Sponsored by Ordr
By some estimates there are more than 31 billion IP-enabled devices, collectively known as the Internet of Things (IoT), connected to the Internet. That number is expected to increase to 35 billion by 2025. Connected devices are a significant part of today’s enterprise IT architecture, and no industry has embraced IoT more than health care. In health care organizations, specialized Internet of Medical Things (IoMT) perform patient monitoring, treatment and diagnostics, while additional IoT and operational technology (OT) devices control facilities, improve operations and enhance communications. All are a critical part of the patient care experience.
The challenge is that these devices can be difficult to secure. They cannot be taken out of service, even to be patched, and typically have an expected service life of many years (far more than typical managed endpoints). Many support rudimentary operating systems and are susceptible to failure during scans. They can be difficult to discover via traditional security solutions and cannot support corporate endpoint security agents. Left undiscovered, unmanaged and unsecured, these devices put hospitals and the patients that rely on them, at risk.
“Today’s health care networks consist of IoT, IoMT and operational technology devices, all of which may reside under different operational owners, creating a wide attack surface if not properly managed,” explains Greg Murphy, CEO of Ordr. “You need one common platform that can deliver visibility and security for all these devices, not just medical devices.”
One Comprehensive Security Platform For Health Care
Ordr was founded in 2015 by industry veterans from Cisco and Aruba Networks who recognized an urgent need to address the visibility and security of unmanaged IoT, IoMT, and OT devices. Whether the threat is being commandeered as part of a botnet by malicious actors, or used as a vector for infecting networks with ransomware, IoT and IoMT adoption introduces a new attack surface.
To counter the threat, Ordr developed the Systems Control Engine, the industry’s most comprehensive platform for IoT, IoMT and OT discovery, management and security. Engineered to be easy to use while closing the security gaps common with connected device deployment, the Ordr SCE delivers the following:
- Discover all devices in the network. Ordr can discover and classify every device in the customer’s network within a few hours of installation. Based on the devices classified, Ordr then identifies devices with vulnerabilities, weak ciphers and passwords, and active exploits. Ordr SCE integrates with a suite of industry threat intelligence feeds, network vulnerability databases, manufacturing and FDA databses, and ICSA–ICS-CERT advisories. Ordr SCE can also be integrated with asset inventory solutions like computerized maintenance management system (CMMS) and configuration management database (CMDB) solutions, increasing its value as an IT management platform and making Ordr a preferred platform among security vendors in the health care market.
- Behavioral profile devices and risks. Visibility and classification isn’t enough. Next, Ordr analyzes device behavior and risks using the Ordr Flow Genome. As the name implies, the Flow Genome maps each device’s unique, customer-specific communications patterns, and profiles exactly how it should behave. Unlike users, IoT devices have specific and predictable communications patterns. For example, video cameras need to connect to a camera management system; medical imaging devices need to communicate to a central PACS or DICOM server.
Ordr Flow Genome profiles the behavior of devices and identifies anomalous and malicious communications. The Flow Genome also provides deep insight into device utilization, so teams can identify areas of over or under use, to ensure data-driven moves, adds, and changes as teams scale their capacity. - Automated Action. Real-time discovery, monitoring, and behavioral analytics only matter if IT and security teams can act on the resulting insights quickly and effectively. This is where Ordr shines.
Ordr enables practical segmentation that actually works. Based on the device profiling information from Ordr Flow Genome, Ordr dynamically creates policies to segment devices and “allow” only the appropriate “sanctioned” communications. Ordr then enforces these policies automatically on existing infrastructure, like firewalls, switches, network access controls and wireless LAN controllers. In the event of a security incident, policies can also be generated to quickly isolate an infected device.
“When we built the Ordr SCE, we created a robust AI platform to secure all connected devices. However, we knew that was not enough. We also focused on automating the critical job of securing these devices, not only reducing the burden on security and networking teams, but making previously complex management tasks simple,” says G. Pandian, chief product officer and co-founder, Ordr.
Ordr has been effectively implemented at scale to secure connected devices in large, complex networks, and is the preferred IoT vendor for health care organizations. A recent Series B funding round included investment from Mayo Clinic and Kaiser Permanente Ventures.
Ransomware Thwarted
When investing in an IoT security and management platform, it’s good to know it will work as advertised when called upon in an emergency. Ordr does. Earlier this year, a partner hospital to an Ordr health care customer was hit by a ransomware attack. After the initial infection, the malware tried to spread from the partner’s network onto the customer over a pre-established VPN tunnel.
Some of the first systems affected by the malicious file were devices that were unprotected by the customer’s endpoint antivirus solution, nor included in their SCCM inventory. Using Ordr, however, the customer’s cybersecurity team was able to identify the at-risk systems, take them off line, then clean, repair and update the systems. Ordr closed the security gap and made it possible for their customer to stop the spread of the malicious file, mitigate and subsequently eradicate the ransomware threat.
For more information about adopting IoT and IoMT as a key part of your IT strategy and how you can better monitor, manage and protect those devices, visit www.ordr.net.