Threat actors thrive in times of chaos and confusion, and we are in such times today. The eruption of violence over the border into Ukraine by one of the world’s most aggressive perpetrators of state-sponsored cyberattacks, and threats of retaliatory cyberattacks on nations providing aid to Ukraine should put all organizations on high alert and give urgency to taking inventory of standing security plans and readiness.

The U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Shields-Up program “recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets,” providing resources and guidance to ensure organizations prepare for possible attacks. CISA’s recommendations include:

• Reduce the likelihood of a damaging cyber intrusion – Validate remote access and administrative privileges; ensure that software and vulnerability patches are up-to-date; disable all ports and protocols that are not essential for business purposes; affirm strong cloud services controls are in place; and implement training and use of good cyber hygiene.
• Take steps to quickly detect a potential intrusion – Quickly identify, investigate, and act on unusual activity; update threat intelligence for systems that use it; be particularly careful with activities involving Ukrainian organizations.
• Ensure that the organization is prepared to respond if an intrusion occurs – Stand up a crisis-response team with necessary resources and information; make sure key personnel are available in the event of an incident; test your plan in advance.
• Maximize the organization’s resilience to a destructive cyber incident – Back-up critical data and review procedures; isolate backups from connected systems; make certain manual controls are operational in the event of attacks on industrial control systems or operational technologies.

CISA’s advice is solid, best-practice guidance that should be standard operational procedure for all organizations even in the best of times. But for many organizations, especially those whose IT estates are characterized by sophisticated, highly complex, and heterogeneous systems, preparation must go deeper. This is especially true for organizations with functions that provide vital services to their communities, like hospitals and healthcare organizations, operators of critical infrastructure, and communities that have adopted smart-city technologies.

Pay Attention to Connected Devices

Such organizations should pay particular attention to the connected devices they rely on, ensuring those devices are properly categorized by their function, and that mission-critical devices are segmented, with policies in place that ensure such devices are able to be isolated from the network, protected while remaining in service.

Bilateral communications of all devices must be monitored, as well as their behavior, to ensure no suspicious activity is taking place. Because connected devices are designed to carry out narrowly defined operations, any changes in behavior—measured against a known baseline—must be regarded as suspicious, triggering applicable security policies. Devices that communicate externally are especially vulnerable.

Patch management for devices should be brought up-to-date immediately, but for medical devices that may have restrictions prohibiting modifications, segmentation and appropriate policy application must be implemented. And, of course, all employees should be reminded of their individual responsibility to be aware of common threats like phishing schemes, practice good cyber hygiene, and to be alert for any unusual activities they see with any connected systems they use. The “see something, say something” adage applies here.

If you are an Ordr customer, know that—as has been our commitment from the start—we stand ready to answer your questions and to provide support to your organization at this time of heightened concern. We are confident that our Ordr platform will be an invaluable resource for you as you scan your IT estate for threats and vulnerabilities.

Be ready. Be safe. And to the people of Ukraine, know that our thoughts and prayers are with you.

Greg Murphy

Greg joined Ordr as CEO in December 2018. Previously, he was VP Business Operations for the HPE Aruba Group, the 4,000 person networking and IoT business unit of Hewlett Packard Enterprise. In that role, Greg was responsible for leading the business integration of Aruba and HP Networking following HP’s $3 billion acquisition of Aruba Networks in 2015. Greg held multiple prior senior executive positions within Aruba, including SVP Business Operations, GM of network management software, GM of outdoor and mesh products and VP of Marketing. Greg joined Aruba in 2008 through its acquisition of AirWave Wireless, a network management software provider that Greg founded and led. Greg received his M.A. from Stanford University and his B.A. from Amherst College.

George Clooney and Brad Pitt in Ocean’s 11 looked pretty dapper en route to a $150M heist at three major casinos. Cyber-criminals may lack the handsome dapper look of the original Hollywood cast but some of them are having even better success attacking these gambling enterprises. It’s not just the fancy casinos on the strip either, online establishments are also feeling the sting of cyber attacks.

Casinos can make easy targets for cyber attacks because of the myriad of connected devices. Think about the networking infrastructure, the security cameras and then think about all the public-facing ATMs, card readers, slot machines. You name it, if it’s connected to the network it’s an entry path for cyber criminals. Proper patching and having a vulnerability system can prevent some of these attacks yet it’s a constant battle against well-armed foes.

Add up the impact of the two big casinos such as the Las Vegas Sands and The Hard Rock Hotel & Casino and the total was about $1Billion due to cyber attacks on both the gaming and internal networks. The FBI concluded that the attackers were Iranian hackers that were behind the Las Vegas Sands attack. Not only did they get into the network but they ended up with a lot of personal data on hotel customers as well. Down the strip, Bloomberg estimated that the attack on the Venetian and Palazzo which had their network taken down and private information leaked, the cost of the damage was about $40M. This doesn’t include the hidden cost of reputation damage and the loss of confidence of customers.

There are no hidden headphones or special vans parked outside when it comes to an online gaming enterprise, a market estimated at over $40 Billion. DoS or other methods are being used to get into online sites where the damage can be more severe than at a brick and mortar counterpart. Hack into a game and you are likely to lose gamblers in a hurry, creating very rapid losses for online gambling operators.

Within DDoS, Advanced Persistent Threats (APT) is when co-ordinated DDoS attempts with other web-based attacks are used in a multi-phase lengthy campaign persisting over weeks or even months at a time. Short, single vector attacks go straight at it and typically is the work of very focused individuals who pay a nominal fee at any of the many botnets for hire services.

The smart thermometer attack in the fish tank hack at a casino was ingenious in that hackers were able to get into the fish tank, into the database, back across the network, and then out of the thermostat into the cloud. With more devices connected, it’s going to be increasingly challenging for casinos to keep their networks safe from the onslaught of attacks.

Protecting the slot machines and every valuable asset is a necessity when it comes to keeping a network safe. The first order of business when it comes to protecting a casino is to get full visibility of what’s actually connected. A systematic approach to applying patches can help reduce vulnerabilities at casinos and should be part of an overall security and protection plan as well.  Monitoring the traffic is important and making sure that certain devices communicate within their respective separate zones (or segments) can also help casinos protect their networks and contain the damage if a breach occurs.

At Ordr, segmentation applies to both ends of the spectrum of detection/isolation and protection/prevention. On the side of detection, reaction and remediation we rate risk by levels when we see unusual activity such as a device unnecessarily scanning a network, or injecting unwanted packets. While setting off an alarm is one thing at a casino, we don’t think its enough to say “hey this machine is bad”. At Ordr, our system sends the alert but also we send all the remediation procedures with it. For example, the notice will be this Slot Machine which is connected to this particular Cisco switch on this port number 27 needs to be shut down or we need to quarantine this machine using VLANs. Another productive message can be “this HVAC controller on the main casino floor with this particular MAC address connected to this AP/wireless controller needs to be blacklisted.”

The damage at a casino can be very high, and hackers attack casinos because simply, that’s where the money is. We’re building and deploying a smart system that can isolate bad actors quickly when something suspicious comes up in a casino’s network. The proactive protection that we provide takes it a step further as we understand the flows and we whitelist certain transactions such as the application, protocols, and destination. The system is constantly learning and observing flows and noticing deviations if any. George Clooney will be impressed.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Any computer security policy is founded on the concept of identifying users and establishing their credentials to authorize them to access system networked resources. Managing usernames and passwords might seem like a trivial task but when a network grows to have many resources and correspondingly many users, the potential for security breaches multiplies.

Integration with Windows Active Directory (AD) provides flexibility for network administrators to adopt a wide range of security policies.

In the most extreme form of “least privilege” access, administrators can lock down each user to allow access only to very specific resources, at specific times, and with specified permissions for specific resources such as file systems, individual files, servers, VPNs, medical workstations, medical and industrial equipment, printers and copiers, and phones.

In practice, this ideal level of control is rarely achieved, and compromises are made to make managing the operation more practical. As a result, many organizations face the following user access challenges:

• User accounts often grant more access than the employee needs.
• Sometimes user accounts survive an employee’s termination – for one reason or another they aren’t disabled.
• In some cases, a user can create “local” user accounts with access privileges.  This is often allowed in systems managed with Windows Active Directory.
• There can be some systems in the network that do not use the network administrator’s security protocol.
• IoT Devices (both wired and wireless) and various off the shelf software packages with default passwords (for example: “admin/admin”) appear in corporate network. Most of the time, account management with passwords can become tedious when thousands of IoT devices are deployed in the network, because these devices are typically configured by the manufacturer with default credentials.

While these challenges vary, the end result is the same: an un-authorized user gains access, typically via a VPN or SSH session to some system or device, and from there accesses other privileged resources in the system. In this type of security breach, malware need not be involved, although this may turn out to be a vector for malware. Given the numerous ways in which phishing attacks can install malware agents on an employee-owned corporate laptop, jumping to other devices with weak credentials becomes easier for attackers.

Ordr and Active Directory, RADIUS and wireless Integration

Ordr provides very robust tracking of users using AD/RADIUS and wireless integration, enabling security teams to monitor which user is accessing what device at what time. Ordr provides two key perspective:

1. User tracking – analysis of all devices accessed by a user, including IoT and OT
2. Device tracking – analysis of which users were logged into a specific device, at what time, duration and more.

Ordr also monitors all devices that use supervisory protocols like SSH, telnet, ftp, etc., associates them with user names, correlates them with the network they logged in from (corporate or guest), and maintains an accurate access record for each and every device as well as each and every user.

We also track and monitor corporate and guest network users. Corporate resources need to be accessed by corporate users with the right credentials from the corporate network. Ordr can alert or trigger the appropriate incident response workflow when a guest network user crosses over to the corporate network.

Finally, organizations can take advantage of all this rich user authentication during a security incident to provide qualifying details such as which network was the entry point, which device the “user” used to get into the network and what authentication methods they used, in addition to detailed Ordr Flow Genome flows.

Account Misuse Use Cases

Our customers have used the Ordr platform in many cases where one or more misuse of user accounts have occurred.

• Unauthorized user accessing accounts – Based on the network data collected in the Ordr Data Lake^TM, we were able to reconstruct extensive and specific activities conducted by a person with an unauthorized-yet-active account, specifically:
  • When the user account was logged on and off, and to which system.
  • What specific resources were accessed.
  • The amount and direction of data transacted (in malware terms, the identification of the data that was exfiltrated.
• Former employee accesses records – In one healthcare environment, we identified that a former nurse used their login credentials at a medical facility to access more than 600 data records. With the information gathered from Ordr, the response and mitigation of the security breach was initiated in a few minutes. Similar incidents have been documented publicly.
• Security cameras with default passwords – Another case involved access to security cameras whose default passwords had not been changed. This can happen not only on new installations but also where a failed unit is replaced by a worker not familiar with the organization’s security requirements. After the initial incident the security team was able to make necessary operational changes to avoid a reoccurrence of this specific problem.

To find out more about how Ordr is helping organizations today, you can view our case studies, webinars and white papers here.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Santa Clara, CA – November 2, 2022 – Ordr, the leader in connected device security, announced today that Jim Hyman has been appointed Chief Executive Officer (CEO) and member of the company’s Board of Directors. With more than 25 years of deep experience in cybersecurity and technology, and a proven record of scaling and operating companies for growth, Hyman will use his experience to continue building a world-class organization as the company enters a new phase of growth. Hyman was most recently Chief Operating Officer at Synack, VP Sales at Trusteer prior to its acquisition by IBM, and spent 4 years as the VP of Sales at Zscaler. Hyman succeeds Greg Murphy as CEO, who is leaving to pursue other interests, but will remain an advisor to the company.

“Jim’s background in cybersecurity and his experience across sales, business development and operations make him the perfect leader to accelerate Ordr’s growth. He embodies our customer-centric culture, represents our values, and has a clear vision for Ordr’s future,” said René Bonvanie, Chairman of the Board of Directors at Ordr. “On behalf of the board, I want to thank Greg for his significant contributions as CEO for the past four years.”

With the explosive growth of connected devices, security and IT leaders are looking not only for visibility into what’s actually connected to their network but a complete suite of security features to identify devices with vulnerabilities, detect anomalies and respond to cyberattacks. With Ordr’s connected device security platform, security and IT leaders are able to discover and classify what is connected to the network, in real-time, via an agentless approach.

Ordr identifies devices with risks, such as those with vulnerabilities, running outdated operating systems, behaving anomalously or communicating to a malicious domain. Proactive Zero Trust policies can be applied to keep devices in operation while limiting exposure. When a device is compromised, organizations can move quickly from “detection” to “response” by taking advantage of Ordr’s insights into the device and dynamically generating policies to mitigate risks.

“I’m thrilled to join Ordr at such an exciting time and look forward to building on the company’s foundation of world-class, innovative technology in the connected device security market,” Hyman said. “Ordr is uniquely poised to address visibility and security challenges with the growth of connected devices and also accelerate the digital transformation and Zero Trust initiatives across multiple industries. We have unparalleled technology and an enormous opportunity ahead of us.”

“When we founded Ordr, our goal was to help organizations address their connected device security challenges,” said Pandian Gnanaprakasam, Ordr co-founder and Chief Product Officer. “Our growth and customer momentum validates our best-in-class approach. Jim is the right person at the right time. His experience and passion, combined with Ordr’s extraordinary market position and financial resources, put Ordr in a perfect position to capitalize on new opportunities, offer best-in-class customer experiences, and accelerate growth. I look forward to working with Jim as we continue to scale.”

SANTA CLARA, Calif., February 1, 2021 — Ordr, the leader in security for enterprise IoT and unmanaged devices, has been named a Representative Vendor in the Gartner 2020 Market Guide for Medical Device Security Solutions.

The Gartner Market Guide identifies the growth and importance of medical device security solutions in Healthcare Delivery Organizations (HDO). Medical device security solutions enable organizations to securely manage Internet of Medical Things (IoMT) devices, ensure IoMT endpoint and data security, and perform asset discovery.

According to Gregg Pessin, Sr. Director Analyst at Gartner, “The variety and scale of security risks in an IoMT-rich healthcare environment is high, with a large and complex threat surface. Most sensor-based things have minimal internal computing resources, with limited opportunities for antivirus, encryption and other forms of protection within these things,”

As described in the report, “HDOs have, on their own, developed a set of requirements needed to address the inherent risk for medical devices operating within their environments. The vendors in this market space have responded with capabilities designed to meet these requirements.” Major functional requirements for medical device security solutions include:

• Asset Discovery
• Risk Analysis
• Risk Mitigation
• Event Detection and Response
• Device Analytics

“We work with many leading healthcare organizations, and for our customers, security starts with asset discovery,” said Greg Murphy, CEO of Ordr. “Ordr’s comprehensive visibility and classification of all connected devices, from medical devices critical to patient care, to HVAC systems and video surveillance cameras that may serve as an attack vector, is what differentiates our platform. Once we classify devices and profile device behavior, decisive steps can be taken and enforced to mitigate risks. This is particularly critical with expensive medical devices that may have obsolete operating systems that are unable to be regularly patched or updated.”

Gartner Disclaimer
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Ordr
Ordr makes it easy to secure every connected device, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT. Ordr Systems Control Engine uses deep packet inspection and advanced machine learning to discover every device, profile its risk and behavior, map all communications and protect it with automated policies. Organizations worldwide trust Ordr to provide real-time asset inventory, address risk and compliance and accelerate IT initiatives. Ordr is backed by top investors including Battery Ventures, Wing, and TenEleven Ventures. For more information, visit www.ordr.net and follow Ordr on Twitter and LinkedIn.

Corporate adoption of IoT has been under way for some time, but things are about to accelerate in a big way. The rapid adoption of enterprise edge computing and 5G technology are key catalysts for organizations to optimize their businesses and create a competitive advantage. Additionally, COVID-19 has forced the hand of most mid and large enterprises to further extend their network perimeters. This is being accomplished by rolling out secure teleworker solutions ensuring hundreds of millions of employees can remain productive during the pandemic.

As enterprise landscapes evolve, companies are grappling with how to adapt to the growing reality of new threat vectors. If past cyber-attacks are any indication, these exploits are merely a glimpse of what’s to come. Most businesses were already deficient in having a thorough cybersecurity posture, and the increasing number of IoT and unmanaged devices is further exacerbating that issue. Some of the most common vulnerabilities include weak passwords, outdated devices and unpatched software, misconfiguration of network devices, and a lack of device management to name a few.

Customers are demanding that cybersecurity vendors reduce complexity, incorporate existing vendors into new solutions and partner to attain maximum benefit. Ordr, the leader in visibility and security of all connected devices and Fortinet, a global leader in broad, integrated and automated cybersecurity solutions are partnering to deliver exactly what customers are seeking to accommodate the IoT device growth being predicted.

The combined integration of Ordr Systems Control Engine (SCE) with Fortinet’s Security Fabric delivers granular visibility and the automated control and response needed to thwart new threats resulting from the massive number of IoT devices emerging. Ordr is a vital member of the Fortinet Open Fabric Ecosystem, the premier technology partnering program in cyber security.
Evolving network architectures should incorporate the following key elements listed below, which are paramount in helping practitioners combat the onslaught of threats posed by new devices being added to the network.

The integrated solutions offered by Ordr and Fortinet are highly differentiated to deliver these critical features;

• ML or machine learning is being used in network monitoring, gathering threat intel and remediation, while it is also being leveraged for identifying anomalous behavior and flagging these patterns in real time.
• ZTNA or Zero Trust Network Access has existed for more than 10 years, but has been perpetually modified. NIST (National Institute of Standards and Technology) continues to refine the ZTNA architecture. Three major components should exist in ZTNA including
  • Continual visibility of devices and users connected to the network,
  • Ability to enforce security policies despite devices type, location or method of access
  • Ability to maintain enforcement and visibility when device goes off line
• Micro-segmentation is a security method that isolates security zones that are associated with workloads, applications and certain devices.  By creating these zones, you can prevent lateral movement of threats from being propagated in east/west traffic and providing isolation and being able to prevent an attack.

Assessing your threat landscape for vulnerabilities must be an iterative process. The speed at which disruptive technologies are being adopted and the addition of billions of IoT connected devices to the internet, will warrant stronger “cyber-hygiene” including frequent cyber assessments and leveraging key partnership and tools for simplification. This endless battle warrants businesses to continuously refine how they address granular device visibility, control and how to appropriately respond to emerging threats.



Harris Sussman

Harris Sussman is the Director of Technology Alliances for Fortinet. Harris began his career in Network Engineering at Raytheon. With more than 20 year of experience at Cisco, Dell EMC, Akami and more, Harris has an amazing technical foundation. At Fortinet, Harris is responsible for Fortinet’s technology alliance relationships with OT (Operational Technology) and IoT (Internet of Things) partners.

Enter a major warehouse club such as Costco and its not too hard to navigate through the aisles. Our brains like it when things are organized and orderly. The shopping warehouse structure is understandable and when everything has its place and every place has its thing, it makes sense to us. Even if things get to massive sizes, as long as a structure and some level of organization is in place, it’s easy to stay organized. Now when it comes to IoT and security, things are not always as tidy or so orderly. If anything, we’ve become accustomed to a flat network where traffic goes all over the place creating violations and constant alerts. Sometimes these alerts can reach 10,000 per week for large organizations.  Sure we have tools to automate and remediate these alerts but fundamentally we think there is a better approach.

Traditional segmentation

Asides from reducing network congestion, segmentation has the added advantage of improving security as the attack surface can be smaller and breaches if they occur can be readily contained, limiting the damage and any further potential movement. Rudimentary ways to segment networks can be performed by usage such as web servers in one area, and database servers in another. Segmentation can also be performed via department such as sales/finance/engineering and even guest access. Managing the segments and having policies on what can move from one segment to another is important for the sake of control and keeping things tidy at a corporate network.

Our take on micro-segmentation

Today, one has the assumption that the traditional firewall has been breached and the bad guys are already inside a major hospital, financial institution, or government network. If segmenting a network is good, micro-segmentation must be better since during a breach an attacker can quickly be isolated within the smaller zone limiting the access to information in different areas. Managing such a network, however, can get increasingly complicated as segments become increasingly granular.

Micro-segmentation divides networks down to the workload level and then defines specific security controls and policies for these specific segments and workloads. It’s a more granular and logical approach than physical segmentation via physical firewalls making it easier for network and security administrators. With micro-segmentation, communications can be monitored and controlled and device traffic and requests will stay in their respective “warehouse aisle.” If there is any deviation from the desired protocol, or some random communication that should not be occurring, remedial action should be immediately taken and you just need to clean up one aisle and not close the entire warehouse.

Take it a step further

When micro-segmentation is combined with automated security policy generation, the enterprise customer can see a sharp decrease in the number of alerts or alarms. Other benefits include faster remedial action and damage containment if something bad does occur. Signaling an alarm is one thing, doing something and learning from the breach is another. At Ordr, we proactively protect the enterprise network and traffic is analyzed at multiple layers. Our SCE system creates a conversation map called the flow genome for every connected device. We identify all communications between the various segment and VLANS. We automate device identification, leverage AI to baseline normal communication behavior and then translates these behaviors into a device-specific security policy.

Cyber attacks are too lucrative for the bad guys and if anything we’re seeing a step up in the incidence of ransomware attacks. Micro-segmentation, when combined with proactive protection, creates a safe environment for network devices and prevents an attacker from moving around causing havoc and our system continuously learns and adapts. With Ordr you are in control. Valuable assets are locked up and safe behind the display case, and the aisles are nice and clean.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

In the Fireside Chat: Addressing IoT Security Risks with Nexteer Automotive webinar, I discussed best practices for organizations building IoT security programs with Ron Temske, VP Security at Logicalis, and Jeff Horne, CISO at Ordr.

Background

The winds of change are blowing through the world of work today. Macro trends such as Industry 4.0 require that companies enact and accelerate their digital transformation. Technologies such as artificial intelligence, blockchain, cloud computing, autonomous vehicles, robotic process automation, edge computing, and the Internet of Things (IoT) are helping foster innovation and competitive advantage.

As companies embrace digital manufacturing to increase efficiency and optimize operating costs, there is an explosion of IoT devices on the plant floor. Further, more and more of our home devices are becoming internet connected. The exponential proliferation of IoT devices and immature security practices make them targets for attack.

Addressing IoT Security Risks

IoT devices play critical roles across many business functions across enterprises, making building IoT security programs crucial. Here are my tips for tackling IoT security, the “Magnificent 7 IoT Security Guiding Principles”:

1. Characterize: Identify and classify assets and stratify them by business value and risk
2. Demarcate: Implement network zones with a clear demarcation between IT and OT networks
3. Understand: Visualize and identify threats and vulnerabilities across networks inclusive of devices, traffic, etc.
4. Unify: Control access by users and devices across both secure wireless and wired access
5. Adapt: Leverage Zero Trust to enact adaptive control schemes in real time
6. Converge: Develop explicit third-party access and risk management protocols including Privileged Remote Access, which are particularly relevant to OT networks to strengthen the security architecture
7. Beware: The following root causes have led to IoT device security issues in the past
   • Static credentials embedded in the device
   • Lack of encryption
   • No software updates
   • API security gaps

How Ordr Can Help

Besides sharing tips on creating an IoT security plan, I also shared the reasons why Nexteer chose Ordr over other IoT security solutions.

One of the key principles of our InfoSec & Privacy program, NEXTINTRUST is to leverage the trifecta of: IDENTITY, INTEGRATION & INSIGHTS across a layered security architecture for enacting adaptive, proactive control strategies.

Consequently, key dimensions needed to enact this strategy across the OT & IoT arena are:

• Device Visibility
• Policy Definition
• Behavior & Risk Analysis
• Enforcement of Policies & Standards

Ordr mapped well to Nexteer’s key security dimensions and the NIST cybersecurity framework principles of Identify, Detect & Protect. It can help us transform our security operations across the plant floor and IOT device arena.

Ordr offers a realtime dashboard and key insights such as automatic device inventory, device communication, and device risk analysis. Ordr’s ease of deployment, FIPS certification, and all-inclusive licensing model were also differentiators.

Ready to try Ordr for yourself? Request a demo to see how Ordr will discover and classify all connected devices, profile device behavior, and automate segmentation policies.

Arun DeSouza

Arun DeSouza is currently Chief Information Security & Privacy Officer at Nexteer Automotive Corporation. He has extensive global IT and security leadership and organizational transformation experience including as CISO and CIO. Arun’s areas of expertise include strategic planning, risk management, identity management, cloud computing and privacy. His current interests include the Internet of Things (IoT), Blockchain, Zero Trust, Software Defined Perimeter & Self-Sovereign Identity. Arun earned Master’s and PhD degrees from Vanderbilt University. He is a Certified Information Systems Security professional (CISSP) and has earned the Certificate of Cloud Security Knowledge (CCSK) certification. He was honored by the 1st Global Cyber Observatory by induction into the CISO Hall of Fame in September 2019. He has won multiple other industry honors including CISO of the Week, CSO50 Award, Computerworld Premier 100 IT Leaders Award, CIO Ones to Watch Award and the Network World Enterprise All Star Award. He is a member of the Society for Information Management and the International Association of Privacy Professionals.