Ordr improves system control engine software

  • July 8, 2020
  • Steve Rogerson

Ordr, a California-based specialist in security for enterprise IoT and unmanaged devices, has added capabilities to its SCE systems control engine software.
The 7.2 release extends IoT and unmanaged device visibility and classification, enabling organisations to monitor for risks and proactively strengthen infrastructure via automated segmentation policy generation and enforcement. Enhanced analytics also provide organisations with insights into device use to inform budgetary and maintenance decisions, allowing for better management of capital resources.
The release also addresses and mitigates risks from Ripple20 vulnerabilities.
The diversity of IP-enabled devices includes everything from vending machines and printers, to mission-critical MRI machines and security cameras. However, these devices can be difficult to secure as they often run old or obsolete operating systems, cannot support corporate endpoint security agents, or cannot be taken offline to be patched. Device ownership and utility is split among diverse groups, which exacerbates this problem as most organisations are not aware of all of the devices connected to the network.
These challenges underscore the need for a platform that brings together IT, security and IoT operational owners.
“With this latest version of the Ordr systems control engine, we are further delivering on our promise of providing the most comprehensive enterprise IoT security platform in the market,” said Gnanaprakasam Pandian, co-founder and chief product officer at Ordr. “We’ve expanded our device classification capabilities, enriched our device insights and extended our integrations. Networking teams, security teams, lines of business owners, facilities teams and IoT device owners can standardise on the Ordr platform while addressing specific IoT device security needs.”
The SCE discovers every connected device, maps communications patterns and assesses risks. Based on sanctioned device communications patterns, segmentation policies can be created and enforced across networking and security infrastructure to isolate mission-critical devices – those that share protected confidential information or run vulnerable operating systems. It allows for an agentless deployment, which can be delivered at scale via the cloud or on-premise.
“Vulnerabilities such as the recently discovered Ripple20 reinforce the challenges organisations face with connected IoT and OT devices,” said Jeff Horne, CSO at Ordr. “In response, we’ve incorporated a Ripple20 active scanner into the Ordr SCE to help organisations accurately identify or verify if a device is at risk. We can also detect exploits of Ripple20 and isolate impacted devices. These continuing threats validate the need for proactive protection based on rich visibility into the behaviour of connected devices to combat current and future vulnerabilities.”
Version 7.2 extends its understanding of millions of IoMT devices. It adds visibility and context for critical medical devices – such as blood analysers, patient monitors and protocol analysers – as well as unmanaged endpoints and workstations, including those that may be deployed behind existing network gateways.
Facilities managers in enterprises including healthcare, manufacturing and retail have adopted IoT for physical security of critical infrastructure, energy efficiency, and employees’ comfort and convenience. These controllers manage access, energy and environmental air quality, which are critical to business operations. Version 7.2 adds support for smart building systems including Honeywell, Johnson, Tridium and Lutron Bacnet controllers to ensure facilities teams can operate the latest systems without compromising security.
IT and OT teams need access to rich device insights to identify underused high-capital equipment, to ensure the longevity of certain devices, or to address compliance. Version 7.2 enhances the already strong device and use insights:

  • Device use: During the Covid-19 surge, Ordr was used to identify and repurpose underused devices quickly and track high demand devices such as ventilators. In this release, Ordr enables enhanced use insights for additional devices such as Hospira, Braun and Smiths Medical infusion pumps.
  • Device user mapping: Ordr can extract the latest authentication information via Active Directory, LDAP, WinRM, WMI and Kerberos to identify device users. Such information is critical to locate devices associated with a specific owner or to identify the most recent authenticated login during a security incident.

Ordr provides value to networking, security and device owners via built-in product integrations that can mitigate organisational risks and increase efficiency. Integrations in this release include:

  • Discovery: Computer maintenance management systems including enhanced integration with Nuvolo.
  • Risk: Vulnerability managers such as Rapid7 and Tenable inform an overall risk posture but also enable vulnerability identification in networks with sensitive devices that cannot withstand active scans.
  • IT and secops: Security operations centre and IT service management tools such as Splunk, ServiceNow and LogRhythm.
  • Networking and infrastructure: Check Point, Palo Alto Networks, Cisco ISE, Aruba ClearPass and Infoblox.

JSOF recently published information on 19 vulnerabilities it found in the Treck TCP/IP software used by many device manufacturers. Ordr SCE can detect devices impacted using a built-in Ripple20 scanner as well as detect active exploitation using an intrusion detection engine. Ordr then proactively isolates impacted devices by dynamically generating policies and enforcing them on network devices or firewalls.