In its latest release, Ordr, a connected device security company, has introduced new cybersecurity features as well as a Ransom-Aware Rapid Assessment service to help security teams accelerate their response to ransomware and other advanced attacks.
Ransomware attacks have accelerated in the past year due to the ready availability of ransomware as a service, the expansion of the attack surface from connected devices and remote work, and the ease of ransomware payments using cryptocurrency. According to Ordr, to move quickly from threat detection to response, security teams need context on the device that is under attack—what it is, where it is located, whether they can act upon the device, and exactly what mitigation steps are possible.
In the latest Ordr Hydrangea Fall 2021 Release, the company provides these answers via comprehensive visibility into devices and their corresponding network flows, risks, and anomalous behaviors. The new cybersecurity features also offer automated policies to proactively, reactively, and retrospectively respond to attacks.
“The enhancements in this release further bolster what is the most complete agentless device security platform in the industry,” says Pandian Gnanaprakasam, cofounder and chief product officer of Ordr. “We’re making it easier than ever for enterprises to customize their risks, detect threats specific to their industry, continuously manage risks, and secure every connected asset everywhere.”
Highlights of the new cybersecurity features and benefits in the Ordr Hydrangea Fall 2021 Release include:
- Ransom-Aware Rapid Assessment. Now an additional services option, Ransom-Aware Rapid Assessment evaluates ransomware exposure risks in an organization, including identifying threats and vulnerable devices in the environment, reviewing user activity and devices access, and monitoring for communications to ransomware sites. The Ransom-Aware Rapid Assessment comes with a detailed report of findings and recommendations to help organizations prepare for an attack.
- Behavioral-based tracking and visualization of suspicious communications. Ordr baselines the behavior of every device so that abnormal communications can be detected. Security teams can now create policies and alerts when normal behavioral patterns are violated, such as devices communicating with blocked IPs and URLs, banned countries, and malicious sites. Ordr automatically provides a visual representation of communications to newly discovered malicious domains via the Ordr Traffic Analysis view, or security teams can customize their view to include specific malicious domains targeting their industry.
- Risk customization. Every enterprise measures risks differently based on the probability of an attack to the business. Ordr now adds the ability for risk and security customization by security teams, including multiple high-fidelity threat feeds controlled by weightages, risk score customization, custom alarm notifications, and flexible policy groups to customize policies by business context and protocol interactions.
- Multi-stage, correlated kill chain detection. In addition to the ability to detect East-West lateral movement via its integrated threat detection engine, new threat-detection capabilities include application-anomaly detection for high-risk protocols (SMB, RDP, etc.), IP-based TOR detection, and special purpose scanning engine enhancements to unearth vulnerabilities such as PrintNightmare. Every device risk score computation correlates risks from multiple threat events in the kill chain to surface key security issues.
- Retrospective security. As security teams receive new indicators of compromise, it is important to incorporate a model of retrospective security, where the latest threat intelligence is continuously applied to historical device behavior and communications. Ordr adds retrospective analytics to track prior communications to new indicators of compromise. This can identify compromised devices that have slipped past preventative security measures. Ordr’s comprehensive device, network, and behavioral context can be used to shorten the duration in triaging any malware and to aid in forensics analysis. In one customer deployment, Ordr identified a compromised device behaving maliciously more than 15 days before the Federal Bureau of Investigation indicators of compromise were published.
“As threat actors continue to target organizations around the world with ransomware, security teams need to understand where their risks lie,” says Frank Rondinone, president and founder of Access2Networks. “Ordr helps organizations understand their ransomware exposure and readiness. This will be invaluable to every organization trying to prepare against this imminent threat.”