Enhanced ransomware detection, visualisation of ransomware communications, and risk customisation helps organisations respond to cyberattacks in minutes
Ordr, the leader in connected device security, announced new cybersecurity features along with a Ransom-Aware Rapid AssessmentTM service to help security teams accelerate their response to ransomware and other advanced attacks.
Ransomware attacks have accelerated in the past year, due to the ready availability of ransomware as a service, the expansion of the attack surface from connected devices and remote work, and the ease of ransomware payments using cryptocurrency. Enterprises are recognising that in order to move quickly from threat detection to response, security teams need context on the device that is under attack – what it is, where it is located, whether they can act upon the device and exactly what mitigation steps are possible.
Ordr provides these answers via comprehensive visibility into devices, their corresponding network flows, risks, and anomalous behaviours, along with automated policies to proactively, reactively and retrospectively respond to attacks.
Highlights of the new cybersecurity features and benefits in the latest Ordr Hydrangea Fall 2021 Release include:
- Ransom-Aware Rapid AssessmentTM –Ordr now adds Ransom-Aware Rapid Assessment as an additional services This assessment, available from Ordr and its reseller partners, evaluates ransomware exposure risks in an organisation, including identifying threats and vulnerable devices in the environment, reviewing user activity and devices access, and monitoring for communications to ransomware sites. The Ransom-Aware Rapid Assessment comes with a detailed report of findings and recommendations to help organisations prepare for an attack.
- Behavioural-based tracking and visualisation of suspicious communications – Ordr baselines the behaviour of every device so that “abnormal” communications can be detected. Security teams can now create policies and alert when “normal” behavioural patterns are violated, such as devices communicating with blocked IPs and URLs, banned countries and malicious sites. Ordr automatically provides a visual representation of communications to newly discovered malicious domains via the Ordr Traffic Analysis view, or security teams can customise their view to include specific malicious domains targeting their industry.
- Risk customisation – Every enterprise measures risks differently based on the probability of an attack to the business. Ordr now adds the ability for risk and security customisation by security teams including multiple high fidelity threat feeds controlled by weightages, risk score customisation, custom alarm notifications, and flexible policy groups to customise policies by business context and/or protocol interactions.
- Multi-stage, correlated kill chain detection – In addition to the ability to detect East West lateral movement via its integrated threat detection engine, Ordr now adds new threat detection capabilities including application anomaly detection for high-risk protocols (SMB, RDP, etc.), IP based TOR detection and special purpose scanning engine enhancements to unearth vulnerabilities like PrintNightmare. Every device risk score computation correlates risks from multiple threat events in the kill chain to surface key security issues.
- Retrospective security – As security teams receive new indicators of compromise, it is important to incorporate a model of retrospective security, where the latest threat intelligence is continuously applied to historical device behaviour and communications. Ordr adds retrospective analytics to track prior communications to new indicators of compromise. This can identify compromised devices that have slipped past preventative security measures. Ordr comprehensive device, network and behavioural context can be used to shorten the duration in triaging any malware, and to aid in forensics analysis. In one customer deployment, Ordr identified a compromised device behaving maliciously more than 15 days before the FBI indicators of compromise were published.
“As threat actors continue to target organisations around the world with ransomware, security teams need to understand where their risks lie. Ordr helps organisations understand their ransomware exposure and readiness. This will be invaluable to every organisation trying to prepare against this imminent threat, “ said Frank Rondinone, President and Founder, Access2Networks.
“The enhancements in this release further bolster what is the most complete agentless device security platform in the industry. We’re making it easier than ever for enterprises to customise their risks, detect threats specific to their industry, continuously manage risks and secure every connected asset everywhere,” said Pandian Gnanaprakasam, co-founder and Chief Product Officer of Ordr.
The Ordr platform is already helping security teams reduce their time to detect and respond to attacks. In a KLAS Research customer interview, one Chief Information Security Officer said Ordr had reduced their incident response time by hours:
“The biggest outcome is a significant decrease in the amount of incident response time. We have used Ordr Platform as part of our incident response with ransomware. Because we couldn’t run our antivirus on our machines, we were able to go in and identify the specific machine on the Ordr Platform and provide a picture to the field support. The network engineers had already logged into the Ordr Platform, saw the traffic and killed the port so that it couldn’t communicate. That was very handy so that when a field support person walked into the room, they knew exactly where they were going. We were able to get the medical devices back up and running on our network and segmented really quickly. Ordr made that quick turnaround happen. We have factored the utilisation of Ordr platform into our incident response plans. We have been able to reduce our response time by hours. We already had a really robust response time and plan, and the system sped things up significantly.”
For ransomware best practices and insights:
- Download Ordr’s ebook on ransomware “Ransomware:These Four Best Practices Could Save You $4M”
- Attend the webinar on demand “Ransomware From the Healthcare Frontlines”
- Visit the Ordr virtual and in-person booth #G611 at SecTor in Toronto, Canada, and attend the Ordr presentation “Exposing Ransomware-as-a-Service and Where It’s Going Next” on November 3rd, 2021 at 11:10 am ET.