Ordr
announced new cybersecurity features along with a Ransom-Aware Rapid Assessment service
to help security teams accelerate their response to ransomware and other
advanced attacks.
Ransomware attacks have accelerated in the
past year, due to the ready availability of ransomware as a service, the
expansion of the attack surface from connected devices and remote work, and the
ease of ransomware payments using cryptocurrency. Enterprises are recognizing
that to move quickly from threat detection to response, security teams need
context on the device that is under attack - what it is, where it is located,
whether they can act upon the device and exactly what mitigation steps are
possible.
Ordr provides these answers via
comprehensive visibility into devices, their corresponding network flows,
risks, and anomalous behaviors, along with automated policies to proactively,
reactively, and retrospectively respond to attacks.
Highlights of the new cybersecurity
features and benefits in the latest Ordr Hydrangea Fall 2021 Release include:
- Ransom-Aware
Rapid Assessment - Ordr now adds Ransom-Aware Rapid Assessment as an
additional services option. This assessment, available from Ordr
and its reseller partners, evaluates ransomware exposure risks in an
organization, including identifying threats and vulnerable devices in the
environment, reviewing user activity and devices access, and monitoring
for communications to ransomware sites. The Ransom-Aware Rapid Assessment
comes with a detailed report of findings and recommendations to help organizations prepare for an attack.
- Behavioral-based
tracking and visualization of suspicious communications - Ordr
baselines the behavior of every device so that "abnormal" communications
can be detected. Security teams can now create policies and alert when
"normal" behavioral patterns are violated, such as devices communicating
with blocked IPs and URLs, banned countries and malicious sites. Ordr
automatically provides a visual representation of communications to newly
discovered malicious domains via the Ordr Traffic Analysis view, or
security teams can customize their view to include specific malicious
domains targeting their industry.
- Risk
customization - Every enterprise measures risks differently based on
the probability of an attack to the business. Ordr now adds the ability
for risk and security customization by security teams including multiple
high fidelity threat feeds controlled by weightages, risk score
customization, custom alarm notifications, and flexible policy groups to
customize policies by business context and/or protocol interactions.
- Multi-stage,
correlated kill chain detection - In addition to the
ability to detect East West lateral movement via its integrated threat
detection engine, Ordr now adds new threat detection capabilities
including application anomaly detection for high-risk protocols (SMB, RDP,
etc.), IP based TOR detection and special purpose scanning engine
enhancements to unearth vulnerabilities like PrintNightmare. Every device
risk score computation correlates risks from multiple threat events in the
kill chain to surface key security issues.
- Retrospective
security - As security teams receive new indicators of
compromise, it is important to incorporate a model of retrospective
security, where the latest threat intelligence is continuously applied to
historical device behavior and communications. Ordr
adds retrospective analytics to track prior communications to new
indicators of compromise. This can identify compromised devices that
have slipped past preventative security measures. Ordr comprehensive
device, network and behavioral context can be used to shorten the duration
in triaging any malware, and to aid in forensics analysis. In one customer
deployment, Ordr identified a compromised device behaving maliciously more
than 15 days before the FBI indicators of compromise were published.
"As threat actors continue to target
organizations around the world with ransomware, security teams need to
understand where their risks lie. Ordr helps organizations understand their
ransomware exposure and readiness. This will be invaluable to every
organization trying to prepare against this imminent threat," said Frank
Rondinone, President and Founder, Access2Networks.
"The enhancements in this release further
bolster what is the most complete agentless device security platform in the
industry. We're making it easier than ever for enterprises to customize their
risks, detect threats specific to their industry, continuously manage risks and
secure every connected asset everywhere," said Pandian Gnanaprakasam,
co-founder and Chief Product Officer of Ordr.
The Ordr platform is already helping
security teams reduce their time to detect and respond to attacks. In
a KLAS Research customer interview, one Chief Information
Security Officer said Ordr had reduced their incident response time by hours:
"
The biggest outcome is
a significant decrease in the amount of incident response time. We
have used Ordr Platform as part of our incident response with ransomware.
Because we couldn't run our antivirus on our machines, we were able to go in
and identify the specific machine on the Ordr Platform and provide a picture to
the field support. The network engineers had already logged into the Ordr
Platform, saw the traffic and killed the port so that it couldn't communicate.
That was very handy so that when a field support person walked into the room,
they knew exactly where they were going. We were able to get the medical
devices back up and running on our network and segmented really quickly. Ordr
made that quick turnaround happen. We have factored the utilization of Ordr
platform into our incident response plans. We have been able to reduce
our response time by hours. We already had a really robust response time
and plan, and the system sped things up significantly."