Things move fast in tech. Enterprise infrastructure is growing larger, more complex, and more diverse; and the mix of hardware, software, and innovative new tools used to manage and secure those enterprises are pushing aside the legacy systems that have failed to keep up. The old saying, “You need a scorecard to keep track of the players” would apply but for the fact that the scorecard is probably out-of-date, too.
The CAASM is Growing
Just in case you weren’t paying attention, there’s a new market category—and associated acronym—that has emerged to describe a fast-evolving corner of the cybersecurity industry. Gartner, which coins terms faster than the Franklin Mint, saw activity reaching critical mass in addressing the need to track, secure, and manage the growing number of devices connecting to and comprising the modern enterprise, and defined a new category: cyber asset attack surface management, or CAASM (which you’ll probably want to pronounce like “chasm”).
Richard Stiennon, cybersecurity author and analyst, recently moderated a panel on CAASM as part of the Demo Forum, participated by Ordr’s VP Systems Engineering, Jeremy Haltom. Check it out here (once you register and login, it’s under the “live” section).
It’s good to see this space getting attention. Ordr’s mantra, “See. Know. Secure.” is a simple description of the CAASM approach needed to rein-in complexity to make it easier to secure. As enterprises get populated with devices, known and unknown, managed and unmanaged, the attack surface is also growing. That makes it harder for IT security and operations teams to do their jobs. You can’t protect what you can’t see, and it’s hard to know if the things you can see are compromised unless you have a clear understanding of what it is, what risks it brings, and how it is supposed to behave.
Without Visibility You’re Flying Blind
Absent a way to effect complete asset discovery, track the ephemeral nature of the attack surface in real-time, and manage those assets based on actual data that can tell indicators of compromise from a baseline of normal behavior, you are flying blind. And that’s not where a CTO, CISO, or CSO wants to be.
What’s interesting to us is that the Ordr System Control Engine was conceived as a solution to the challenges inherent with protecting connected systems and the networks they were connecting to. This was a big problem for healthcare organizations that rely on a mix of medical devices—the internet of medical things or IoMT—that defy traditional approaches to IT security and management. If a certain piece of equipment is operating with obsolete, unsupported software that makes it vulnerable to attack, there may be restrictions keeping IT from making any needed modifications. And if a device is in active use, it may be impossible to turn off.
Ordr SCE and the Power of Data
That was the challenge we set out to solve when Ordr was founded. But as Ordr gained traction in healthcare and other industries, our customers found that our platform was excellent at discovering and tracking assets wherever they were in the organization. We heard stories of hospitals that found equipment that had been missing for years, while others took the business intelligence they’d gathered from Ordr SCE to support asset requisition and allocation management decisions. That’s the power of data when it is complete, accurate, and in granular, contextual detail.
We know that the challenges associated with seeing, knowing, and securing cyber-assets are not going to diminish. At last count, devices were being acquired and attached to networks and the internet at more than 125 per second, with an expected 75 billion “things” connected by 2025. That’s a lot of devices, and for those organizations driving that growth through the adoption of IoT, IoMT, OT, and other connected devices, that’s a lot of attack surface to monitor, manage, and secure.
With Ordr You Aren’t Alone
So, whether you were aware of CAASM specifically or intuitively, you already know it has to be a part of an effective cybersecurity strategy. The good news is you don’t have to face the challenge alone. Get in touch with us and we’ll show you how you can see, know, and secure your cyber-asset attack surface with Ordr SCE.