Announcing Hydrangea Fall 2021 Release

As a security community, we’ve always faced cyberattacks, but the pace and sophistication has accelerated in the last two years. In particular, ransomware has wrecked havoc, shut down operations and caused deaths. At Ordr, we’re committed to helping our customers accelerate their response to these advanced attacks, with a particular focus on ransomware. 

With the release of the H-Fall Release, Ordr adds enhanced ransomware detection capabilities, customized security settings, behavioral-based tracking of communications to malicious domains, and retrospective security. These features combined with our comprehensive visibility into devices, network flow and behaviors can help every organization more rapidly detect and accelerate their response to advanced attacks.

Ransom-Aware Rapid Assessment

Ordr now adds Ransom-Aware Rapid Assessment as an additional services option. This assessment, available from Ordr and its reseller partners, evaluates ransomware exposure risks in an organization, including identifying threats and vulnerable devices in the environment, reviewing user activity and devices access, anmonitoring for communications to ransomware sitesThe Ransom-Aware Rapid Assessment comes with a detailed report of findings and recommendations to help organizations prepare for an attack. 

Benefits – Understand your ransomware exposure risks

Behavioral-based tracking of abnormal communications

Ordr baselines the behavior of every device so that “abnormal communications can be detected. Security teams can now create policies and alert when “normal” behavioral patterns are violated, such as devices communicating with blocked IPs and URLs, banned countries and malicious sitesSecurity teams can also visualize communications to newly discovered malicious domains via the Ordr Traffic Analysis view or customize their view to include malicious domains targeting their industry

Benefits – Track abnormal communications for security and compliance

risk settings

Risk customization

Every enterprise measures risks differently based on the probability of an attack to the business. Ordr now adds the ability for risk and security customization by security teams including multiple high fidelity threat feeds controlled by weightagesrisk score customization, custom alarm notifications, and flexible policy groups to customize policies by business context and/or protocol interactions.  

Benefits – customize security alerts, risk scores based on your requirements

Multi-stage, correlated kill chain detection

In addition to the ability to detect East West lateral movement via its integrated threat detection engineOrdr now adds new threat detection capabilities including application anomaly detection for high-risk protocols (SMB, RDP, etc.)IP based TOR detection and special purpose scanning engine enhancements to unearth vulnerabilities like PrintNightmare. Every device risk score computation correlates risks from multiple threat events in the kill chain to surface key security issues.   

Benefits – enhanced detection of threats and anomalies for enhanced security 

Retrospective security

As security teams receive new indicators of compromise, it is important to incorporate a model of retrospective security, where the latest threat intelligence is continuously applied to historical device behavior and communications. Ordr adds retrospective analytics to track prior communications to new indicators of compromise. This can identify compromised devices that have slipped past preventative security measures. Ordr comprehensive device, network and behavioral context can be used to shorten the duration in triaging any malware, and to aid in forensics analysis. In one customer deployment, Ordr identified a compromised device behaving maliciously more than 15 days before the FBI indicators of compromise were published. 

Benefits – identify compromised devices that slipped past other security measures