Announcing Ordr Systems Control Engine (SCE) 7.4.2 – Our Largest Launch to Date

The number of connected devices, including unmanaged and IoT devices continues to rise exponentially. With this increase, the number of vulnerabilities and attack vectors also rises. Organizations are struggling to maintain a real-time accurate inventory of all connected devices and the device intelligence to make informed decisions. Introducing Ordr Systems Control Engine (SCE) 7.4.2, the largest product release in the history of Ordr.

Ordr makes it easy to secure every connected device, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT devices. Ordr SCE uses deep packet inspection (DPI) and advanced machine learning to discover every device, profile its risk and behavior, map all communications and protect it with automated policies. Organizations worldwide trust Ordr to provide real-time asset inventory, address risk and compliance and accelerate IT initiatives.

With the release of Ordr SCE 7.4.2, Ordr delivers more than 160 features and enhancements to organizations globally for security, IT, and HTM teams.

The key benefits are as follows:

Reduce Infrastructure Footprint

For organizations that are looking to reduce their existing network infrastructure solutions and gain quicker time-to-value, Ordr SCE 7.4.2 provides visibility via a virtual or physical sensor, or via a sensor-less telemetry data ingestion. While deep packet inspection (DPI) is foundational to connected device security, Ordr also supports more than 20 network switches, routers, firewalls, wireless controller vendors, including new sensor-less support in Ordr SCE 7.4.2 for Cisco ISR Routers, Juniper Networks Switches, Netgear Switches, Riverbed Switches, Fortinet Wireless Firewalls, Aruba Instant Controllers, and Ruckus Controllers, for quick visibility via telemetry data with enriched device context supported by the Ordr Data Lake, then visualized in an out-of-the-box customized dashboard.

In addition, Ordr SCE 7.4.2 simplifies deployment options with enhancements such as multi-tenancy, zero touch provisioning, on-premises or in the cloud, and a cloud-based portal.


  • Use existing network infrastructure to discover and classify real-time connection status, physical and logical location of device, address binding, and other network telemetry data
  • Automated and enriched telemetry data with the power of Ordr’s Data Lake
  • Quick visibility to device insights in an out-of-the box customized dashboard
  • Flexible deployment options with a virtual or physical sensor(s)
  • Instant visibility via a cloud connection with Cisco Meraki
  • Easy-to-manage and secure cloud-instance deployment

While this is a good solution for organizations that are looking to reduce their infrastructure footprint, there are associated risks of not having an Ordr sensor that performs deep packet inspection (DPI) to surface key device identifiers like, product model name, serial number, OS and software version, medical device modality type, study details, device utilization statistics, digital certificates, user login and logoff patterns, and accurate tracking of supervisory protocols like SNMP, RDP, FTP, SSH, and more.

Increase Efficiency with Workflow Based Dashboard

To adapt to the ever-changing ways in which organizations are conducting business, Ordr SCE 7.4.2, introduces use case and asset inventory-focused dashboards. Organizations can  drill down into rich device context based on industry specific devices, role specific data, and more, with one-click. This will help organizations to quickly look up devices that match specific conditions, including manufacturer, category, profile, devices with sensitive data, devices with custom tags, devices communicating with administrative protocols, device running outdated operating systems, and more.


  • With a single-click, customers can access relevant data to their role or function within the organization
  • Automated identification of devices that are unencrypted and have sensitive data such as ePHI, card holder info, and personal data
  • Quickly view user generated group tags to identify areas to investigate

Empowering Healthcare Technology Management (HTM) with Actionable Data

As the rise in connected medical devices in 2020 saw an all-time high, 2021 is likely to see a corresponding increase in initiatives to address the security and risks of these devices. HTM teams are burdened with the need to quickly visualize and enact segmentation policies. Ordr SCE 7.4.2 delivers vast enhancements for healthcare organizations by ensuring that the clinical data like medical device data from the FDA, clinical and patient risk associated to a device(s), and security risk from MDS2 forms are easily accessible to support informed decisions and initiate the appropriate workflows within a matter of minutes.


  • Quickly identify devices based on industry-specific terminology and create custom tags that are organization-specific.
  • Reduce time spent on locating devices, both on the network and physical location.
  • Reduce time spent on manual analysis of the patient risk associated to devices; with Ordr SCE 7.4.2, customers will have a quick view of risk-based analysis for devices with patient risk associated.
  • Cybersecurity assessment from the manufacturer-disclosed information to associate high-risk devices in order to patch, remediate, or segment.

Integrate Efficiently into Existing Security Workflows

As 2020 came to an end, yet again we saw a rise in ransomware and phishing attempts. Ordr SCE 7.4.2 allows organizations to detect and track ransomware via an optimized graphical user interface (GUI) with signature improvements to expedite the incident response (IR) process. In addition, to make the rich device context easily available we have worked with joint customers to bring security vendors Anomali, Exabeam, Fortinet, IBM QRadar, and Ping Identity into our integration portfolio.

Integrating STIX/TAXII with Ordr SCE
Ordr SCE 7.4.2 introduces the ability to consume STIX and TAXII 2.1 from threat intelligence platforms (TIPs) like Anomali. This enables organizations to incorporate and extend their existing threat intelligence data to the Ordr Data Lake and address connected device security.


  • Broaden the number and type of threats discovered while identifying unique threats against previously unknown devices connected to your network.
  • Leverage a full ecosystem of a TIP with multiple, industry-specific threat feeds and increase the value of your existing investments.
  • Augment Ordr’s expansive security controls with best-of-breed industry solutions.

SIEM Integration with Ordr SCE
Organizations can use Ordr’s rich device context and associated alarms to initiate specific workflow actions based on device type, group, manufacturer, model name and number, and more. With the Syslog and JSON over HTTPs outputs, Ordr SCE 7.4.2 integrates with SIEM tools like Exabeam and IBM QRadar by transmitting alerts, device information, and other critical information. The SIEM ingests the feed, parses the data into the proper fields, and allows the incident response team to triage with a single source of truth.


  • Integrate Ordr’s insights into connected device security risks into your organizations “single pane of glass” security dashboard
  • Increase efficiency for incident response (IR) workflows
  • Identify security risks against device names, like “Axis P5532 Network Camera” instead of “AC:CC:8E:65:A6:B2”
  • Complete visibility into every network-connected device, simplifying security, regulatory, and business reporting processes
  • Can integrate with any SIEM solution capable of parsing ingested syslog, below we highlight some of the leading vendors with whom we’ve validated our integration.

SAML Integration with Ordr SCE
In addition, Ordr SCE 7.4.2 introduces SSO via SAML for Ping Identity into the growing list of IDPs that Ordr supports. SSO helps to reduce replication of username and passwords, time spent on forgotten passwords, and IT resources spent on password recovery. With the Ordr SSO integration into IDPs like Okta, Ping Identity, Oracle, etc., organizations will have centralized management and access to Ordr SCE.


  • Quick and secure access to enterprise applications, websites, and data for which they have permission for increased productivity
  • Proper provisioning of access for users
  • Reduction in the amount of credentials one user has for multiple vendors

Enable Enhanced Analytics and Use Case Based Policy Generation

Ordr SCE 7.4.2 will enable organizations to use flexible grouping of devices to map actions such as communication analysis, policy generation, or assigning custom tagging for NAC and firewalling. Customers can take various classifications like device type, threat/vulnerability, state of compliance, asset status, department, location, etc. and group them for a specific use case, allowing the policy profile to be analyzed and policies automatically generated. With this feature, customers can quickly achieve tasks such as controlling access for all physical security cameras used in a retail location, segment patient care devices by hospital and healthcare division, or tag all manufacturing devices that are still running Windows XP or Windows 7.


  • Ability to create flexible policies based on device type, threat/vulnerability, state of compliance, managed/unmanaged, department, location, etc.
  • Trigger alerts based on dynamically created condition-based logic
    • Ie. If the device type is X AND appears in location Y, belongs to Z organization THEN create appropriate policy/assign custom tagging for NAC and Firewalls
  • Orchestration for dynamic behavioral analysis based on business need – tag devices, create the policy, analyze the behavior via the Ordr Flow Genome, tag mapping, and more.

In addition, Ordr SCE 7.4.2 will have ransomware signature improvements that will enable optimized detection and tracking within the platform. These security enhancements will enable customers in the wake of high-profile ransomware as well as espionage-like activity seen in the Solarwinds attack with access to enhanced security components, focusing on optimized detection and tracking within the platform. Customers will have the ability to visually track antivirus software activity, URLs associated to phishing, malicious communications, user defined prohibited country communications, and quickly see devices with admin protocols and a snapshot of criticality level for devices with known vulnerabilities.

Ordr SCE 7.4.2 will come with a Yet Another Markup Language or YAML Ain’t Markup Language (YAML) Editor. Every organization defines their security risks differently and needs to use security tools based on their policies. This powerful editor allows advanced users to adjust some of the cyber security system parameters such as cyber security risk weighting, network topology definitions (VLAN/Subnet naming), blocklist content, and others.

Augment Cisco TrustSec and Cisco Software-Defined Access (SD-Access)

The Cisco TrustSec technology simplifies the provisioning and management of highly secure access to network services and applications. Unlike traditional access control mechanisms that are based on network topology, Cisco TrustSec policies use logical groupings represented as Scalable Group Tag (SGT)

Cisco SD-Access enables IT transformation by improving visibility, defining and applying group-based access policies, segmenting network to isolate traffic, reduce risk, and contain threats, and achieving consistency in policy over the entire enterprise from users to applications.

Ordr SCE 7.4.2 is Cisco’s flagship segmentation technology partner for augmentation and is the only product on the market to provide rich device context to create Scalable Group Tag (SGT) communication visualization, analytics to support SGTs, policy profiles, and SGT mapping.


  • Remove the manual process of creating Cisco ISE device profiles and reduce maintenance by integrating Ordr’s automated policy creation, thus minimizing operational cost and time-to-value
  • Accelerate Cisco TrustSec and Cisco SD-Access deployment by integrating rich device context
  • Examine existing device communication and operations via the Ordr Constellation View to confirm required operational flows, and tighten existing policies for zero-trust network segmentation