SANTA CLARA, Calif, June 15, 2021 /PRNewswire/ — Ordr, the leader in agentless security for all connected devices, today announced that it has been named a CyberTech100 company for 2021. The CyberTech100, an annual list of the world’s most innovative CyberTech organizations, recognizes pioneering companies that help financial institutions combat cyber threats and fraud. A panel of analysts and industry experts voted from a list of over 1,000 companies produced by FinTech Global, a specialist research firm. The finalists were recognized for their innovative use of technology to solve a significant industry problem, or to generate cost savings or efficiency improvements across the security value chain.

The CyberTech industry for financial services has seen huge growth over the last four years as operations are increasingly moving to the cloud and organizations expand their spending on securing new digital infrastructure. Total annual investments in the sector grew from $0.7 billion in 2016 to over $6.2 billion in 2020.

As the number of connected devices on corporate networks — from IP-enabled video surveillance cameras to building automation systems — has grown exponentially, they have become lucrative targets for attack. These connected devices, including critical and expensive Internet of Things (IoT) and Operational Technology (OT) devices, commonly run legacy software, cannot support endpoint security agents, and cannot be patched easily and are therefore inherently risky to an organization.

Ordr Systems Control Engine mitigates risks and threats by first identifying and classifying every connected device, profiling its behavior and identifying its risks. Then Ordr automates security actions to secure these devices at scale. including both immediate remediation when compromised and Zero Trust proactive segmentation policies on firewalls, switches or network access control systems that permit only necessary and safe device communications.

“Security executives working in financial services need to be aware of the latest innovation and threats in the market in order to protect client and company data as well as fend off cyber and financial criminals,” said Richard Sachar, director at FinTech Global. “The CyberTech100 list helps them do just that and identify new technologies which will have lasting impact on the industry and attackers’ behavior.”

“The increase in high-profile cyber attacks this year has been a wake up call for all industries— financial, healthcare, manufacturing, oil and gas, and even the food supply chain,” said Greg Murphy, CEO of Ordr. “You simply cannot protect what you can’t see, and criminals are able to quickly identify vulnerable devices and propagate devastating malware before a company knows what has happened. We expect the financial services industry to continue to upgrade its approach to device security with ransomware on the rise.”

A full list of the CyberTech100 and detailed information for each company is available to download at www.CyberTech100.com.

Ariana Grande and Nicki Minaj performing “side to side” is one thing, but unusual network traffic moving side to side (internal lateral movement), now that’s a whole different story. An in a healthcare environment where sensitive customer information is stored and lifesaving equipment is connected, it can be downright dangerous. In part 3 of 6 in our series on Control, we dive deeper into Network Control and the concept of traffic control of internal lateral movement to help you maintain order in your healthcare facility.

Trouble in Louisiana

Remember when Louisiana’s governor issued a state of emergency in response to a rash of malware infections that hit the public schools? In the northern part of the state, the ransomware attacks crippled these schools when malware was embedded and allowed to spread quickly throughout the campus. Sorely needed files were encrypted and criminals demanded payment in exchange for the decryption key.  How did this happen? Clearly someone with a lot of resources found and exposed a vulnerable spot in the network.

What Perimeter?

Firewalls are one thing but people and devices move around constantly. What is the purpose of a stationary perimeter if there is constant movement in the network? Consider, for example, a hard-working healthcare worker (Bob) at a regional hospital who goes home late at night and connects to the web and accidentally clicks on a few bad URLs here and there. Without his knowledge, he has just downloaded malware onto his trusty laptop. The next day when a connection is made to the hospital network, this is when the malware does its thing, performing reconnaissance to understand the devices near its proximity so it can spread. This side to side movement is what you need to stop and contain right away.

Know What You Have

Adding anti-virus software is one thing but consider many medical devices that can’t be patched in the first place or think of the headache of keeping a log to make sure all devices are patched. Most often, we find that many hospitals don’t know what’s exactly in their network in the first place. Assuming you’ve taken the necessary steps to add full visibility, the next necessary step is to implement network control specifically network traffic control.

The Traffic Tower

If and when a breach occurs, the quick remedial action to take is to ensure that the malware does not spread. Ordr’s traffic control can ensure that the damage is restricted to a small contained area and the whole hospital network does not go down. When routers, switches, gateways, and firewalls all have flow-based whitelisting enabled, a bad packet from Bob’s laptop computer will be stopped and it will never make its way to a camera or a medical device in a different part of the network.

We can take it further with rule-based automation. For example, if we find that a camera is trying to have dataflow to a particular VLAN that it shouldn’t and the flow looks unusual, we can shut it down right there and then. It starts with total visibility and having the smarts to see all the internal traffic movements, up and down and side to side. Worried about MAC/IP spoofing? We take care of that too.

Much Happening Behind the Scenes

Network control is also about who gets in and out of your network. The point of entry can be wired or wireless, it can be serial or VPN. Doctors, nurses, visitors connect all the time to the healthcare network. It’s important to have the smarts to know what’s happening with the traffic flows, all the stream of information moving north and south and also side to side. And just like Ariana Grande and Nicki Minaj, we’re good friends with Infoblox and we play nice with Cisco ISE. Go ahead, do a little dance, Ordr has you covered.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Part 4 of 6 in our Series

You and I See an Innocuous Camera…

Step into a major contract manufacturer and the machines are buzzing and whirling with activity. Production lines are busy cranking out the latest consumer electronics and cameras are everywhere making sure the quality process and controls are in ship-shape order. Major facilities here and overseas can have thousands of cameras installed along a production line.

All-day long these digital cameras stream images and video to the data center maintaining diligent logs to track production line quality. The problem is of course that cameras have been an easily exploitable weakness for cyber attacks. It gets more confounding since oftentimes, cameras come configured with default passwords. Alarmingly, it is very easy to hack into a camera and instruct the camera to send its recording to a remote suspicious site. Upgrade the password across all these hundreds of cameras? It won’t accomplish much asides give you a list of new passwords. Furthermore, industrial cameras are embedded systems so you cant even upgrade the OS or install any anti-virus even if you wanted to.

Dealing with Anomalies

Firewalls, anti-virus, and vulnerability detection tools are all available to help us deal with the constant ongoing threats but how do you deal with sophisticated malware attacks which can infiltrate a camera of all things? Much can be accomplished with signature detection and we at Ordr work closely with well-known sources to identify and see deep into signatures for anything that might provide clues of ill intent. We rely on signatures to identify what we consider “known” malware.

There are numerous anti-malware solution providers that identify objects, adding new signatures to its known database and we work them as well. These repositories grow each day and hold data on hundreds of millions of signatures that identify and classify malicious objects. Signature protection against malware works, it is relatively easy to use and it’s a tried and true method of catching the millions of older but still persistent threats that are roaming out there.

But Signatures Only Get You So Far

The problem in this sophisticated age of cyber attacks is that some versions of code may not always be recognized by this mapping approach of signatures. New versions of nasty code can appear that are not readily recognized by traditional signature-based technologies. A study by Cisco found that 95% of malware files analyzed weren’t even 24 hours old.

Worse yet, sometimes signatures can morph and hide. Think about that for a second, malware changing to avoid detection. It’s actually not that hard, some code permutation change here, a register renamed there or code shrunk or expanded and malware can avoid the traditional signature detection.

NotPetya: The Dangers of Hidden Signatures

When NotPetya surfaced, it was originally thought that it was another annoying resurfacing as it had a similar code structure and signature to that of the original Petya ransomware.

NotPetya, however, was way worse and way more sinister. NotPetya got its name from Petya but alarmingly, though it looked similar to Petya, the ransomware message was only a disguise. There was no real money demanded, no real unlocking code at all. The intention of NotPetya was all destructive and to irreversibly encrypt a computer master boot record.

NotPetya was designed to not just encrypt the master boot record (MBR) but to overwrite it with the attacker’s own MBR and with no access to MBR, the user can not access the OS on the computer leaving it inoperable. The signature told security managers that NotPetya was ransomware but NotPetya was actually a highly descriptive data wiper disguised as Petya. Identifying signatures is a start but to really understand what’s happening in your network, one needs to understand the behaviors of the devices with respect to its peer group, history, and context.

Ensuring the Camera is in its best Behavior

If we go back to the example of the cameras at the factory floor, we know what the device should be doing, sending images and video streams to the video servers at the data center. If there is any deviation from this behavior, we will see it right away and we can shut things down immediately.

It’s not just the changes from the daily routine that we can see, our engine can monitor how each device acts in a normal setting relative to its peer group. Time series is also factored in that we can see if a camera’s behavior is deviating or is different from what its behavior was in the prior weeks.

If there is some strange communication between a camera and remote suspicious site, our proactive system can prevent this since it’s smart enough to know that a particular camera never had this session in the past. Even if there is a request going into the camera from an external site, we will sound the alarm. An attempt to extract a video without permission? This is a behavior violation. Unusual communications, we catch that too. If it’s a behavior violation, Ordr will prevent it right away.  A thermostat talking to the finance department, that should not happen. Some traffic flow trying to disable security controls or install rootkits? We will shut it down.

Ordr Keeps Learning

Threats are dynamic and constantly evolving. Having a system that understands signature can help in a hyperconnected environment but to have real proactive protection a system must contextually be aware and have the insight to understand behaviors. Diving deeper into historic patterns can also help capture baseline deviations that might fly under the radar.

At Ordr our system is constantly expanding its behavior library, understanding what is normal and what is out of character for each and every device type. We complement your current tools and we work with what you already have. Ordr helps you quickly identify all the friends, eliminate all the foes and ensure all your devices behave the way they should.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Listening to Part 1 of the Minnesota HIMSS webinar series Medical Device Security Overview for Healthcare Delivery Organizations with speakers Matt Dimino and Carrie Whysall from CynergisTek, I found the following to be useful information that you can apply to your organization’s security program development.

Medical Device Security Services

Medical devices have important functions and carry sensitive data, making them attractive cyber attack targets. As medical devices become increasingly connected to the internet they are becoming greater security risks. These devices are purchased and utilized by different departments within the organization and can lead to inaccurate asset inventories and unmanaged devices.

Attacks on medical devices can cause disruptions in patient care and possibly result in patient harm. Not only will this result in lower quality care for that patient, it will also affect organizations reputation, and bottom line.

IoT & IoMT Device Security Challenges

There are a variety of security challenges that come with securing medical devices, and each requires a different solution.

• Culture: There’s a disconnect between IT and Clinical Engineering teams. Each group has minimal experience and knowledge of the other’s work and capabilities.
• Legacy Systems: Many medical devices on networks today are running on outdated operating systems and are kept for long periods of time.
• Unable to Update: Medical devices are often difficult, if not impossible, to patch.
• Medical Device Ecosystem is Complex: The medical device ecosystem is very complex, with devices coming from multiple vendors and software platforms.
• Lack of Security Contracts: Many familiar IT security controls don’t apply to medical devices. Administrative and physical controls can be disruptive to patient care and operations.
• Lack of Tools: IT teams have limited tools that work well with medical devices and can scan inventories for vulnerabilities.
• Medical Devices are Proprietary: Medical devices are specialized; with different wireless requirements, hardware and software.
• Insufficient Visibility: Many medical device networks lack adequate visibility of their medical device inventory.
• Inventory Size: Hospital beds have about 10 to 15 connected medical devices per bed, and each device has an average of 6.2 vulnerabilities

Medical Device Security Components

Medical device security should be comprehensive, creating a security program in three stages ensures it will be implementable down the line.

• Risk Assessment: The first step in creating a program is assessing your current security practices. This includes reviewing the current security program practices, installing a passive network scanner, and creating a security risk classification guide. Organizations should also segment devices and decide what teams, whether it be IT or Clinical Engineering, will be remediating vulnerabilities and overseeing different devices.
• Program Development: Next, create a cybersecurity program through adding security practices to pre-existing device management practices. This includes continued surveillance over remediated devices and other assets, as well as standardized device assessment, configuration and incident procedures.
• Program Management: Sustained device management is necessary for medical organizations to stay secure. Assisting in medical device procurement and deployment, vulnerability reporting, and remediation planning should all be performed as part of program management.

How Ordr Can Help

Cynergistek highlighted a passive device scanner as a key tool to creating and automating a medical device security program. Ordr Systems Control Engine (SCE) is able to provide an accurate asset inventory, properly classify devices with granular detail needed for appropriate workflows, baseline and map device communications and enable micro-segmentation efforts.

The Ordr SCE gives organizations the power to enable visibility and security of their network-connected devices, with a simple and powerful solution to identify, classify, profile the behavior and risk and automate action for every network-connected device in the enterprise. To learn more about how Ordr can enable an effective IoT security strategy for your organization, request a free sensor.

I am excited to announce the integration of Ordr Systems Control Engine (SCE) and VMware NSX-T™ Data Center and VMware NSX® Intelligence™.

Ordr Systems Control Engine (SCE): Discovers every connected device, profiles device behaviors and risks, and automates response. Ordr not only identifies devices with vulnerabilities, weak ciphers, weak certificates, and active threats, but also those that exhibit malicious or suspicious behaviors. Ordr enables networking and security teams to easily automate response by dynamically creating policies that isolate mission-critical devices, those that share protected organizationally unique sensitive data (PCI, PHI, PII) or run vulnerable operating systems.

VMware NSX-T Data Center: Includes Distributed Firewall functionality to specify dynamic security policies down to the VM level with the ability to configure east-west and north-south firewalling.

VMware NSX Intelligence: Provides a graphical user interface to visualize the security posture and network traffic flows that have occurred in your on-premises NSX-T Data Center environment.

With the integration, joint customers can now:

• Achieve cutting edge visibility
• Accelerate NSX-T Data Center microsegmentation
• Minimize the potential business impact associated with firewall changes

If your VMware NSX data center firewall microsegmentation team is looking for a method to significantly reduce the overhead of maintaining static NSX-T IPsets and group objects, it is time to consider a solution that is capable of addressing the following scenarios:

• Automated NSX-T group object creation for non-data center device types
  Since NSX-T provides excellent visibility for the entire data center, the most time-consuming objects to create and maintain are ones which pertain to devices outside of the data center (enterprise campus, branch sites, etc).

Ordr continuously discovers devices as they join campus and branch networks and can automate the creation of corresponding group objects in NSX.

NOTE: Ordr creates NSX objects with a standard prefix of “ordr-“. This allows NSX admins to easily recognize which objects are autogenerated and maintained by Ordr.

• Automated IP address membership tracking for NSX group objects
  Dynamically creating NSX-T groups is a great start, but this capability alone does not solve the labor-intensive aspect of maintaining IP address membership for each type of device.
  Ordr tracks the IP addresses of each type of device in the campus and branch. If a credit card reader device IP changes, Ordr will automatically update the NSX group with the new IP address.
• Support for advanced visualizations in the latest version of NSX Intelligence
  Ordr programmatically creates NSX group objects and their members in a format which is compatible with the latest version of NSX Intelligence (announced at VMworld 2020[CI1] ).
  This means that NSX Intelligence is able to render all communications from Ordr-defined and maintained NSX device groups.
  This capability is key for teams who are looking to accelerate their data center security initiatives by gaining a comprehensive understanding regarding all types of campus and branch devices which are communicating to virtual machines in the data center.

How it works:

Step 1

Ordr SCE sensors use advanced deep packet inspection (DPI) techniques to process campus and branch traffic from a SPAN/port mirror, TAP, or packet broker feed

Step 2

Ordr SCE sensors forward metadata to the SCE Analytics system which identifies all the device types (including unmanaged IoT devices) which are communicating on the campus network

Step 3

Ordr SCE Analytics programmatically creates NSX groups and their member IP addresses

NSX Intelligence with Ordr device data in action:

In this example screenshot from NSX Intelligence, we can quickly see that the Alaris Manager VM is receiving unprotected communication from two different device types in the campus network.

NSX group 1: ordr-BD-Alaris-Infusion-Pump

NSX group 2: ordr-Shenzhen-Network-Camera

This type of information can be leveraged to reduce the amount of manual labor associated with understanding source/destination communication for thousands of different campus and branch device types communicating to virtual machines in the data center.

In summary, the Ordr integration with NSX-T Data Center and NSX Intelligence allows teams to achieve greater operational efficiency by automating labor intensive tasks and unlocking rich device type context visibility for all campus and branch devices communicating with virtual machines.

For more on how one of our customers is leveraging this integration today, visit our on-demand VMworld breakout session NSX Intelligence: Visibility and Security for the Modern Data Center – Pt2 [ISNS2496] with Ray Budavari, Sr. Staff Technical Product Manager at VMware, Brandon Rivera, Enterprise Infrastructure Architect at CHRISTUS Health, and myself as we take a deep dive into the integration, and provide a demo of the Ordr and NSX Intelligence capabilities.

SANTA CLARA, Calif., April 8, 2021 — Ordr, the leader in security for all connected devices, today announced a dramatic increase in its channel partner portfolio, including new international partnerships in Europe and APAC. Ordr grew the number of active strategic partners by three-fold, while expanding into new regions and vertical industries. Today, Ordr channel partnerships broadens Ordr’s reach to over 50 countries, with international sales growing by more than 400% in the past 6 months.

As the number of connected devices on corporate networks—from IP-enabled video surveillance cameras, medical devices and smart displays to building automation systems—has grown exponentially, they have become lucrative targets for attack. These connected devices, including critical and expensive Internet of Medical Things (IoMT), Internet of Things (IoT) and Operational Technology (OT) devices, commonly run legacy software, cannot support endpoint security agents, and cannot be patched easily and are thus an inherent risk to an organization. The only way to reduce threat exposure is to first identify every connected device, understand its behavior and the risks it brings, then proactively apply proactive segmentation policies through firewall rules or NAC policies that permit only necessary and safe communications.

Ordr launched an IoT and Asset Discovery Program for partners last year to help their customers quickly address asset inventory needs, and uncover shadow IoT devices and their corresponding risks. The program participation by partners has grown by three-fold. Thanks to Ordr’s unprecedented visibility, this program has accelerated sales cycles and has netted key customer wins for partners across critical verticals including manufacturing, higher education, healthcare and financial services.

Carousel Industries, an active participant in the Ordr IoT and Asset Discovery Program, has been announced as Ordr Partner of the Year due to its demonstrated excellence in delivering, integrating and building solutions enabled by Ordr. “In the past year, Carousel Industries has built a methodology to seamlessly incorporate the management of IoT and connected devices into their existing network and security practices. Carousel has been able to use the IoT and Asset Discovery Program insights to more effectively position Ordr for device visibility, NAC acceleration and segmentation use cases and help our joint customers better take advantage of their infrastructure investments,” said Eric Berkman, VP Channel Sales, Ordr.

“We are honored to be Ordr’s Partner of the Year,” said Jason Albuquerque CIO/CSO of Carousel Industries. “The number and complexity of threats that we defend against on a daily basis, requires a proactive approach to security. A critical strategy in protecting an organization’s most sensitive assets, is having complete visibility of all devices on the network, with the capability to automatically generate policy protections and network segmentation.  That is a critical value proposition and this is why we partner with Ordr.”

Ordr’s focus on global channel partnerships provides new opportunities to protect customers of all sizes around the world from the inherent vulnerability in any network-connected device on a corporate or guest network. Ordr has signed with global distributor SYNNEX Corporation, leveraging their GOVSolv GSA Schedule program. From a feature perspective, Ordr boasts deep product integrations that include network and security leaders such as Cisco, Splunk, Check Point, Anomali and Fortinet.

“We are excited to be one of Ordr’s first Value-Added Resellers (VARs) in the DACH region.  We not only trust in their leadership but worked with Ordr on one of their largest German customers and were impressed with the ease of deployment of such a large scale rollout.  Ordr is our choice for IoT and unmanaged device security, and we are excited to represent Ordr throughout the region,” said Fritz Eberhart, CEO, Secadm, now part of MCL Group.

“Massive attacks against government entities have underscored the need for greater vigilance,” said Ed Somers, Vice President Public Sector, SYNNEX.  “Along with new legislation like the IoT Cybersecurity Improvement Act and Cybersecurity Maturity Model Certification (CMMC), the urgency to protect government organizations with solutions like Ordr will increasingly become the norm, not the exception.”

Contact us to learn more about Ordr’s partner program.

About Ordr

Ordr makes it easy to secure every connected device, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT. Ordr Systems Control Engine uses deep packet inspection and advanced machine learning to discover every device, profile its risk and behavior, map all communications and protect it with automated policies. Organizations worldwide trust Ordr to provide real-time asset inventory, address risk and compliance and accelerate IT initiatives. Ordr is backed by top investors including Battery Ventures, Wing, and TenEleven Ventures. For more information, visit www.ordr.net and follow Ordr on Twitter and LinkedIn.

Last year, when Verizon issued its 2023 Data Breach Investigations Report, we observed “Connected Devices Conspicuously Absent” and wondered why they were not mentioned despite playing a critical role in establishing an organization’s risk profile and affecting an approach to cyber asset attack surface management (CAASM). Vulnerabilities in cyber assets can give threat actors a means of entry into a network, and unprotected/unsegmented assets can make it easier for threat actors to move laterally across a network to get to their target destination.

“Even if IoT, IoMT, and OT are not the initial vector of attack, such systems may be the target of an attack, or used as a path of attack as threat actors, once inside a network, move laterally to their intended destination,” we wrote at the time.

We Wondered Where They Were

We also wondered if identifying connected assets by increasingly granular categories was simply too much for the report, which has tended to keep the focus at a higher level. Understandable, if so. But given the increasing scrutiny given to cyber assets by technology analyst groups like Gartner and Forrester, regulatory attention by the FDA and other agencies, and threat reports from CISA, NIST and independent threat laboratories, it was worth asking the question and, hopefully, starting that conversation.

When the 2024 Verizon DBIR came out recently, my first thought was, “It’s good to know that people pay attention when you take the time to express an opinion.”

There They Are!

Whereas assets and connected devices were absent in 2023, they feature fairly prominently in the 2024 report, including a list and definition of asset categories that contains (lightly edited by me):

• Server: a device that performs functions of some sort supporting the organization, commonly without end-user interaction. Servers are common targets in almost all attack patterns.
• User Device: devices used by Persons to perform their work; usually laptops, desktops, mobile phones, and tablets. Common target in the System Intrusion attack pattern.
• Person: people in the organization. Different types of Persons will be members of different departments and will have associated permissions and access in the organization stemming from this role. Person is a common target in the Social Engineering attack pattern.
• Network: actual network computing devices such as routers, telephone and broadband equipment, and some of the traditional in-line network security devices, such as firewalls and intrusion detection systems.
• Media: mostly portable storage media like thumb drives, but including things like disk drives (and non-connected physical media like printed documents).

Ordr would add things like applications, business services, cloud services and workloads, and just about anything that connects to, communicates over, and shares/collects data from the network.

But… Incomplete Context

While the 2024 DBIR does give attention to connected assets and devices, the report’s emphasis seems to be on physical security and preventing certain assets (like smartphones, tablets, and laptops) from being lost or stolen. In the industry-by-industry breakdowns, we note that assets are called out for their role in phishing attacks and credential/privilege misuse. But even here, the report appears to be more concerned with the security of data contained on the various asset types, and not the role connected assets play in expanding the attack surface, introducing vulnerabilities, and affording threat actors a way of accessing and traversing the network itself.

In our view, that undervalues the risk that connected assets play in keeping networks and data safe. And it doesn’t accurately portray the importance of a Zero Trust posture that requires complete asset visibility, demands real-time asset status and rich insights to ensure an accurate risk assessment and good decision-making, the ability to segment assets to protect high-risk systems and ensure operational resilience, and minimize an attack’s “blast radius.”

Ordr Can Fill in the Gaps

To do that, you must have the ability to See, Know, and Secure every asset on the network in real-time, dynamically update risk assessments and associated security policies, effect segmentation/microsegmentation policies, and respond quickly when anomalous activities or conditions that equate to indicators of compromise are reported. That is what OrdrAI and the Ordr CAASM+ platforms enable. If you want to know more, and learn how Ordr can help your organization reduce your cyber risk and better manage your cyber attack surface, schedule a personalized demo today.

Srinivas Loke

Srinivas Loke is Vice President of Product Management at Ordr. Srinivas has a passion for cybersecurity with a deep understanding of network, end point, cloud and IoT security. Prior to Ordr, he led product teams at Aruba, Pulse Secure, FireEye and McAfee. He loves taking 1.0 products to the market and furthering cutting edge technologies that are solving customer problems.

Segmentation Done Right Part 1 of 3

When I was in middle school standing in the cafeteria lunch line, there was always that feeling of nervousness before the spaghetti or tuna casserole(or aloo tikka masala if you are familiar with the Indian school lunch trays) hit my lunch tray with its unique thud. After the entrée, I would shuffle my feet to the left to receive my overcooked peas and carrots. Last but not least was a big scoop of extra syrupy canned peaches. Ah, the joys of being in 7th grade. The good thing about public school lunch was that at least the lunch tray was compartmentalized and my noodles only caught a little bit of that extra sugary-extra sweet peach syrup. Segmentation, what a great idea.

Contain the Damage

Reminiscing about my school noodles made me think about the benefits of network segmentation which is the division of a network into smaller more manageable groups. These zones can be separated from each other with controls in between to help control and keep zones safe and secure. If for example, there was a cyberattack and a device is compromised, the segmentation will keep the damage from spreading as the damage is confined to a specific zone or segment. Think blast radius control. Unusual lateral side to side movement is also kept in check when a network is properly segmented.

It’s Recommended

It sounds simple enough, separate the network into its own compartment to limit the spillover effect and zones can readily consist of VLAN/subnets, groups or segments, hence the name. In terms of application, one can deploy network segmentation using existing network infrastructure or even via deploying new next-generation firewalls into specific zones. The National Institute of Standards and Technology (NIST) in its framework for zero trust architecture recommends segmentation for enhanced identity governance.

Factors to Consider

Getting started with segmentation takes a little bit of thought. How big will the zones be? How many devices of similar types would be in each zone? What about the regulatory environment? The regulatory side can have a say in how things are portioned as well. For example, if your business deals with payments the PCI-DSS standard will state a clear demarcation between payment card authorization and point of sale. In hospitals, one would want to keep life-saving equipment separated from the IT devices.

So how does one begin and are segments rigid in a “set it and forget it” way? How can segments evolve as network requirements change? How is it going to adapt to changing business policies? It helps to start off the right way with a segmentation project by considering the various enterprise departments and the level of fine-grained control required. Furthermore, consider the zones of vulnerability, as plenty of exploits and attacks can occur from inside the network. Departmental segmentation can be done with firewalls but if you want to get more granular control, it very quickly amounts to deploying a large number of small hardware firewalls everywhere on the campus, which is not practical nor cost-effective.

Network segmentation by itself is a great methodology, but if your organization does not know how your applications communicate with your endpoints, then you may risk having incoherent policies at your control points, which reduces the solution’s effectiveness and usefulness of segmenting. Also, segmentation applied without precision, can even impact the day to day operations of a company, so something to consider when it comes to implementation. The other factor to consider is the growth and expansion of your network as you want a segmentation method that is scalable with your business requirements.

Slice and Dice Your Way to Segmentation

When you use a platform from Ordr, you can get as granular as you like. Beyond buildings, sites, departments, and floors, one can segment a network via business requirements and even perform grouping by device functions, even for the same class of devices. For example at a casino, we can separate all the cameras into various groups based on their function, physical surveillance cameras for regulatory compliance (watching the slot machines) vs. general use security cameras observing foot traffic. High-risk assets vs. mission-critical assets are another way to consider the segmentation process.

Segmentation similar to the lunch tray can work great when it’s done right. There is no spillover or cross-contamination and things are in a nice tidy order. Next week we will discuss the limitations and shortcomings of existing approaches and dive deeper into modern methods for segmenting the network the right way.

Read Segmentation Done Right – Part 2.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Santa Clara, CA – September 28, 2023 – Ordr, the leader in connected device security, announced that Wes Wright has joined the company as its new Chief Healthcare Office (CHO). Today’s news highlights Ordr’s continued commitment to providing healthcare organizations and security teams with the focused, industry-proven solutions needed to secure all connected devices and equipment, including Internet of Things (IoT), Internet of Medical Things (IoMT), operational technology (OT), and traditional IT systems.

As Ordr’s first CHO, Wes Wright is responsible for driving the company’s engagements in the healthcare industry, including working with product teams to incorporate evolving customer needs into the Ordr platform. His extensive background as a hospital and healthcare organization CTO and CIO will be invaluable to delivering the most trusted and effective connected device security solution in the healthcare industry.

“Wes will be a tremendous asset for Ordr and for our growing portfolio of healthcare customers. His direct, hands-on experience in the field will be invaluable to organizations grappling with the challenges of securing connected devices in complex, fast-moving healthcare environments,” said Jim Hyman, Ordr CEO. “Ordr understands the needs of healthcare customers better than any other security provider. The addition of Wes is further proof of our dedication to ensuring that our products and expertise comprise the best available solution for delivering whole-hospital security.”

Prior to joining Ordr, Wes was the CTO for digital identity company Imprivata, which had a large healthcare customer base. Before that, he served as the Vice President and Chief Technology Officer for Sutter Health, a 26 hospital network in Northern California, and as the Senior Vice President and CIO for Seattle Children’s Hospital. Wes’ career also includes time as Executive Director, IS at Scripps Health in San Diego, and various CIO and CTO roles with the United States Air Force, from which he retired as a major.  

“Simply put, healthcare environments are the most difficult type of environment to protect. The evolution of patient care technologies, combined with the ever-expanding number of devices and equipment that are connected to a facility’s network are a major pain point for healthcare CISOs and CIOs,” Wright said. “The ever-expanding attack surface that healthcare organizations are dealing with means they need to approach security from a holistic perspective. Ordr understands this and is in the unique position to provide the insight, context, and tools needed by today’s facilities to fully protect patient care. I look forward to working alongside my healthcare peers in overcoming these challenges.”

The Ordr platform discovers every connected device within a facility. It protects against ransomware and zero-day attacks by baselining device activity and immediately alerting teams to any anomalous behavior. Incident response efforts are accelerated by immediately identifying compromised devices, providing context and detail, and dynamically creating and applying security policies. In addition, the platform supports Zero Trust segmentation efforts by enabling only required device communications from those devices already or likely to be impacted. For more information on how Ordr can improve the process of discovering and protecting connected medical devices and equipment, visit our healthcare industry solution overview.