Ordr Covers Your Assets with Real-Time Asset Inventory Management

Ordr is a unique and powerful platform because it addresses a plethora of visibility and security use cases for connected devices. In this series of blogs we’ll cover use cases that are top of mind for security, networking, and device owners, starting with asset inventory and management. 

In conversations with CISOs and CIOs, we consistently hear the same challenges when it comes to Internet of Things (IoT), Internet of Medical Things (IoMT), operational technology (OT), and other connected devices:

• Maintaining an up to date inventory of connected devices
• Finding connected devices that are not included in inventory
• Including device details that are critical for device management and security

The lack of a complete connected device inventory leaves teams guessing when it comes to managing devices and creates big gaps resulting in unknown risk when it comes to security. Whether you’re in IT ops struggling to keep up with the constant barrage of new devices, a security pro challenged to understand and mitigate risks, or a biomed engineer in healthcare tasked with managing device deployments, updates, and usage, connected device growth presents unique challenges across your organization.

Juniper Research estimates we’ll see more than 83 billion devices deployed by 2024, a 130 percent increase from the 36 billion in use today. With this and similar growth estimates, we’re faced with the reality that IT and security challenges will continue to expand as the volume and variety of connected devices grows.

Unique Challenges of Connected Devices

Compiling and maintaining an inventory of connected devices that is up to date with all the required details is challenging due to several factors, including the number and diversity of devices, improper procurement processes, remote users, and locations behind VPNs. In addition, many connected devices are not only unmanaged but unmanageable since they do not or cannot support agents, and scanning these devices is not always an option for fear of service impact. These factors mean traditional methods aren’t an option for device discovery.

The sheer volume, variability, and mobility of connected devices means inventory and status of devices is constantly changing. Relying on manual efforts or periodic snapshots of the network to maintain a device inventory comes with an almost certain risk of inaccuracy. You need to be able to discover and track your complete asset inventory, including unmanaged devices, and you need to be able to do it in real-time.

Procurement processes that aren’t aligned with IT and security add to these challenges since they can introduce devices to an environment without being properly onboarded. This results in the potential for more unknown devices on the network, some of which may not meet organizational standards for management and security. In this category are devices that are added by individuals or teams that purchase them outside of organizational protocols. In the case of healthcare it can include vendors that work directly with physicians and drop off devices for evaluation.

Remote users, and locations behind VPNs provide additional challenges. You have less insight and control over devices being connected from users working from home. IP addresses from devices connecting over VPN can change rapidly making it difficult to ensure all connected devices are properly captured in inventory.

How Ordr Helps

Ordr addresses connected device challenges with deep packet inspection (DPI), artificial intelligence (AI), and machine learning (ML) to enable a real-time asset inventory that’s accurate and always up to date. By analyzing network data, we automatically discover every device connected to the network without the need for agents and without impact to device operations. We also accurately classify every device with details such as make, model, operating system, serial number, application/port usage, and location.

Device details are sent to the Ordr Data Lake and enriched with more than 80+ integrations to form a granular and complete profile of every device in the environment. Enrichment includes data from vulnerability and threat feeds, manufacturer and FDA recalls, IT tools to help track IP address changes and user logins, and more.

With Ordr, teams not only know what’s on the network but can also identify risks such as devices with an outdated operating system, unauthorized applications, vulnerabilities, or recalls. Ordr also helps identify devices with weak passwords or certificates, and those exhibiting risky behavior that might indicate an active threat. This detail, combined with other insights from Ordr, is used to calculate a risk score for each device and help teams prioritize remediation tasks such as patching and mitigation efforts like quarantining or microsegmentation.

Ordr also integrates with existing CMMS or CMDB tools to enrich details for devices that already exist in inventory, and fill in the blanks with details for devices that were missing. With Ordr, you’ll create a single source of truth for all your connected devices that is always up-to-date and accurate. With that foundation, you can start to wrap your arms around the other unique challenges associated with managing and securing connected devices. In a future post, we’ll cover more on Ordr capabilities beyond asset management.

If you’d like to get a handle on your connected device asset inventory get in touch with us to learn more.

Chris Westphal

Head of Product Marketing

Chris is the Head of Product Marketing at Ordr where he helps drive awareness for connected device security and the value of the Ordr solution. Chris brings more than two decades of experience to his role with a background in enterprise security, cloud, and data center technologies. Most recently, Chris was head of product marketing at Salt Security, the leader in API protection, and has held product marketing leadership roles at companies including VMware, Illumio, and Adallom (acquired by Microsoft).

When the 2022 Verizon Data Breach Investigations Report (VDBIR) came out at the end of May, I was preoccupied with closing Ordr’s $40 million Series C investments and, while I gave it a quick read at the time, I didn’t get around to taking a close look until this past weekend. The VDBIR always contains a wealth of information, and like most people in the information security industry, I read through many studies to keep abreast of trends and look for clues that point to what’s next.

I especially look forward to seeing what is new in the VDBIR. Over the last 15 years the team at Verizon has done yeoman’s work quantifying the way threats have played out, tracking things like ransomware and digital supply chain attacks, helping to raise awareness of the need to improve the ways enterprises secure their networks, data, and people. It is incredibly useful and has the advantage of its deep history.

Reading Between the Numbers

After skimming the 108-page 2022 report, and examining more closely the sections calling out healthcare, manufacturing, finance services, and other industries that call on Ordr to protect them from the threats to their extensive connected device inventories, something caught my attention. At first I couldn’t quite figure out what it was that made the numbers stand out to me, but then it hit me.

In the introduction, the scope of the report is quantified as “23,896 security incidents, of which, 5,212 were confirmed data breaches.” Those numbers are intended to impress upon the reader the magnitude of the problem and to convey the impressive effort involved in producing the report year-after-year. But they reveal a much bigger problem for those organizations that depend on our industry to protect them from the schemes of cyber criminals: the critical importance of accurate data in cybersecurity detection and response. Let me explain what I mean.

Bad Data is Costly

Bad data–whether inaccurate, incomplete, or obsolete–is the root of many persistent problems vexing cybersecurity, including false positive security events. Each of those nearly 24,000 incidents took time and resources away from the organization whose security team had to investigate and determine whether or not an attack had taken place. And when you consider that data in light of a recent article in CSO Magazine reported that reported security teams waste thousands of hours and hundreds-of-thousands of dollars each year chasing their tails because of false positive incidents, the impact of bad data gets worse.

According to CSO Magazine, false positive security incidents may account for as many as 45% of all security events. That means that of the 23,896 security events used in Verizon report, there were nearly as many incidents that also had to be evaluated before determining whether they were actual indicators of compromise (IoC) or false positive events, wasting time and resources, but also causing signal fatigue through the boy who cried wolf effect, making organizations less secure because security teams become conditioned to expect to find no threat. When security evaluations and decisions are based on bad data, the natural response is to adjust the systems designed to detect anomalies to be less sensitive. This reduces the workload for human analysts, but it also increases the chance that actual IoCs will go unnoticed.

Imprecise data begets imprecise results, and imprecise results increase risks to the enterprise. The remedy, therefore, is more data–and more precise data.

Building on a Foundation of Excellent Data

When we set out to develop the technology that became the Ordr platform, we knew we had to build something that was engineered from the start to address the problem of false positive signals. We also knew we needed to focus on discovering and protecting connected devices, so we created an Ordr Data Lake populated with data specific to millions of devices; then we applied artificial intelligence and machine learning to run behavioral analytics to develop security models for each device.

That combination of Ordr Data Lake, our behavioral analytics engine, and comprehensive, real-time discovery of devices is powerful. Deep packet inspection of network traffic along with granular device context (including properties like operating systems, patches, and software installed and network connectivity) flows to our Ordr Data Lake along with all of the flow data that the device transacts. Using this rich data, our AI-powered behavioral analytics engine along with standard threat detection methods, like intrusion detection signatures, URL/IP reputations, and other unique techniques forms a very accurate profile of a device, and identifies ones with vulnerabilities, risks and anomalies.

Deep and Unrivaled Device Data

Today, the Ordr platform is informed by a body of threat intelligence and device-specific data that is unrivaled in its scope and scale. What’s more, Ordr is constantly enriched with an influx of new data, including real-time packet capture and analysis across each customer environment. That feeds our platform with an accurate, continuous, and correlated input of data from every connection, flow, and change.

Non-correlated data can’t be used to distinguish false positive signals from actual indicators of compromise at the speed required to quickly and efficiently detect and contain–or even prevent–attacks. That level of detail and resulting accuracy means that, when the Ordr platform detects an anomaly, we can apply automated policy enforcement with a high degree of confidence to exactly isolate the offending device.

Ordr uses that depth of detailed intelligence to perform multidimensional contextual analytics centered on individual devices that can quickly detect and contain a threat, not merely track an attack’s progress. It’s the difference between eliminating the detrimental effects of false positive signals and taking decisive action that minimizes the threat of a breach while allowing business critical operations to continue.

Ordr Covers your Large Threat Surface

There are more than 35 billion internet of things (IoT), internet of medical things (IoMT), and operational technology (OT) devices connected to enterprise networks today. By 2025 that number is expected to more than double to 75 billion. When you consider that the average hospital operates an enterprise with more than 100,000 connected devices, including as many as 15,000 dedicated to clinical care, the importance of device security is easy to understand. Each device contributes to an expanding threat surface that would be impossible to protect without a purpose-built solution.

The power of device and flow context, along with building behavioral models using historical observations world wide for each device, is critical in reducing false positives and confidently thwarting attacks on an organization. This is even more pertinent for devices that do not have an inert security agent installed.

If you want to put that power and precision of the device data lake to work protecting your enterprise, get in touch.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Ordr just announced the closing of our Series C round of investments, raising an additional $40 million dollars to support our growth and continuing R&D in the realm of securing internet-connected devices for the organizations that rely on them. Investors in the round include ongoing commitments from all our prior investors, including Battery Ventures, Ten Eleven Ventures, Wing Venture Capital, Unusual Ventures, Kaiser Permanente Ventures, and Mayo Clinic. We are delighted to add Northgate Capital as an Ordr investor and to have the support of industry leaders and notable Silicon Valley entrepreneurs René Bonvanie, former Chief Market Office of Palo Alto Networks; Dan Warmenhoven, former Chairman and CEO of NetApp; and Dominic Orr, former Chairman and CEO of Aruba Networks.

Since Ordr’s founding in 2015, our company has attracted more than $90 million in total investments. On behalf of the Ordr team, I want to thank all our investors for this strong vote of confidence in the organization and in our vision for the future of cybersecurity. While many companies have been sold or exited this market early, this funding gives us the ability to build a strong, stand-alone technology leader that will be here for our customers for years to come. I must also offer our gratitude to the hundreds of customers and partners who have trusted Ordr to protect their connected devices, patients, and businesses. We are inspired every day by your commitment and dedication to your mission. Your passion and input have made us a better company and today’s announcement would not be possible without you.

Finally, I want to recognize the tremendous Ordr team, from our founders, Pandian Gnanaprakasam and Sheausong Yang, to the amazing new colleagues who have joined us recently. This milestone reflects your passion, your empathy for our customers, and your dedication and confidence in our mission.

Our Vision, Our Journey

When we began our journey, it was estimated that there were about 3.5 billion internet of things (IoT) devices connected to public networks. Improvements and innovations in processing and network communications, artificial intelligence and machine learning, and automation presaged rapid growth for the technology. Today there are more than 35 billion connected devices in service, and projections suggest more than 75 billion will be deployed by 2025—more than twenty times the number since we started.

Every one of those devices is a potential attack vector, expanding the need for what Gartner now calls “cyber asset attack surface management,” or CAASM. Threat actors are adept at taking advantage of device vulnerabilities to gain a network foothold from which they can move laterally to disrupt operations and execute attacks. Their targets are often organizations in critical infrastructure industries like healthcare, manufacturing, energy, and government where there has been heavy adoption of IoT devices, including the internet of medical things (IoMT) and operational technologies (OT). In fact, Ordr is one of the few security vendors that address a myriad of security and device management use cases across Gartner-defined market categories ranging from medical device security and OT security, to CAASM, and network detection and response (NDR).

IoT Security as a Business Imperative, Strategic Priority

Securing the vast constellation of connected devices is not only a business imperative, but it has been recognized as having strategic importance for national security here in the U.S. and abroad. The Ordr platform is a vital component to achieving a Zero Trust security posture as recommended to protect economic interests. To meet the security needs of critical infrastructure and other industries, like financial services, retail, education, and biopharma research, where connected device adoption is building momentum, requires a tool like Ordr that is designed to address conditions unique to connected devices. Ordr’s “See. Know. Secure.” approach to connected device security finds devices wherever they are in the network, identifies each device and learns its operating pattern, then automatically applies and executes appropriate security policies to ensure that each device remains protected.

And Ordr’s approach to connected device security works. That’s why the Ordr platform enjoys wide adoption across critical infrastructure industries where we help protect three of the world’s six largest healthcare organizations, and are the connected device security tool-of-choice for more than 150 manufacturing sites. Ordr customers span the full spectrum of industry, and our technology’s excellence has driven a 140% increase in year-over-year new customer growth in our most recent quarter, ending March 31, 2022.

Looking to the Future of Connected Device Security

As we look to the future to further develop our product, attack the market, and execute against our business plan and goal of achieving continuous improvement in all aspects of our operations, we’re proud to have attracted such strong partners invested in our success and that have a stellar track record working with companies in hyper-growth, and that bring strong domain expertise to our leadership team. We believe the connected device security market needs a strong, open, and independent player that prioritizes customer success, focuses on time-to-value, and integrates with all the key components of a customer’s security and network infrastructure. This funding validates our best-in-class approach and solidifies our leadership in the market.

It is my privilege to serve as Ordr’s CEO and to play a role in an exciting future for the company, and am humbled to be surrounded by a team of professionals committed to our success and the security of our customers. If you want to be a part of that future, please check out our Careers page for opportunities to join the team. If you are a CISO, CIO, or other tech leader who recognizes that your company’s investments in connected devices are leaving you vulnerable, take a look at our technology and then reach out for more information or a demonstration. We’d love to hear from you.

Greg Murphy

Greg joined Ordr as CEO in December 2018. Previously, he was VP Business Operations for the HPE Aruba Group, the 4,000 person networking and IoT business unit of Hewlett Packard Enterprise. In that role, Greg was responsible for leading the business integration of Aruba and HP Networking following HP’s $3 billion acquisition of Aruba Networks in 2015. Greg held multiple prior senior executive positions within Aruba, including SVP Business Operations, GM of network management software, GM of outdoor and mesh products and VP of Marketing. Greg joined Aruba in 2008 through its acquisition of AirWave Wireless, a network management software provider that Greg founded and led. Greg received his M.A. from Stanford University and his B.A. from Amherst College.

Zero Trust has emerged in the past ten years as the foundational approach to cybersecurity for many organizations. As the name implies, Zero Trust is about removing the presumption of trust for all users, i.e. “never trust, always verify”. Instead of a one-time access decision, trust is continuously addressed and evaluated, and access is limited to least privilege.

While the Zero Trust concept is fairly mature, its application to IoT and unmanaged devices is relatively new, but growing.

New research from EMA points to IoT as one of the top drivers for enterprise interest and investment in zero-trust networking (46% of enterprises).

The EMA report, “Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network Segmentation” based on a survey of 252 enterprise technology professionals, discovered the following:

• IoT drove healthcare, manufacturing, and professional IT services companies towards Zero Trust networking, while software and retail companies were the least influenced by IoT.
• IoT and other unmanaged devices present a challenge to Zero Trust networking policy design because they have no users associated with them and require an alternative way to authenticate connection requests. 38% of enterprises surveyed create tailored access privileges based on the functions and characteristics of individual devices or classes of devices. This means that 64% of enterprises establish generic access for all devices or devices are untrusted with limited access, or are untrusted and banned from the corporate network.
• Establishing a generic, minimum level of access privilege for IoT and unmanaged devices, such as an IoT VLAN, is popular among government agencies (50%) and healthcare organizations (55%). However, this strategy isn’t ideal as risks can differ even among a set of similar IoT devices based on behavior, vulnerabilities, manufacturer.
• The most important parameters for determining access privileges of unmanaged devices were cited as security status, device vulnerability and risks, owner of the device, and observed network behavior. This makes sense so that enterprises can use tailored policies and place devices in the right “trusted” areas of the environment.
• Enterprises are more likely to succeed with tailored policies for unmanaged devices if they formed a Zero Trust networking taskforce rather than relying on formal partnerships between network and security teams.
• Identifying and segregating IoT and other unmanaged devices is a top priority for healthcare organizations (55%). This is not a big surprise given the vast numbers of sensors, scanners, and other medical equipment that connect to networks in clinics, hospitals, and laboratories.
• The top issue that enterprises find most challenging to Zero Trust network segmentation are the high volume of changes and exceptions straining management capacity. This points to a need for network automation.
• 92% of enterprises want tools that simplify segmentation, specifically to address “exceptions/custom rules”, cross-tool support, and to automate/eliminate errors — this is especially true for IoT since there are so many different types of devices and their numbers are so large that automation is critical to drive Zero Trust segmentation

As the report shows, enterprises are recognizing the need to extend Zero Trust to unmanaged and IoT devices. 50% of enterprises in the EMA survey have started Zero Trust microsegmentation in the LAN where IoT lives. To do this effectively and without manual errors, automation is critical. Ordr can help. We help enterprises discover and profile devices so they know exactly what an IoT device is at a very granular level, how it is behaving, and protect these devices at the firewall and in the network via automated Zero Trust and microsegmentation policies.

We invite you to download the report summary here. For complete visibility into what’s in your network, sign up for our IoT Discovery Program at www.ordr.net/sensor.

Danelle Au

Danelle Au has more than 20 years of experience bringing new technologies to market. Prior to Ordr, she was CMO at Blue Hexagon, a deep learning for malware protection company, and CMO at SafeBreach where she helped build the marketing organization and and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. Patents. She has an MSEE from UC Berkeley

Santa Clara, CA – February 15, 2023 – Ordr, the leader in connected device security, today announced that it has been named a top performer by KLAS Research in the firm’s 2023 Best in KLAS Software & Services Report for Healthcare IoT Security. Ordr has been recognized as a Top Performer in this report for three years in a row.   

The Best in KLAS report recognizes software and services companies that excel in helping healthcare professionals improve patient care. All rankings are based on feedback from thousands of providers, compiled over the past year, who use the products reviewed.

“Healthcare technology management and security teams benefit from Ordr’s ‘whole hospital’ approach to visibility and security. As shared by our customers, we continue to deliver unique product innovations – from granular device context, full-lifecycle vulnerability management, and utilization insights to meaningful integrations – to help healthcare systems enhance patient safety, optimize usage and improve efficiencies. Our market-leading security and segmentation capabilities help security teams anticipate, withstand, and respond to cyberattacks such as ransomware, ensuring operational resilience,” said Jim Hyman, CEO at Ordr. “We’re thrilled to be recognized by our customers. It is a strong endorsement of our team’s continued dedication to delivering the best healthcare IoT security product on the market.”

When asked about Ordr, customers shared the following comments:

• “Ordr is one of our favorite vendors, and they enable a practical approach to zero trust security. They do a wonderful job of helping us secure our medical devices, and they are a pleasure to work with. They are putting a lot of new features into their product, and they are going beyond what we originally purchased them for to the extent that we might actually be able to get rid of one of our other network monitoring products.” CIO (November 2022)
• “Ordr comes out with new technology that blows me away all the time. They just keep adding functionality. Ordr’s product is the only product I can ever remember. When I am talking to peers or companies that [I] do work with, I tell them they need to check out Ordr’s platform.” Director (October 2022)
• “The biggest thing I like is that we can use the information gathered by the system to implement tangible policies for other things, such as my firewall. That is the true value of being able to look at devices and see what they are. The product allows me to write access control list policies around entire groups of devices, and that makes us more secure. The information in the product is outstanding, but the opportunity to translate that information into actionable security policies is the big selling point of the product for us.” Director (October 2022) 
• “Ordr is truly exceptional. I have regular calls with their team, and one of the talking points on every agenda is the vendor’s road map. I do lots of check-in calls with vendors on a variety of products, and Ordr is the vendor that is the clearest with their road map.” Director (October 2022)
• “Ordr has an incredible ability to integrate their solution with my firewall and endpoint protection software. The integration between Ordr’s platform and my other security platforms is really high, whether Ordr’s product is integrating with an IoT device or simply a Windows workstation sitting on someone’s desk. The level of integration that the product has is ridiculous.” Director (October 2022) 
• “The product has really helped me discriminate between the devices on my network; I can tell whether something is a PC as opposed to an infusion pump or a pulse oximeter. That is very helpful for specific healthcare IoT purposes. The system has changed our workflow.” Director (October 2022) 
• “Our implementation with Ordr was incredibly smooth. Ordr killed it. I don’t have enough good things to say about Ordr. I don’t know whether I have ever been as satisfied with another implementation as I was with Ordr’s implementation.” Director (October 2022)

The Ordr “whole hospital approach” secures all connected devices – IoT, IoMT, operational technology (OT), and traditional IT systems – that are critical to operations and patient care. With Ordr, HTM and security teams gain the insight and tools they need to identify risks such as devices with outdated operating systems, devices with vulnerabilities, and take action by applying segmentation to devices that can not be updated or otherwise secured.

Ordr recently published a Connected Device Security Healthcare Maturity Model to guide healthcare organizations on their journey to Zero Trust. For more information, see how Ordr can help your organization gain visibility and control over its connected medical devices and equipment.

SANTA CLARA, Calif. – October 28th, 2021 – Ordr, the leader in connected device security, announced new cybersecurity features along with a Ransom-Aware Rapid Assessment^TM service to help security teams accelerate their response to ransomware and other advanced attacks.

Ransomware attacks have accelerated in the past year, due to the ready availability of ransomware as a service, the expansion of the attack surface from connected devices and remote work, and the ease of ransomware payments using cryptocurrency. Enterprises are recognizing that in order to move quickly from threat detection to response, security teams need context on the device that is under attack – what it is, where it is located, whether they can act upon the device and exactly what mitigation steps are possible.

Ordr provides these answers via comprehensive visibility into devices, their corresponding network flows, risks, and anomalous behaviors, along with automated policies to proactively, reactively and retrospectively respond to attacks.

Highlights of the new cybersecurity features and benefits in the latest Ordr Hydrangea Fall 2021 Release include:

• Ransom-Aware Rapid Assessment^TM –Ordr now adds Ransom-Aware Rapid Assessment as an additional services This assessment, available from Ordr and its reseller partners, evaluates ransomware exposure risks in an organization, including identifying threats and vulnerable devices in the environment, reviewing user activity and devices access, and monitoring for communications to ransomware sites. The Ransom-Aware Rapid Assessment comes with a detailed report of findings and recommendations to help organizations prepare for an attack.
• Behavioral-based tracking and visualization of suspicious communications – Ordr baselines the behavior of every device so that “abnormal” communications can be detected. Security teams can now create policies and alert when “normal” behavioral patterns are violated, such as devices communicating with blocked IPs and URLs, banned countries and malicious sites. Ordr automatically provides a visual representation of communications to newly discovered malicious domains via the Ordr Traffic Analysis view, or security teams can customize their view to include specific malicious domains targeting their industry.
• Risk customization – Every enterprise measures risks differently based on the probability of an attack to the business. Ordr now adds the ability for risk and security customization by security teams including multiple high fidelity threat feeds controlled by weightages, risk score customization, custom alarm notifications, and flexible policy groups to customize policies by business context and/or protocol interactions.
• Multi-stage, correlated kill chain detection – In addition to the ability to detect East West lateral movement via its integrated threat detection engine, Ordr now adds new threat detection capabilities including application anomaly detection for high-risk protocols (SMB, RDP, etc.), IP based TOR detection and special purpose scanning engine enhancements to unearth vulnerabilities like PrintNightmare. Every device risk score computation correlates risks from multiple threat events in the kill chain to surface key security issues.
• Retrospective security – As security teams receive new indicators of compromise, it is important to incorporate a model of retrospective security, where the latest threat intelligence is continuously applied to historical device behavior and communications. Ordr adds retrospective analytics to track prior communications to new indicators of compromise. This can identify compromised devices that have slipped past preventative security measures. Ordr comprehensive device, network and behavioral context can be used to shorten the duration in triaging any malware, and to aid in forensics analysis. In one customer deployment, Ordr identified a compromised device behaving maliciously more than 15 days before the FBI indicators of compromise were published.

“As threat actors continue to target organizations around the world with ransomware, security teams need to understand where their risks lie. Ordr helps organizations understand their ransomware exposure and readiness. This will be invaluable to every organization trying to prepare against this imminent threat, “ said Frank Rondinone, President and Founder, Access2Networks.

“The enhancements in this release further bolster what is the most complete agentless device security platform in the industry. We’re making it easier than ever for enterprises to customize their risks, detect threats specific to their industry, continuously manage risks and secure every connected asset everywhere,” said Pandian Gnanaprakasam, co-founder and Chief Product Officer of Ordr.

The Ordr platform is already helping security teams reduce their time to detect and respond to attacks. In a KLAS Research customer interview, one Chief Information Security Officer said Ordr had reduced their incident response time by hours:

“The biggest outcome is a significant decrease in the amount of incident response time. We have used Ordr Platform as part of our incident response with ransomware. Because we couldn’t run our antivirus on our machines, we were able to go in and identify the specific machine on the Ordr Platform and provide a picture to the field support. The network engineers had already logged into the Ordr Platform, saw the traffic and killed the port so that it couldn’t communicate. That was very handy so that when a field support person walked into the room, they knew exactly where they were going. We were able to get the medical devices back up and running on our network and segmented really quickly. Ordr made that quick turnaround happen. We have factored the utilization of Ordr platform into our incident response plans. We have been able to reduce our response time by hours. We already had a really robust response time and plan, and the system sped things up significantly.”

For ransomware best practices and insights: Download Ordr’s ebook “Ransomware:These Four Best Practices Could Save You $4M”

In yet another sign that the vulnerability of the internet of things (IoT) is becoming a priority issue for both healthcare organizations that are adopting connected medical devices, and for a U.S. federal government concerned with mandating a stronger cybersecurity posture for America’s critical infrastructure and at-risk industries, Congress is now considering the bipartisan Protecting and Transforming Cyber Health Care (PATCH) Act of 2022. The PATCH Act (HR 7084) was introduced in the House of Representatives on March 15, and its companion bill (S 3983) was introduced in the Senate on March 31.

Intended to strengthen the security of connected medical devices—also known as the internet of medical things (IoMT)—the PATCH Act would compel medical device manufacturers to demonstrate that their products meet certain minimum security requirements before being approved for use. Among the mandatory measures:

• A plan to monitor, identify, and address vulnerabilities and exploits within a reasonable time once devices are approved and in use;
• A plan to coordinate communication and disclosure of any discovered vulnerabilities with the Food and Drug Administration (FDA);
• Processes for patching vulnerabilities and other needed updates throughout a device’s entire lifecycle; and,
• Disclosure of a software bill of materials (SBOM) to the FDA and device users.

The Threat is Real and Rising

The healthcare industry is among the most frequently targeted by threat actors, and heavily reliant on connected medical devices. One recent study found that as many as 75% of all medical devices contained at least one vulnerability, and another study found that the average hospital has an inventory of more than 3,850 IoMT devices. And, according to industry reports, 49% of smaller medical organizations don’t have a cyber-attack response plan in place, 679 U.S. hospitals were breached by cyberattacks in 2021, and the U.S. Department of Health and Human Services issued a warning that cyberattacks are likely to rise as cybergangs and state-sponsored hacker groups increase activity as a result of ongoing conflict in Eastern Europe.

Poor security and inadequate vulnerability disclosure is not just an issue plaguing the IoMT.  EE Times recently reported that, across all use cases, the security of connected devices is a major concern, and that manufacturers of such products are not reporting known issues and vulnerabilities with their goods. Our research report—Rise of the Machines 2021: State of Connected devices — IT, IoT, IoMT and OT—found that, in addition to IoMT, healthcare networks are populated with devices like Pelotons, smart speakers, game consoles, vending machines, and many more unmanaged devices, compounding security challenges.

PATCH Act and Action Needed

Ordr supports the PATCH Act and its goals of increasing security for healthcare organizations and the welfare of the millions of patients who rely on them for treatment. However, hospitals and other healthcare organizations cannot afford to wait for the PATCH Act to take effect if it ever becomes law. The threat to their IT networks is real and present. We recommend the immediate adoption of a number of security best practices to effect stronger security now, and to increase readiness and resiliency in the event of an attack. These include:

• Implement IoMT, IoT, and operational technology (OT) device discovery to compile and maintain a real-time inventory of devices: You can’t protect what you don’t know about. Security starts with real-time visibility of exactly what you have in your network and how those components are communicating in the network.
• Monitor all devices for suspicious behavior: Unlike most IT systems and software, medical devices, and many IoT and OT devices have deterministic functions. Any deviation from normal patterns can be an indication of attack or compromise. Using machine learning to baseline normal device behavior can ensure rapid response and threat mitigation.
• Track who is using your devices: By tracking and associating devices to users, you can identify compromised devices and also potential account misuse.
• Implement Zero Trust segmentation for vulnerable devices that cannot be patched: Zero Trust segmentation policies can keep these devices in operations by allowing “normal communications” required for its function, while limiting exposure.

Ordr, an unprecedented three-time leader in healthcare IoT security as determined by the independent KLAS Research, has the tools and expertise to help healthcare organizations see, control, and secure their entire connected device inventory. The Ordr platform is trusted by many of the world’s leading healthcare delivery organizations. You can trust us to protect your healthcare organization, too.

Danelle Au

Danelle Au has more than 20 years of experience bringing new technologies to market. Prior to Ordr, she was CMO at Blue Hexagon, a deep learning for malware protection company, and CMO at SafeBreach where she helped build the marketing organization and and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. Patents. She has an MSEE from UC Berkeley

Avoiding the security hazards that come with OT/IT Convergence

For decades, factories, utility operations, and healthcare centers have relied on operational technology (OT) systems for daily functionality – monitoring production processes, distributing electricity, running MRI machines, etc. These systems have largely stood apart from whatever IT structure the factory, utility, or healthcare center might have in place. (And for some, such as older utilities, IT itself has been limited or non-existent.)

Two forces are upsetting the status quo for such OT systems: 1) the drive toward digital transformation made by integrating OT and IT and 2) the ever-more-aggressive attacks on security that may bring operations to a halt, with potentially catastrophic results for the organizations and those they serve.

It’s a frightening prospect, one that requires a careful, deliberate effort to understand the nature of the dangers for an individual organization and develop an appropriate response. Fortunately, solutions exist to enable organizations to up their digital capability while safeguarding their operations. But first, let’s look at how the progress from no protection to an integrated, resilient system takes place.

Phase One: Awareness of Potential Vulnerabilities

Alert leaders of organizations relying on OT begin to realize the growing threat they may face as they read reports relevant to their sector:

• Healthcare organizations: Breaches in the U.S. rose by 55% in 2020 over 2019.
• Utilities: Blind spots in the power generation industry brought on by digital transformation makes them more vulnerable to cyberattacks.
• Manufacturing: The sector became the second most targeted industry in 2020, with a 300% increase from 2019 due in part to the shift to Industry 4.0.

The report on utilities by Yokogawa, a Japanese-based international electrical and software company, crystallizes the problem. While the shift to open systems makes a utility more adaptive to demand, enhances analytical capabilities, and facilitates interoperability, it also “has unlocked a door that was once firmly kept shut,” as hackers are well aware.

Phase Two: Taking Stock of Weaknesses

Next, organizations examine their own potential points of entry for those who would do them harm. Often, they’re alarmed to recognize how many devices are unmanaged, ports are open, and functional silos are in place that keep various security measures from being integrated. The magnitude of the vulnerabilities begins to dawn on them as they see they’re exposed on several fronts: cyber, physical, supply chains, etc., with no centralized way to assess risks, let alone manage and prioritize responses to them.

Phase Three: Attacks, Firefighting and the Shift to Centralization

All the theorizing about weaknesses and vulnerabilities shifts to practicalities and urgency when an organization has a security breach. As the military axiom goes, “No plan survives contact with the enemy.” Organizations move quickly to defend themselves in an ad hoc fashion as best they can. But a rush to shut off one entry point in a network may result in halting operations on a wide scale – a consequence that might have been avoided if the network were segmented so attacks in one section could be addressed while the others were left uninterrupted.

In addition to the problems caused by an unbalanced remediation measure, organizations suddenly panic with the realization that this may be the first of many successful breaches and they have no idea what attacks might be next, nor how they can readily respond effectively and efficiently.

This leads to the conclusion that others (including vendors selling solutions to the problem) have reached: Security needs to be unified, with threats and insights gathered in one centralized location. Silos may have had their time and place in their organization as a way to ensure each function ran well. But modern manufacturers, utilities, and healthcare organizations know that information needs to be free-flowing across all departments. What’s more, external partners must be part of the data-sharing effort, with the risks they represent fully understood and managed.

Phase Four: Implementing a Centralized Security Platform

At this point, an organization may be desperate to find any tool that can help, only to be frustrated to learn from peers who’ve acquired platforms designed for the purpose that implementation is slow and cumbersome. So, while additional planning may be the furthest thing from the minds of organizational leaders who’ve recently been attacked, they eventually see the need to carefully review their options and pick the right solution.

What’s needed is a product that has anticipated the implementation challenges and devised a deployment that goes quickly and painlessly. This is what Ordr was designed to do for manufacturers, utilities, and healthcare organizations – the groups most in need of such protection – as well as other organizations needed to blend OT and IT.

Within hours of deployment Ordr discovers all pertinent information about every connected device, and new devices are discovered in real-time as they connect. All devices are understood for their vulnerabilities, recalls, weak passwords or certificates. Because Ordr scans in a passive, agentless and zero-touch manner, it doesn’t affect the operation of even the most sensitive IoT device. And no matter who the operational owner of the IoT, IoMT or OT device is, the Ordr platform can manage it: automating responses, implementing role-based access controls, and providing customized views for individual stakeholders.

The advantages of converging operational technology with information technology are clear: greater efficiencies, improved capabilities, and cost reduction. But the risks are real, too: unlocking that door that was once firmly shut. Organizations that fully embrace the promise of digital transformation while safeguarding themselves against its security vulnerabilities are in the best position to achieve their organizational objectives and serve their customers safely and effectively.

To see how Ordr can help your organization, one of our industry experts would be happy to give you a personalized demonstration. Use this request form to do so.

Brad LaPorte is a former Gartner analyst and is now a partner in the consulting firm, High Tide Advisors.

Brad LaPorte

Former Gartner Analyst and partner High-Tide Advisor.

The winter weather, high fuel prices, customer complaints, and bad publicity for dragging a passenger off an overbooked flight are some of the worries that can keep an airline executive up at night. Add to this list the rising concern of cyber-attacks and many CSOs of airlines wish they were vacationing instead in an overwater bungalow in Bora Bora.

Why are airlines being attacked by cyber-criminals? For one, Airlines have a treasure trove of sensitive customer information including private passport and credit card data-valuable information for cyber-criminals.  The other issue is that the airlines often connect disparate systems and networks together which can open the door for increased vulnerabilities. Reservation systems, baggage system, logistical data and partner networks are all connected and we’re now adding IoT to the mix providing more potential entry gateways for criminals.

This is all happening while people are flying more than ever. By the end of 2019, the airline industry will set a new record in terms of the number of scheduled passengers, almost 4.6 billion which is up 130% from 2004. The International Air Transport Association (IATA) revealed that present trends in air transport suggest passenger numbers could double to 8.2 billion in 2037.

Problem for Airlines Around the World

A little while back, British Airways was in the embarrassing situation of announcing that 500,000 customers visiting its website were redirected to a fraudulent site where sensitive data was subsequently stolen. It was an expensive problem to fix not to mention the huge $230M fine which British authorities asked the airline to pay for not safeguarding people’s personal data.

And then there was the big headline shared globally involving Cathay Pacific. A little over a year ago, Cathay Pacific was hit hard by hackers and passport numbers, credit card data and other sensitive information such as nationalities, dates of birth, addresses of up to 9.4 million people were illegally accessed. Over at Delta Airlines, the chat software was to blame for the cybersecurity breach exposing customer data. And for our friends in the North, Air Canada said that a data breach occurred on its mobile app, effecting about 20,000 people.

Numerous Connections Make it More Confounding

For busy airlines, the risk of a major security breach can increase with the number of third party vendors involved with a company’s operational process and the number of connected devices. At SFO for example, over 30 airlines connect to the airport systems, the baggage systems, the maintenance network, the FAA, various business partners, all tied together to make the system work seamlessly and get passengers to their destinations.

When a breach occurs, it can be a flurry of activity to contain the damage and find a remedy. Air Alaska for example right after it closed its deal with Virgin America was hacked when cybercriminals gained access to Virgin airline’s systems. When hackers used a remote access toolkit to exploit an Apache Struts vulnerability they were able to move laterally inside the network environment, basically jumping to other systems where more desirable information and data were stored. It was all hands on deck to contain the damage and the good news was that Alaska Airline at that point, and even now for that matter had Virgins network environment separate from the core Alaska Airline’s network.

Segmentation, Sort of, Kind of

This segmentation of sorts helped contain the damage and limited the negative impact to the parent brand. The bad news, however, was that that vulnerability point of ingress was a vendor controlled system that had to remain online as required by the FAA so the system could not simply be switched off and even worse so Alaska had to wait for the vendor to provide a patch update.

Thinking the Problem Through

Having sensitive customer information, unfortunately, means Airlines are subject to cyber-attacks. And the cost and fines related to compliance can be a big deal in addition to the negative publicity and consumer loss of confidence when a breach occurs. The number of devices will continue to be connected to the network for major airlines exposing carriers from international all the way down to regional to security risks.

Segmentation the Ordr Way

The airline industry has been consolidating in North America and its understandable and prudent to keep networks separate after a merger. Cost savings nonetheless can be limited by keeping multiple systems and different networks running vs combining things together. Keeping things separate can keep help contain and limit the expansion of damage yet we like to think a better approach is via micro-segmentation, keeping things separate not just physically but logically as well.

Micro-segmentation gives network administrators more granular control over the traffic that travels up and down and across a network. If and when a breach occurs, micro-segmentation limits the potential spreading and helps prevent potential business disruption. At Ordr, we can help companies segment their network and make sure that traffic within one subnet is carefully monitored and that any anomaly is quickly detected and contained. For Ordr, segmentation applies to the detection and isolation side and just importantly the protection and prevention side.

The Control Tower…Be in Control

The airport control tower is where key operations such as flight data, clearance delivery, and ground control are orchestrated. Ground control makes sure airplanes that have landed can taxi to the right terminal while airplanes ready to take off are sequenced correctly and in order. Even if there was an incident or emergency, there is a segmented and orderly way to contain an issue and keep it from spreading throughout the airport. Likewise, Ordr’s system sees all the elements in a network, keeps things orderly while also making sure operations flow smoothly throughout.

Beyond classification and visualization, our security vision is to provide proactive protection and automate and streamline what can be labor-intensive and time-consuming tasks similar to how things are performed within an air traffic control tower. It all starts with doing segmentation the right way so that things are orderly, even considering the 100,000 flights a day or the millions of bags traversing every day. As an added benefit at Ordr, we have supported multi-vendor heterogeneous networks and our approach is not limited to how and where we can instantiate policy enforcement but rather across the entire airline’s network system.

For airlines we can help implement policies dynamically automate remedial actions and policies across different segments or disparate subnet of a network, helping to keep the friendly skies safe.

Pandian Gnanaprakasam

Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.

Santa Clara, CA – August 31, 2022 – Ordr, the leader in connected device security, today announced Ordr Clinical Defender 8.1, providing Healthcare Technology Management (HTM) teams a full-lifecycle vulnerability management platform to more efficiently prioritize and address risks for their connected medical devices.

Clinical engineering teams are tasked with managing thousands of medical devices, many of them critical to patient care and safety. The volume of devices is increasing every day, with equipment from hundreds of manufacturers, running an enormous volume of operating systems. As hospitals merge (or are acquired), the diversity of devices can multiply overnight. The attack surface also continues to expand – while device visibility decreases – as healthcare providers open remote clinics and support telemedicine environments.

Securing the environment of care directly depends on the operational efficiency of the HTM team. With the 8.1 release, Ordr Clinical Defender optimizes the process of managing medical devices and their vulnerabilities. HTM teams benefit from visibility into devices everywhere, with insights optimized based on their function, location, skills, and experience. Critical vulnerabilities are prioritized based on business risks, and simplified workflows assign the right tasks to the right teams. As a result, no time is wasted, and no vulnerabilities go undetected or unaddressed.

“Simply put, HTM teams require more efficient ways to monitor devices and vulnerabilities in an ever-expanding healthcare environment,” said Pandian Gnanaprakasam, Ordr Chief Product Officer and Co-Founder. “Ordr Clinical Defender allows each user to focus on the specific devices they’re responsible for, from a single screen, and helps them understand, prioritize and manage vulnerability workflows based on full business context. This will ultimately improve efficiencies and enhance patient safety.”

The Clinical Defender 8.1 release also adds the Ordr Software Inventory Collector, and integration with Crowdstrike and Crowdstrike Humio to ensure HTM teams have comprehensive device and operating system visibility at their fingertips. Healthcare organizations no longer have to struggle with discovering offline devices, those in remote clinics and locations, and behind VPN connections, making it easy to properly patch software and protect every device everywhere. Healthcare delivery organizations can now also easily manage diverse devices – from un-agentable devices like MRI systems, to medical workstations with agent-based Crowdstrike protections – within the same environment of care.

“The visibility that we now have into our networked devices and their software inventory gives us greater assurance that we are properly maintaining and securing our systems to ensure that we can continue to provide excellent service and patient care,” said Stacy Estrada, Information Security Manager, Montage Health.

“Efficiencies in HTM and clinical engineering teams translate to improvements in patient safety,” said Boyd Hutchins, Director of Clinical Engineering, Arkansas Children’s Hospital. “With the enhancements in Ordr Clinical Defender 8.1, HTM teams will now be able to manage the complete vulnerability lifecycle for all clinical devices. Ordr takes us beyond vulnerability monitoring and remediation to visibility into system utilization, instant access to system configuration, software levels, and location within our system.”

Clinical Defender was built on Ordr’s foundational asset and risk management features and developed with best practices from the top healthcare delivery organizations in the world. Now with comprehensive visibility into the software “stack” essential to understand vulnerabilities, Ordr makes it easy for HTM teams to work with their security teams to address the shared goal of patient safety.

“Ordr Clinical Defender has been an invaluable tool to help our clinical engineering teams improve the management and security of our IoMT devices,” said Dave Yaeger, Biomed Security DBA for ProHealth Care. “The advancements in the latest release support our whole hospital security approach across the healthcare system and will evolve the way our clinical engineering and security teams work together to manage device vulnerabilities and risks.”

Ordr Clinical Defender 8.1 delivers the following:

• Risk reduction through Full-Lifecycle Vulnerability Management – Ordr simplifies how healthcare delivery organizations manage the complete vulnerability lifecycle for connected healthcare devices.
  • View all risks on a single vulnerability dashboard – Ordr now provides a single clinical vulnerability dashboard to help view all clinical vulnerabilities, across all vulnerability databases.
  • Prioritize vulnerabilities based on risks – Ordr’s Customizable Clinical Risk Score allows HTM teams to plan and prioritize remediation efforts. Risk scores are automatically calculated based on environmental factors and device lifesaving capabilities and are easily customized to align with organizational goals.
  • Optimize mitigation efforts – Leverage simplified workflows to collaborate across teams and manage the entire lifecycle of vulnerabilities. Custom Tags can be used to associate devices with applications, location, priorities, groups, individuals, or other key attributes, to simplify management of vulnerabilities across teams.
  • Collaboration with security teams – Ordr now integrates with Humio, Crowdstrike’s scalable log management platform, sharing medical device context to facilitate better collaboration with security teams.
• Operational efficiency by aligning to HTM roles and responsibilities – Ordr enables users to group devices based on real-world business functions, allowing each user to see all devices under their management – and only those devices. Devices may be grouped by device type, across multiple types, by location, cost center, ownership, or any other business logic. This is useful when a mix of devices such as workstations, medical equipment, security cameras and more must be managed and maintained by an individual or group.
  • Enhanced security by eliminating device blind spots – Ordr Software Inventory Collector and Ordr’s new integration with Crowdstrike eliminate blind spots by gaining granular details of all connected devices everywhere.
  • Simplify how device context is gathered – Ordr Software Inventory Collector simplifies how device context, including vulnerabilities, can be gathered for all managed and unmanaged devices on all leading operating systems, no matter where and how the devices and users connect. This includes devices offline or online, in remote locations, and connected behind VPN or gateways.
• Comprehensive visibility for all devices, managed and unmanaged – Ordr now integrates with Crowdstrike. The integration provides healthcare delivery organizations with comprehensive visibility across all devices, managed and unmanaged. Insights from devices with Crowdstrike agents are integrated within the Ordr DataLake to enhance device context.

“Ordr tracks IoT, OT, and medical devices where the CrowdStrike agent cannot be installed. By integrating Ordr’s dataset with Falcon’s in Humio, Crowdstrike’s scalable log management platform, this solution provides our customers unprecedented observability and visibility on all devices, agent or agentless, 24×7, online or offline,” said Adam Hogan, SE Director, Humio, CrowdStrike.

“Connected devices in healthcare bring unique risks. Ordr Clinical Defender 8.1 demonstrates Ordr’s continued focus on innovation, and will allow us to help healthcare providers to more effectively manage clinical vulnerabilities across the full lifecycle and safely deliver connected care,” said Carter Groome, CEO, First Health Advisory.

Learn more about Ordr Clinical Defender 8.1 and how it can help your HTM team stay on top of connected device security.