To cybercriminals, unprotected IoT and unmanaged devices represent back doors into your operations. Cyber attacks are launched to ferret out weak and vulnerable targets leading to data exfiltration or hijack attempts to solicit ransom. Since IoT devices are often difficult or impossible to individually secure, they are easy prey with high financial reward. There are a growing number of examples where these breaches resulted in debilitating consequences.
- Target was breached through its HVAC system contractor
- WannaCry took medical equipment offline and caused over 65 hospitals to shut down
- Mirai and newer HNS viruses compromised cameras at scale
- NotPetya hit a broad set of vulnerable devices that impacted business operations globally
Solution
Ordr identifies a variety of risks for devices, including active threats, vulnerabilities, FDA recalls, and anomalous behaviors.
- Vulnerabilities and threats: Ordr validates cyber vulnerabilities, threats, and risk level of each device with an integrated intrusion detection engine that synchronizes against a suite of industry threat intelligence feeds, network vulnerability databases, FDA, and manufacturer-published data.
- Weak ciphers and certificates: Ordr detects the use of weak ciphers and non-trustworthy certificates within devices.
- Suspicious and anomalous communications: Using machine learning, every device communication pattern is profiled via the Ordr Flow Genome. This allows Ordr to identify anomalous communications, such as traffic going to known malicious or command-and-control sites.
Ordr also maps device communication patterns using our Ordr Flow Genome. Ordr continuously monitors all communications in the environment and detects when devices try to connect to unauthorized networks, malicious sites, or contain anomalous data in transmissions.
With all these security risks identified, how do you actually address them? The good news is that Ordr doesn’t just alert on these security issues. We provide a path towards remediation. Unmanaged, IoT, and IoMT devices often cannot be patched or taken out of service. As a result, they need to be protected through network segmentation. Ordr enables practical segmentation that actually works and leverages existing infrastructure. Based on the Ordr Flow Genome, “sanctioned” communication patterns for devices can be identified. The Ordr Policy Generator then takes the tedious work out of creating and implementing policies for micro-segmentation by generating them dynamically for any vulnerable device and enforcing them on firewalls, network access control products, switches, and wireless LAN controllers.
Benefits
Ordr addresses the following:
- Delivers the most comprehensive detection of risks and threats for unmanaged, IoT, and IoMT devices
- Identifies manufacturing and FDA recalls that impact devices in your network
- Identifies devices with weak ciphers and certificates
- Identifies anomalous and suspicious communications to unauthorized networks and malicious sites
- Proactively remediates threats by segmenting devices to only allow “sanctioned communications”
Resources
Ordr Overview
Learn how the Ordr Systems Control Engine (SCE) will discover every connected device, profile device behaviors and risks, and automate response. Read the solution brief now.
How Ordr Detects and Mitigates Ripple20
Learn how Ordr can help to detect and mitigate the vulnerabilities caused by Ripple20.
A Primer on Preparing for and Responding to Ransomware for Users of IoT and IoMT
Ransomware attacks have increased. Hear from Ordr CISO Jeff Horne how to respond if you're attacked.