The integration of Ordr Systems Control Engine (SCE) with the Fortinet Security Fabric, including FortiManager, FortiGate, and FortiNAC, through the Fortinet Open Fabric Ecosystem, dramatically reduces the time and effort needed for customers to create and maintain a complete and detailed asset inventory, determine safe communication patterns, and create effective, business-relevant firewall policies.
This integration also enables NAC segmentation policies that automatically update as devices are added, removed, and move around the network.
As the number of connected devices on corporate networks—from critical business infrastructure such as IP-enable physical security devices to consumer devices such as smart speakers—has grown exponentially, they have become lucrative targets for attack.
A majority of IoT devices, including critical and expensive systems like MRIs, commonly run legacy software that lack anti-malware and patch management support and are thus an inherent risk to an organization.
The only way to reduce threat exposure is to first identify every connected device and its risk, then proactively apply protection policies through firewall rules or NAC policies that permit only necessary and safe communications.
Ordr SCE automatically creates a complete asset inventory, identifies and prioritizes asset risk, and tracks and risk-rates asset communications patterns.
Ordr transmits this critical security context to Fortinet FortiGate, FortiManager, and FortiNAC, allowing administrators to create and apply firewall and NAC policies using business-relevant groups, classifications, and device names, while understanding the full risk profile and impact of each change.
Ordr further reduces administrative costs by automatically updating asset groupings as devices join and leave the network, as well as by creating and transmitting security policies directly to FortiGate and FortiManager for enforcement.
- Discover and inventory every connected network asset, including the massive volume of IoT and unmanaged devices, and make available across the Fortinet Security Fabric, from endpoint to edge, through FortiNAC, FortiManager, and FortiGate
- Establish comprehensive security controls that restrict IoT devices to known-good network behaviors
- Manage firewall and NAC policies using business-relevant context such as device type, manufacturer, location, risk, and function rather than IP addresses
- Automate updates of firewall groups and address info to ensure consistent policy enforcement regardless of device location, VLAN, or IP assignment, thus drastically reducing operational costs and downtime
- Protect critical devices with automated, zone-based segmentation and microsegmentation within zones
Ordr also incorporates additional network intelligence from FortiGate deployments. Ordr SCE can consume network traffic information, wireless device context, and other data, in some cases eliminating the need for an Ordr sensor in remote offices.
Ordr SCE also correlates threat information with FortiGate, clearing alerts when suspect traffic has been blocked by the firewall.
“Fortinet is a leader in enterprise security and today’s announcement bolsters our customers’ ability to discover and inventory every connected device, including the massive volume of IoT and unmanaged devices on a typical network,” said Bryan Gillson, VP of Business Development at Ordr.
“It is now easier than ever for customers to establish and automate comprehensive security controls that restrict the behaviors of connected devices. It’s also easier to manage firewall and NAC policies using business-relevant context such as device type, manufacturer, location, and function, rather than manually checking IP addresses.”
“FortiGate Next-Generation Firewalls enhance Ordr’s visibility across the infrastructure by sending flow data to a centralized Ordr sensor,” said John Maddison, EVP of products and CMO at Fortinet.
“This extends the visibility in remote and lateral communications to improve overall infrastructure visibility, enhance anomaly detection, and increase the efficacy of FortiGate zone-based segmentation and FortiNAC access control policies.
“FortiGate NGFWs can also reduce incident response efforts by informing Ordr when malicious traffic is dropped at the firewall.”
“With just a few clicks, administrators can create business-relevant segmentation policies in FortiGate NGFWs that ensure devices of a specific type and role only connect over approved communication channels with necessary destinations—all specific to the organization,” said Josh King, Director of Security Solutions at Carousel Industries, an Ordr partner whose team of more than 1,300 IT professionals provide IT, security, cloud and managed services to thousands of businesses.
“This drastically reduces operational costs and downtime, which is essential for companies across all verticals – including healthcare, manufacturing, life sciences, financial services and retail.”