As a trusted advisor for cybersecurity, it’s important to be able to develop security strategies that match the challenges inherent in each customer’s unique IT environment. To do that requires a complete understanding of the IT estate; and a complete understanding of the IT estate requires device discovery that delivers total visibility into the estate.
In organizations that rely heavily on internet connected devices—the Internet of Things (IoT)—that level of visibility can be elusive. And for the unprepared, it’s going to get worse. That’s because there’s been a huge increase in IoT use across industry, and in healthcare and manufacturing especially. IoT deployments worldwide were at 10 billion in 2018 and are predicted to exceed 25 billion by the end of 2021. Some believe that number could more than triple by 2025, driven by the advent of 5G network connectivity.
Overcoming Historical Challenges
At Cadre we work with manufacturing and healthcare organizations with complex environments and a significant need to secure connected devices. Historically, protecting IoT devices in manufacturing and healthcare was a hard thing to do. Most organizations chose to either air gap their networks, or use a well-protected jump host to access the environments. On the manufacturing shop floor, where industrial sensors and controllers are used to maintain production, devices remained segregated from corporate networks.
Now you have devices that are communicating not only internally with the owner, but out on the internet to supply chain partners. That dynamic has upended the Purdue Enterprise Reference Architecture (PERA) model, dramatically increasing organizational risk of malware infections and attacks by malicious actors. The stakes are even higher when the equipment you’re protecting is used for medical care. From an IT security perspective, you can’t treat a patient monitor or ventilator the same way you treat an HVAC controller.
When we learned about Ordr and its approach to securing IoT devices in these complex environments, we were intrigued. It was important to us that they are a Check Point integration partner with a strong, stable organization and track record of success. Our experience with the Ordr Systems Control Engine (SCE) has been great, so when we had a chance to evaluate Ordr's IoT Discovery Program, a complete kit of zero-touch, cloud-managed IoT sensor and Ordr Core software, we were on board.
Ordr Core Lives Up to the Claim
Ordr Core quickly and easily discovers the full extent of an organization’s IoT asset inventory, allowing us to automatically populate the customer’s configuration management database (CMDB) with the profile of every device connected to the network. From there we can automatically generate and enforce appropriate policy based on device risk.
Ordr Core has already become an indispensable tool for us to see into the customer’s environment, control the chaos, and implement complex security strategies like device segmentation at a level of granularity that was unattainable before.
Every time we run Ordr Core in a customer environment, or when evaluating prospective engagements, we find devices that were unknown to the CIO and CISO. Often these are older devices that had fallen out of view and were forgotten, but we also find unauthorized devices like consumer electronics that have no business being on the network in the first place.
Discover, Profile, Evaluate, Protect
Once Ordr Core discovers these devices, we are able to profile them and observe things like communications flow, and identify and evaluate the inventory of legacy devices. It’s easy to forget that, while the IoT market is in the midst of a renaissance, networked controls and sensors have been in use for decades. Many organizations rely on equipment that was made by companies that no longer exist, or that operates with obsolete operating systems or firmware that cannot be patched. All of this is easily understood by Ordr, and it gives us a clear view into the health, availability, and risk of the network and allows us to close a security gap that network access controls can’t handle natively.
Ordr Core gives Cadre a competitive advantage with the ability to see across the entire IoT estate and derive insights that were not available before. We know there’s no slowdown in sight for the adoption of IoT, and every organization that relies on them has a compelling need to control and protect each device to keep it from becoming a point of entry for malicious actors.
If you’d like to see what your IoT environment looks like and take informed action to address the vulnerabilities you knew were there but couldn’t find, you can request your free zero-touch, self-provisioning Ordr Core sensor here: https://ordr.net/iot-discovery-program-cadre-information-security/.