Ordr is automating security for enterprise IoT

The internet of things, with its billions of connected devices, presents new security challenges. We’re just now figuring out what those new challenges are and how to handle them. Ordr, a startup founded in 2015 that launched this week, has managed to tackle one of the big ones — securing hundreds of thousands of devices without anyone having to touch them.

I’ll explain how it does this, but first, it’s worth talking about why this is such a big deal. Most security startups work by installing agents on devices that can report back to a security program. And when the security software detects bizarre behavior it sends an alert for an IT person to look at it. But if your business has hundreds of thousands of devices ranging from a connected HVAC system to the CEO’s computer, your IT department has to get a lot bigger and acquire a bunch of new skills to handle those security alerts.

That’s not going to happen.

This is the big challenge Ordr, which was formerly called CloudPost,  wants to solve. The founding team comes from Aruba Networks and Cisco. They understand the challenges of taking a networking technology and making it scale for hundreds of thousands of users. Now they are using their networking skill to scale IoT security.

To do so, they install software on a server that will sit in the enterprise data center. That device will analyze network traffic and perform a few tasks that we’ll get to in a moment. It also makes a smaller device that can be plugged into a switch at different campus locations for companies that have a large number of offices. For now, Ordr’s software doesn’t work in a multi-tenant cloud such as AWS, but Brad Day, the VP of marketing at Ordr, says that is something the company is working on.

The “magic” behind Ordr’s software is twofold. It has software that can analyze network traffic and use that to identify any number of devices connected to the network. This sort of functionality is becoming more common in corporate and even consumer Wi-Fi networks. It’s no longer enough to know that a connected device is made by Apple or to have a MAC address that’s pretty meaningless to a normal human, you want to know who the device belongs to and what access rights it might have.

Once it knows what the devices are, Ordr’s software then segments them into groups based on their access rights and needs. For example, most of us know that Target’s massive credit card breach started with a hacker getting into the network via an HVAC system. If Target had been running Ordr’s software that HVAC system would have been detected and automatically walled off from the computer and payment networks, only allowed to communicate with its manufacturer.

That automation of basic security policies is the second piece of “magic” in Ordr’s software. When a company installs the software it’s asked to set basic security practices and policies that the software then automates. So instead of sending an alert on questionable behavior, in many cases the software can automatically take an action to remedy the problem. This can range from quarantining to patching a device.

Automation can be a bad word in many settings because there is a legitimate concern that poor policies might get automated and mess something up. However, in a situation where you have hundreds of thousands or billions of connected devices, automation is the only way companies will be able to keep up with security needs. A larger worry is whether hackers can detect automated behavior and then take advantage of that for their own ends. My hunch is Ordr will have to get creative about changing tactics and watch out for that sort of abuse.

One downside of the software is that it only works on IP traffic, which makes it useless for industrial networks that use protocols such as SCADA or Wireless HART. However, as I spend more time in the trenches trying to understand how we’re going to secure so many connected devices, I like the approach Ordr has taken.