Ordr SCE 7.2: Enabling orgs to monitor for risks and proactively strengthen infrastructure

Ordr announced new capabilities in the company’s Systems Control Engine (SCE) 7.2 software. This release further extends IoT and unmanaged device visibility and classification, enabling organizations to monitor for risks and proactively strengthen infrastructure via automated segmentation policy generation and enforcement.

Enhanced analytics also provide organizations with insights into device utilization to inform budgetary and maintenance decisions, allowing for better management of capital resources. The 7.2 release also addresses and mitigates risks from Ripple20 vulnerabilities.

IDC predicts that there will be 41.5 billion connected IoT devices by 2025. The diversity of IP-enabled devices includes everything from vending machines and printers, to mission-critical MRI machines and security cameras.

However, these devices can be difficult to secure as they often run old or obsolete operating systems, cannot support corporate endpoint security agents, or cannot be taken offline to be patched.

Device ownership and utility is split among diverse groups, which exacerbates this problem as most organizations are not aware of all of the devices connected to the network. These challenges underscore the need for a platform that brings together IT, Security, and IoT Operational owners.

“With this latest version of the Ordr Systems Control Engine, we are further delivering on our promise of providing the most comprehensive enterprise IoT security platform in the market,” said Gnanaprakasam Pandian, co-founder and Chief Product Officer, Ordr.

“We’ve expanded our device classification capabilities, enriched our device insights, and extended our integrations. Networking teams, security teams, lines of business owners, facilities teams, and IoT device owners can standardize on the Ordr platform while addressing specific IoT device security needs.”

Ordr SCE discovers every connected device, maps communications patterns, and assesses risks. Based on sanctioned device communications patterns, segmentation policies can be created and enforced across networking and security infrastructure to isolate mission-critical devices – those that share protected confidential information or run vulnerable operating systems.

Ordr SCE allows for an agentless deployment, which can be delivered at scale via the cloud or as an on-premise solution.

“Vulnerabilities such as the recently discovered Ripple20 reinforce the challenges organizations face with connected IoT and OT devices. In response, we’ve incorporated a Ripple20 active scanner into the Ordr SCE to help organizations accurately identify, or verify, if a device is at risk. We can also detect exploits of Ripple20 and isolate impacted devices,” said Jeff Horne, CSO, Ordr.

“These continuing threats validate the need for proactive protection based on rich visibility into the behavior of connected devices to combat current and future vulnerabilities.”

Broader and deeper visibility and classification for IoMT

Ordr further extends its understanding of millions of IoMT devices. SCE 7.2 adds visibility and context for critical medical devices – such as blood analyzers, patient monitors, protocol analyzers – as well as unmanaged endpoints and workstations, including those that may be deployed behind existing network gateways.

New visibility and classification for building automation and control systems

Facilities managers in enterprises including healthcare, manufacturing, and retail organizations have adopted IoT for physical security of critical infrastructure, energy efficiency, and employees’ comfort and convenience.

These controllers manage access, energy, and environmental air quality, which are critical to business operations. SCE 7.2 adds support for smart building systems including Honeywell, Johnson, Tridium, and Lutron BACnet controllers to ensure facilities teams can operate state of the art systems without compromising security.

Enhanced device insights

IT and OT teams need access to rich device insights to identify underutilized high-capital equipment, to ensure the longevity of certain devices, or to address compliance. SCE 7.2 enhances the solution’s already strong device and utilization insights:

• Device utilization – During the COVID-19 surge, customers used Ordr to identify and quickly repurpose underutilized devices and track high demand devices such as ventilators. In this release, Ordr enables enhanced utilization insights for additional devices such as Hospira, Braun, and Smiths Medical infusion pumps.
• Device user mapping – Ordr can extract the latest authentication information via Active Directory/LDAP, WinRM/WMI, and Kerberos to identify device users. Such information is critical to locate devices associated with a specific owner or to identify the most recent authenticated login during a security incident.

Extended list of integrations

Ordr has one of the most comprehensive sets of product integrations in the market. Ordr provides value to networking, security, and device owners via built-in integrations that can mitigate organizational risks and increase efficiency. Integrations in this release include:

• Discovery: Computer maintenance management systems (CMMS) including enhanced integration with Nuvolo.
• Risk: Vulnerability management solutions such as Rapid7 and Tenable to inform an overall risk posture but also enable vulnerability identification in networks with sensitive devices that cannot withstand active scans.
• IT and SecOps: Security operations center (SOC) and IT service management (ITSM) tools such as Splunk, ServiceNow, and LogRhythm.

Networking and Infrastructure: Check Point, Palo Alto Networks, Cisco ISE, Aruba ClearPass, and Infoblox.

Ripple20 solution

JSOF recently published information on 19 vulnerabilities they found in the Treck TCP/IP software used by many device manufacturers. Ordr SCE can detect devices impacted using a built-in Ripple20 scanner as well as detect active exploitation using the Ordr intrusion detection engine.

Ordr then proactively isolates impacted devices by dynamically generating policies and enforcing them on network devices or next-generation firewalls. For more information on how Ordr can help detect and mitigate these vulnerabilities, see the latest Ordr Security Bulletin.