical engineering teams can: 

• Automate real-time asset inventory without impacting device operations;
• Address compliance by identifying missing, newly-connected, or misplaced devices;
• Mitigate risks by identifying devices with vulnerabilities and recalls;
• Accelerate remediation efforts for devices with clinical risks; and,
• Save millions of dollars by optimizing device utilization. 

“The thing we were astonished by was the visualization of the Ordr data. We found quite a few devices that had very out-of-date operating systems that we were not aware of, that we’re now addressing from an upgrade standpoint. We were able to mitigate those risks before anything happens,” said Chuck Christian, VP Technology and CTO, Franciscan Alliance. 

“It is refreshing to work with a vendor that actually listens and empathizes with issues and pain points from customers. It’s exciting to see the rubber meet the road in terms of suggestions and requests. Ordr’s Clinical Defender dashboard is both modern and functional. Kudos to the team,” said Jeremiah Green, Information Security Manager, University of Rochester and University Rochester Medical Center.

Ordr Clinical Defender and Ordr 8 capabilities include:

• Data Shaper for users to customize the Ordr platform and quickly zero in on the information and insights most relevant to them; for example, enabling HTM users to only view specific medical devices they are responsible for within that hospital, or location, or that are using a specific protocol or access method.
• Asset Inventory and Analysis highlights critical information for real-time visibility and compliance:
  • Real-time automated asset inventory, correlated with CMMS data; 
  • Identify newly connected devices in the last 24 hours to ensure no new medical equipment is installed without following proper procedures; and,
  • Identify medical devices with Protected Health Information (PHI) that have not been seen on the network for more than 60 days. 
• Connectivity and Location Analysis pinpoints devices in the wrong zone, VLAN or subnets:
  • Locate missing devices by identifying device details, and physical and network location; and, 
  • Monitor VLANs for rogue or misconfigured clinical equipment. 
• Clinical Risk Insights and Workflows enable prioritized risk remediation:
  • Identify devices with vulnerabilities and FDA recalls; 
  • Prioritize clinical risk patching and remediation by impact;
  • Integrate with IT Service Management (ITSM) tools to automate process for remediation; and, 
  • Simplified sharing option to share device details with other users in the organization for further analysis.
• Device Utilization summarizes usage of devices and fleets:
  • Identify appropriate schedule for maintenance; 
  • Identify usage of specific devices to support procurement decisions; and,
  • Analyze usage to improve efficiencies of under-utilized equipment.
• Simplified action framework to enable quick enforcement of policies across a set of target devices.
• Simplified search to make it easy to identify device insights no matter where users are in the Ordr interface.

“In my previous role, I was an Ordr customer, benefitting from the power of the Ordr platform and actively participating in the evolution of the platform. Ordr’s powerful platform captures not just device information but a true lifecycle view, identifying where a device is located within the network topology and how it communicates and behaves throughout the organization. This unique lifecycle view is particularly beneficial in healthcare. The launch of the Ordr Clinical Defender will be invaluable to HTM/Biomed teams that can now more effectively manage their medical devices and clinical risks,” said Ken Koos, Optiv Consultant, ICS and IOT Product Security.

“We’ve partnered closely with the leading healthcare organizations in the world to develop a simplified and optimized product for HTM. It’s everything HTM and clinical engineering teams need to more efficiently perform their most critical tasks. We’re excited to bring the value and benefits of the Ordr platform to a new set of stakeholders,” said Gnanaprakasam Pandian, Chief Product Officer and co-founder of Ordr.

To learn more about the Ordr Clinical Defender, visit www.ordr.net/platform.

SANTA CLARA, Calif., January 21, 2021 — Ordr, the leader in visibility and security of all connected devices, today announced a significant release of the Ordr Systems Control Engine (SCE), a platform that discovers every connected device, profiles device behavior and risks, and automates response. Ordr SCE 7.4.2 is the largest product launch for the company to date and includes more than 160 new features, integrations, and enhancements to provide unparalleled visibility and protection to companies and their connected devices. 

As the number of connected devices — including unmanaged IoT, IoMT, and OT devices — continues to rise exponentially, so do the number of vulnerabilities and attack vectors. Organizations are struggling to maintain a real-time accurate inventory of all connected devices, not to mention the device intelligence to quickly make informed decisions. 

“Ordr provides the most robust, time-to-value security solution for organizations that want to reap the benefits of network-connected devices, yet curtail increased global incidents of ransomware, phishing, credit card, and personal data breaches,” said Gnanaprakasam Pandian, co-founder and Chief Product Officer of Ordr. “We are so excited to offer extensive new integrations from dozens of security and network vendors, as well as enhanced features to our customers in healthcare, manufacturing, financial services, life sciences, retail and beyond.”  

Ordr not only identifies devices with vulnerabilities, weak ciphers and certificates, and active threats, but also those that exhibit malicious or suspicious behaviors. Ordr automates responses for security and networking teams by dynamically generating policies and enforcing them on existing infrastructure, or by alerting and triggering a specific security or operational workflow.

Highlighted features and benefits of Ordr SCE 7.4.2 include:

• Reduced infrastructure footprint with “sensor-less” visibility via telemetry data from supported switches, routers, firewalls, and wireless LAN controllers. Overnight, customers can leverage key technologies that are already in place and begin the Ordr journey.  
• Increased efficiency with workflow-based dashboards to help customers quickly lookup devices that match specific conditions, including manufacturer, category, and profile as well as devices with sensitive data, devices with custom tags, devices communicating with administrative protocols, devices running outdated operating systems, and more. 
• Security enhancements to enable our customers in the wake of high-profile ransomware as well as espionage-like activity seen in the SolarWinds attack with access to enhanced security components, focusing on optimized detection and tracking within the platform. Customers will have the ability to visually track antivirus software activity, URLs associated with phishing, malicious communications, user-defined prohibited country communications, and quickly see devices with admin protocols and a snapshot of criticality level for devices with known vulnerabilities.
• Empowered Healthcare Technology Management (HTM) teams with actionable clinical data like medical device data from the FDA, clinical and patient risk associated with a device(s), and security risk from Manufacturer Disclosure Statement for Medical Device Security (MDS2) forms to help make informed decisions and initiate the appropriate workflows within a matter of minutes. 
• New security integrations for efficient incorporation into a customer’s existing security workflows. This includes the ability to detect and track ransomware with signature improvements for expedited incident response (IR) processes. In addition, Anomali, Exabeam, Fortinet, IBM QRadar, and Ping Identity join existing partners such as Check Point, Splunk, ServiceNow, and many others, in Ordr’s integration portfolio — the most comprehensive ecosystem of integration partners in the market.
• Enhanced analytics and use case-based policy generation so customers can quickly address scenarios such as controlling access for all physical security cameras used in a retail location, segment patient care devices by hospital and healthcare division, or tag all manufacturing devices that are still running Windows XP or Windows 7. 
• Acceleration of Cisco TrustSec and Cisco Software-Defined Access (SD-Access) as Cisco’s leading IoT solution partner for Cisco Identity Services Engine (ISE). Ordr is the only product on the market to provide total IoT and OT visibility to Cisco ISE and the rich device context required to dynamically define Scalable Group Tags (SGTs), automate the provisioning of group-based segmentation policies and provide SGT visualization and traffic analysis that greatly accelerates the time to value and increases strategic adoption of Cisco TrustSec and SDA. 

About Ordr

Ordr makes it easy to secure every connected device, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT. Ordr Systems Control Engine uses deep packet inspection and advanced machine learning to discover every device, profile its risk and behavior, map all communications and protect it with automated policies. Organizations worldwide trust Ordr to provide real-time asset inventory, address risk and compliance and accelerate IT initiatives. Ordr is backed by top investors including Battery Ventures, Wing, and TenEleven Ventures. For more information, visit www.ordr.net and follow Ordr on Twitter and LinkedIn.

The Boy Who Cried Wolf is a story we’ve all heard many times in our lives.  It’s a story that originated in ancient Greece, an original fable of Aesop.

It’s been told many millions of times, in countless languages and undoubtedly with endless cultural variations.  Yet the core message of the fable remains: repeating false or hyperbolic threat information repeatedly serves to diminish significantly the response to the threat with each retelling; eventually and predictably, responses simply cease – creating a situation of great peril when actual danger appears.  The fable is thousands of years old, but its message is startlingly applicable for today’s enterprise IT and security teams.

In the modern enterprise, teams are presented with an exaggerated array of hysterical alarms and alerts on which they are expected to act – yet few have the time and resources to actually do so effectively. And with the high probability of false alarms coming from multiple applications at a rapid pace, it is increasingly difficult to effectively identify and prioritize those that need immediate response.  Even more concerning, staff resources are overwhelmed with addressing and assessing these alerts, reducing their ability to respond with urgency to every real threat. The alerts can become noise, and the entire enterprise is put at great risk.

Couple this fact with the explosion in quantity and heterogeneity of network-connected devices – the Hyper-Connected Enterprise– and it’s clear that we’re at an important tipping point in enterprise network security.  Traditional agent-based and human-generated security models simply cannot scale.  And the answer, despite what every new threat detection vendor tells you, is not in deploying more systems that create more alerts and further tax your already depleted resources.

The answer is, however, quite simple:  take control of the intelligent security infrastructure you already have, and utilize it to regulate and protect your network on your terms.

We’re proud to introduce the Ordr Systems Control Engine (SCE) app now available on Cortex by Palo Alto Networks.  In just a few minutes of configuration, Palo Alto Networks customers can begin to implement comprehensive, agentless security policies that utilize their best-in-class Palo Alto Networks Next-Generation Firewall infrastructure to regulate and protect every device connected to their enterprise network.  These policies can improve the perimeter protection of the enterprise by utilizing Palo Alto Networks next-generation firewalls at the network edge, and can significantly increase the security of the entire network – and prevent any East/West propagation of nefarious activity – by utilizing additional Palo Alto Networks next-generation firewalls inside the network protecting critical assets.  This AI-based policy automation and implementation can also segment and protect systems and processes by function, keeping facilities and physical security devices separate from the business-critical data infrastructure, for example.

The cloud-based Ordr SCE app seamlessly and immediately – without the need for any additional hardware such as sensors or analyzers – taps into the massive Cortex Data Lake to automatically identify and classify every device connected to your infrastructure.  Every device, such as IP cameras, HVAC control systems, access badge scanners, self-service kiosks, digital signage, infusion pumps, CT scanners, manufacturing control systems, barcode scanners…EVERY device.  Even the devices that find their way into your environment without your knowledge, like popular employee-owned devices such as Amazon Echo and Apple iPad.  The quantity and variety of these devices is almost unimaginable in the enterprise today…and it’s going to grow by orders of magnitude into the future.

The Ordr SCE not only identifies every device, it provides incredible granularity on exactly what every device is and precisely what each is doing.  We call this mapping the Device Flow Genome, a collection of incredibly valuable data that gives you the power to intelligently design and implement policies that are essential to the security of your organization.

Once you have this level of detail on what’s connected to your network, and what each is doing – and should be doing – the Ordr SCE gives you the power to take control of this vast array of devices to ensure effective protection today and into the future.  The Ordr SCE gives you powerful policy automation to regulate the behavior of every class of device so none are able to communicate in such manner – either inside or outside of your network – that exposes them to risk and vulnerability. And the Ordr SCE gives you the power to fully secure each class of device by implementing micro-segmentation and threat remediation policies with sophisticated and actionable artificial intelligence.

All without any software on or need to physically touch the connected devices. All utilizing the best-of-breed Palo Alto Networks next-generation firewall infrastructure you already have.  All with the power of Cortex, the industry’s only open and integrated AI-based continuous security platform.

Take Control. Visit the Cortex hub today to learn more about the Ordr Systems Control Engine app and contact us for more information.

Did you know that Windows 7 end of life is on January 14, 2020?  This is only 300 days away, and today over 40% of the desktops deployed are still running this 10 year old OS.  I can’t even imagine the number of imbedded IoT, OT, and Medical Devices where this OS is still used.  This is going to be a big issue for the security community in 2019 to get their arms around this Windows 7 End of Life, the impact it will have on their security posture, and in medical and industrial fields – the safety risks it will expose to their patients and workers.

Here is a great article highlighting the EOL in more detail.

3 Ways Ordr Can Help You Take Control of Windows 7

• Ordr Discovery | Inventory | Categorization:  Ordr captures the OS detail on devices as we do our automated Discovery, Inventory, Categorization and analysis of the traffic flows (Flow Genome).

Here is an example of a GE Ultrasound Machine, but the same would apply to other systems:

• Ordr integrates with CMDB / ITAM / CMMS Systems:  If you integrate Ordr with your CMDB / IT Asset Management / CMMS system – say ServiceNow, Nuvolo, etc – you can further improve your visibility by leveraging the real-time always on view of the Ordr solution, to then update your records as you work to identify systems that need to be updated, who the device owners are, location of the equipment, where it is in its lifecycle, and perform post upgrade validation to close out the update work and document the remediation.

Here is a view of the same Ultrasound Machine as above, with the integrated asset detail from a CMMS system:

• Asset Info to Action:  Armed with all this detail, Security and Network teams can start working with the appropriate lines of business (HTM in my example case), to figure out a plan to either upgrade the system, replace the system, or if can’t replace it and you are stuck with it on your network –  build security controls around the device.  This is where Ordr helps close the loop.  One key area we can help is our capabilities around the behavior of the device in the network, the Flow Genome. Below you can see the 24 baselined normal flows Ordr has detected during this devices time on the network under monitoring.

See below, we will use this information in step 4:

Time to Take Control!   OK, so you are stuck with the Windows 7 device on your network beyond 1/14/2020.  You are armed with the information in steps 1 – 3.  What do you do about it?  How do you build in the right controls?  This does depend on the environment, where there are firewall systems, NAC, network infrastructure that supports ACLs, etc. I will give you the most common actions I have seen, that should fit most of the customer environments you are working in.

Common controls Ordr can help you achieve

• Leave the device as is, but monitor it:   This is probably the most common control.   Monitor the device and respond to any alerts, change in behavior.  There is concern especially with OT and Medical Devices around putting limiting controls in place.  The good news is Ordr can alert on Behavior Violations, meaning if the device starts communicating outside of its Normal Baseline Flow.  Ordr can be integrated into a workflow management system, send out email alerts on its own, fire off events to a SIEM or other Orchestration tool, or have a screen like the one below up in your SOC for human monitoring.

Below is a screen shot of our Incident Summary & Device Risk Dashboard:   The Behavior Viol. count under Internal Communications is where we highlight behavior anomalies detected by the Flow Genome.  All of this is linked to the events to quickly see and understand the reason for the alarm.

• Build a specific VLAN with ACLs for this Device Type:  One approach to segmentation is with a custom VLAN for a device type, in this case GE Ultrasound Devices.  The good part about Medical IoT, and IoT in general, is there is usually a consistent communication pattern for how it behaves on the network.  In the case of a VLAN configuration with Access Control Lists for communication, the Security, HTM, and Network team could build the rule set for this ACL and limit the communication behavior.  Or, you could let Ordr generate the ACL for you, that you apply in the environment.  Here is an ACL based on the example system above:

• Integrate with your Network Access Control (NAC) solution:   In this case Ordr can talk with your NAC system to put this device in a specific group (TAG), where there are ACL and/or TrustSec TAGs to identify and control access of this device.  All of the attributes shown above can be shared, and the NAC solution can handle the controls around this device.
• Integrate with your Firewall system:  Many customers are leveraging firewalls as part of their segmentation approach.  Beyond the normal Internal to External (North / South) traffic control / protections from a firewall, they are putting more Firewall systems in the internal network (East / West) to segment the network.  This helps with controlling the traffic flow, gives inspection points, and also gives the chance to apply other security tools of an Advanced Firewall feature set and the audit logging of the communication internally.  Ordr integrates with firewall systems to either apply Firewall ACL’s to the traffic discovered by the Flow Genome, or to apply a Security TAG to the firewall. Many of these firewalls support Tagging as well for device groups, so you don’t have to build individual policies for each device.  Ordr can give information to North/South and East/West firewall systems, to help with segmentation control.

What other strategies and ideas do you have to Take Control of the Windows 7 End of Life?  Let us know.

Darrell Kesti

Darrell is VP Sales at Ordr. He joined Ordr as one of the original Account Executives in October of 2018 to help launch the field organization. In his prior role as Ordr’s Director of Healthcare Sales, Darrell drove significant growth in healthcare sales and helped position Ordr as the leader in connected device security. Darrell has had over 20+ years of Sales Leadership, Account Management, and Field Engineering experience supporting customers and partners while with leading security and networking organizations – ForeScout Technologies, FireEye, Mandiant, F5 Networks, and Secure Computing Corporation. Darrell earned a Bachelor of Science in Electrical and Computer Engineering from the University of Minnesota, Duluth.

Santa Clara, CA – January 11, 2023 – Ordr, the leader in connected device security, today announced that it is collaborating with GE HealthCare to offer customers a solution leveraging Ordr’s market-leading platform for health systems.

The solution addresses critical patient care challenges across three key stakeholder groups: biomedical and healthcare technology management (HTM) teams, giving them the granular visibility as well as performance and utilization insights they need to improve medical device management; IT teams, helping them to monitor network connectivity and performance, while mapping device communications flows; and security teams, helping them to identify, prioritize, and self-manage responses to vulnerabilities, threats, or anomalies.

Healthcare providers rely on a wide range of network-connected devices to improve patient care and enhance clinician productivity. As the care environment becomes more complex, health systems are struggling with:

• Lack of visibility into device status, such as determining which devices are in-use, identifying new devices, or devices not yet registered in their asset inventory database;
• Monitoring and troubleshooting devices impacted by communications or performance issues;
• Lack of accurate device data (OS, software version, etc.,) to assess risks, manage vulnerabilities, and implement mitigations; and,
• Locating mobile and portable devices, with many organizations spending almost an hour per person per shift searching for equipment in need of a service action

To help ensure continuity of service for these devices, continuous monitoring of network performance and security is essential. Incorporating Ordr’s solutions will enable GE HealthCare to provide continuous network performance and security monitoring of all clinical assets connected to the CARESCAPE network. The proven, market-leading capabilities of the Ordr platform will help enable broad visibility, performance monitoring, security, and governance of all clinical assets on the CARESCAPE network, providing customers with enhanced self-management capabilities for their critical patient care devices.

“Empowering biomedical technicians, clinical engineers, and hospital IT with easy-to-use tools aimed at improving self-managed network security, productivity, and equipment uptime is key to enhancing critical patient care,” said Alla K. Woodson, GE HealthCare’s Global GM, Patient Care Solutions – Services & Consumables. “This network performance and security solution brings together the technology and scale of our two organizations to help ensure that our customers have visibility and access to actionable insights.”

“Hospitals and healthcare facilities rely on GE HealthCare’s CARESCAPE networks to host critical patient care devices. It is of the utmost importance that these networks—and everything connected to them—remain secure and operating at peak efficiency,” added Jim Hyman, CEO of Ordr. “The deep integration of the Ordr platform with the GE HealthCare CARESCAPE network will help give healthcare organizations comprehensive clinical asset visibility, security and performance capabilities they need to optimize and protect their environment of care.”

With this new service offering, healthcare organizations will be able to:

• Gain Granular Visibility to All Devices in the GE CARESCAPE network – Gain real-time visibility and automate inventories of all assets on the CARESCAPE Network, with device data that can be integrated with existing computerized maintenance management systems (CMMS). Access granular details on GE HealthCare clinical assets, such as hard-to-track patient data modules and which bedside monitors they are connected to.
• Enable Improved Device Performance and Help Reduce Downtime – Enable application-level performance monitoring of GE HealthCare Patient Care devices. Monitor HL7 application flows with actionable alerting that can speed troubleshooting and help reduce the impact of downtime.
• Monitor your Entire CARESCAPE Ecosystem – Provide a bird’s-eye view monitoring of the entire CARESCAPE ecosystem to help catch performance and availability issues with switches & UPS power supplies in near real time to help enhance uptime.
• Enable Preventative Maintenance Efficiencies via near Real-Time Data for HTMs – Eliminate the manual effort and time needed to locate networked devices and identify whether they are in use, based on near real-time network and physical data to complete Preventative Maintenance.
• Mitigate Risk and Help Improve Device Security – Full-lifecycle vulnerability management enables users to identify and focus on specific vulnerabilities affecting clinical assets under their management, prioritize vulnerabilities with Clinical Risk Scores, and self-manage the remediation process with simplified workflows and custom tags.
• Enable Optimal Device Utilization and Operational Efficiency – Understand how GE HealthCare Patient Care devices are being used, enabling teams to optimize performance and support future purchasing decisions.

Contact our team to get more information about how Ordr and GE HealthCare can help protect and optimize clinical assets on your GE CARESCAPE Patient Monitoring network.

There has been a lot of attention paid to ransomware over the last few years, and with good reason. In 2021 Fierce Healthcare reported a 470% increase in ransomware attacks on the healthcare industry in 2020 compared to the previous year. Threat actors saw an opportunity to take advantage of pandemic chaos to target a vulnerable sector of the economy and got to work. Healthcare took the brunt, but no industry was safe. The FBI’s Internet Crime Complaint Center (IC3) reported a more than 20% increase in ransomware investigations overall during that same period and said ransomware payouts increased at an even higher pace as a result. And according to Security Magazine more recent analysis shows the ransomware threat continued to rise through 2023, with more attacks, new gangs, and manufacturers emerging as a favorite target.

But ransomware isn’t the only danger to IT networks and data integrity. More common attacks, where the goal isn’t to lock down valuable information but siphon it off, remain a major threat to businesses. In fact, the most recent IC3 annual report said the FBI received 2,385 ransomware complaints accounting for losses of more than $34.3 million, while overall the Bureau fielded over 800,000 cybercrime complaints with losses of more than $10.3 billion during 2022.

A Complete, Real-Time View

Countering cyberthreats of every type is vital to protecting an organization’s business and operational interests, the safety of individuals, and to safeguarding assets like finances and intellectual property. Many types of cyberattacks share common attributes and indicators of compromise (IoC) like point of entry and vector, lateral movement, and disruptions to normal communications patterns. Identifying these can be difficult without a complete and real-time view of the assets comprising the network, and detailed profiles of each device connected to it. That is why a “whole enterprise” approach to cybersecurity must be adopted to maximize threat prevention.

This is especially important when considering the growing reliance many organizations have on the Internet of Things (IoT) and associated technologies like the Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT), operational technologies (OT), cyber physical systems, and other types of connected devices. Attackers don’t care what kind of devices the organization has deployed, only the operating system it runs. And because many devices use obsolete, unsupported operating systems, they are easy to exploit and to quickly traverse the network toward their goal.

Zero Trust Support

It makes sense, then, that a whole enterprise approach is the logical way to address cybersecurity because it includes full asset visibility combined with rich operational insights to give security teams the ability to recognize unexpected communications patterns and make informed security decisions in response. That is the Ordr See, Know, Secure philosophy to connected device security and it is why we have invested so much into building a platform that not only reveals an organization’s full connected device inventory in real-time, but layers in both intelligence and automation that enable dynamic policy creation and enforcement and support Zero Trust security initiatives.

That is important because connected devices are increasingly targeted by threat actors who use notoriously unsecure IoT, IoMT, OT and other devices as either an attack vector or path of lateral movement once inside the enterprise. They know that if 20% of an organization’s connected devices are outside the view of security, they are less likely to be detected and thwarted, and that their efforts stand a much higher chance of success.

Seven Keys to Fighting Back

To counter this threat, Ordr enables seven key capabilities in the fight against cyberattacks:

• Discovery of all connected devices.
• Identification of device communications with prohibited countries, prohibited IPs, and malicious URLs.
• Communications baselining and identification of communication anomalies.
• Identification of devices running vulnerable protocols with the ability to disable or monitor as needed.
• Identification of devices running unpatched and/or vulnerable software and OSes through the Ordr Software Inventory Collector.
• Segmentation or quarantining as a compensating control for devices that cannot be updated.
• Retrospective analysis to evaluate past compromised communications patterns when new IoC and threat intelligence are released.

Recent Attacks Illustrate the Threat

Several recent, high-profile threat campaigns illustrate how these capabilities and a whole enterprise approach to cybersecurity can help prevent or minimize the effects of an attack. Exploiting vulnerabilities in Fortra’s GoAnywhere managed file transfer product, Progress Software’s MOVEit managed file transfer product, and the RDStealer weapon targeting remote desktop applications allowed threat groups to plant malware, including ransomware, in hundreds of organizations and execute the exfiltration of millions of data files containing sensitive personal and corporate information. Even when attacks use zero-day vulnerabilities to compromise network security undetected, the exfiltration of data may itself trigger automated policy enforcement, minimizing the event’s impact.

Ordr is a key component in the whole enterprise cybersecurity strategies of many top healthcare, manufacturing, financial services, and other organizations that recognize their growing reliance on connected devices could leave them vulnerable. Using Ordr, they now SEE, KNOW, and SECURE their systems and data.

Srinivas Loke

Srinivas Loke is Vice President of Product Management at Ordr. Srinivas has a passion for cybersecurity with a deep understanding of network, end point, cloud and IoT security. Prior to Ordr, he led product teams at Aruba, Pulse Secure, FireEye and McAfee. He loves taking 1.0 products to the market and furthering cutting edge technologies that are solving customer problems.