SANTA CLARA, Calif. – October 28th, 2021 – Ordr, the leader in connected device security, announced new cybersecurity features along with a Ransom-Aware Rapid AssessmentTM service to help security teams accelerate their response to ransomware and other advanced attacks.
Ransomware attacks have accelerated in the past year, due to the ready availability of ransomware as a service, the expansion of the attack surface from connected devices and remote work, and the ease of ransomware payments using cryptocurrency. Enterprises are recognizing that in order to move quickly from threat detection to response, security teams need context on the device that is under attack – what it is, where it is located, whether they can act upon the device and exactly what mitigation steps are possible.
Ordr provides these answers via comprehensive visibility into devices, their corresponding network flows, risks, and anomalous behaviors, along with automated policies to proactively, reactively and retrospectively respond to attacks.
Highlights of the new cybersecurity features and benefits in the latest Ordr Hydrangea Fall 2021 Release include:
- Ransom-Aware Rapid AssessmentTM –Ordr now adds Ransom-Aware Rapid Assessment as an additional services This assessment, available from Ordr and its reseller partners, evaluates ransomware exposure risks in an organization, including identifying threats and vulnerable devices in the environment, reviewing user activity and devices access, and monitoring for communications to ransomware sites. The Ransom-Aware Rapid Assessment comes with a detailed report of findings and recommendations to help organizations prepare for an attack.
- Behavioral-based tracking and visualization of suspicious communications – Ordr baselines the behavior of every device so that “abnormal” communications can be detected. Security teams can now create policies and alert when “normal” behavioral patterns are violated, such as devices communicating with blocked IPs and URLs, banned countries and malicious sites. Ordr automatically provides a visual representation of communications to newly discovered malicious domains via the Ordr Traffic Analysis view, or security teams can customize their view to include specific malicious domains targeting their industry.
- Risk customization – Every enterprise measures risks differently based on the probability of an attack to the business. Ordr now adds the ability for risk and security customization by security teams including multiple high fidelity threat feeds controlled by weightages, risk score customization, custom alarm notifications, and flexible policy groups to customize policies by business context and/or protocol interactions.
- Multi-stage, correlated kill chain detection – In addition to the ability to detect East West lateral movement via its integrated threat detection engine, Ordr now adds new threat detection capabilities including application anomaly detection for high-risk protocols (SMB, RDP, etc.), IP based TOR detection and special purpose scanning engine enhancements to unearth vulnerabilities like PrintNightmare. Every device risk score computation correlates risks from multiple threat events in the kill chain to surface key security issues.
- Retrospective security – As security teams receive new indicators of compromise, it is important to incorporate a model of retrospective security, where the latest threat intelligence is continuously applied to historical device behavior and communications. Ordr adds retrospective analytics to track prior communications to new indicators of compromise. This can identify compromised devices that have slipped past preventative security measures. Ordr comprehensive device, network and behavioral context can be used to shorten the duration in triaging any malware, and to aid in forensics analysis. In one customer deployment, Ordr identified a compromised device behaving maliciously more than 15 days before the FBI indicators of compromise were published.
“As threat actors continue to target organizations around the world with ransomware, security teams need to understand where their risks lie. Ordr helps organizations understand their ransomware exposure and readiness. This will be invaluable to every organization trying to prepare against this imminent threat, “ said Frank Rondinone, President and Founder, Access2Networks.
“The enhancements in this release further bolster what is the most complete agentless device security platform in the industry. We’re making it easier than ever for enterprises to customize their risks, detect threats specific to their industry, continuously manage risks and secure every connected asset everywhere,” said Pandian Gnanaprakasam, co-founder and Chief Product Officer of Ordr.
The Ordr platform is already helping security teams reduce their time to detect and respond to attacks. In a KLAS Research customer interview, one Chief Information Security Officer said Ordr had reduced their incident response time by hours:
“The biggest outcome is a significant decrease in the amount of incident response time. We have used Ordr Platform as part of our incident response with ransomware. Because we couldn’t run our antivirus on our machines, we were able to go in and identify the specific machine on the Ordr Platform and provide a picture to the field support. The network engineers had already logged into the Ordr Platform, saw the traffic and killed the port so that it couldn’t communicate. That was very handy so that when a field support person walked into the room, they knew exactly where they were going. We were able to get the medical devices back up and running on our network and segmented really quickly. Ordr made that quick turnaround happen. We have factored the utilization of Ordr platform into our incident response plans. We have been able to reduce our response time by hours. We already had a really robust response time and plan, and the system sped things up significantly.”
For ransomware best practices and insights: