Blogs
BryanGillson
New Contributor II

Today, Ordr and Fortinet announced an expanded partnership with rich integrations with FortiManager, FortiGate, and FortiNAC via the Fortinet Security Fabric. These integrations bring automated visibility and protection of ALL connected devices to Fortinet customers and the channel partners who support them. I’m thrilled with the opportunity to introduce Ordr—and these joint solutions—here on the Fortinet blog.


Gain a Comprehensive Understanding of Every Device (IT, IoT and OT) on Your Network

“What is connected to my network?”

While one of the easiest questions to ask, it’s also one of the hardest to answer. Eliminating blind spots has long been a core security tenet, but overburdened IT, Network, and Security teams often struggle to maintain a comprehensive device inventory. After all, you can’t secure what you can’t see, and malicious actors constantly search for under-protected systems to exploit.

These blind spots have increased dramatically as organizations expand their use of IoT – smart, network-connected devices. Whether these are business tools like conference TVs, IP phones or credit card readers; facilities systems like smart lighting, elevator controls and HVAC units; security systems like badge readers, security cameras, or smart lockers; unauthorized consumer “shadow” devices like Amazon Alexa, AppleTV, or wireless access points; or operationally-critical equipment like medical devices or factory automation systems, they share certain characteristics in common. They are typically:

  • Running custom or outdated operating systems
  • Difficult to patch
  • Subject to known vulnerabilities
  • Unmanaged, or incompatible with most IT management systems

UploadedImages_6c5af41c-3a10-47db-9dc6-f03e1ed306fd_Picture1.png

Ordr was founded to address these problems. Ordr Systems Control Engine (SCE) discovers and classifies every network-connected device—passively and without agents—through advanced machine learning that leverages metadata pulled from deep packet inspection, network queries, infrastructure integrations, APIs, and more. Ordr’s asset analysis has been praised for its accuracy and depth and can, for example, make the important distinction between a Raspberry Pi running as a personal digital photo frame versus one controlling an IP camera.


Not Just “What,” But “What Does It Do?”

Moreover, Ordr SCE places these devices into context. Intelligent automated classification and grouping lets you analyze broad categories like Facilities Devices, drill into all Uninterruptable Power Supply systems, focus explicitly on units made by APC or just your fleet of APC Galaxy 5000s. Other smart groups give one-click access to devices by location or by OS (to quickly find embedded Windows XP or Windows 7 implementations), or running dangerous protocols like RDP. Of course, group membership gets automatically updated as devices are added, removed, or updated.

Context also includes behavior. Security teams need to understand the risk associated with every device, particularly with new regulations and enforced standards such as the Cybersecurity Maturity Model Certification (CMMC). Is a device subject to CVEs or recalls? Does one device behave differently than others? Does traffic indicate malicious behavior, such as from Ripple20? Does it us a default or trivially brute-forceable password? Ordr SCE answers all these questions by analyzing, organizing, and risk-rating every network connection and presenting powerful traffic analysis visualizations that allow for quick top-down or bottom-up risk analyses.

UploadedImages_6c5af41c-3a10-47db-9dc6-f03e1ed306fd_Picture2.png


Augmenting Fortinet Products with the Power of Ordr

The Ordr SCE integration with Fortinet brings this deep visibility and context to FortiGate, FortiManager, and FortiNAC administrators. Ordr uses the Fortinet Security Fabric APIs to transmit device details directly to the Fortinet dashboards, simplifying the creation of business-oriented policies to protect IoT and other unmanaged devices.

Integrations with FortiManager and FortiGate go a step farther. Administrators can use Ordr to quickly and easily build policies to control the network behaviors of specific devices, device types, or custom groups, then transmit them to FortiGate for enforcement. Ordr interoperates seamlessly, allowing admins to leverage existing FortiGate tags and groups or create new tags for custom firewall groupings. Full FortiManager support extends these policies across geographically or operationally dispersed FortiGate deployments.

UploadedImages_6c5af41c-3a10-47db-9dc6-f03e1ed306fd_FortiManager2.png


Scale Your Zero Trust Security Without Scaling Your Administrators

These device-centric policies create a natural complement to Zero Trust Network Access and Zero Trust Network Security models by enforcing strict controls on device behavior. Ordr precisely understands every network connection needed by every device, down to the port and protocol level, and creates policies to limit all access except to these known-good connections. These policies are sent directly to FortiGate and FortiManager to enforce on all east-west (internal) or north-south (external) traffic, and are updated automatically as devices move, IP addresses change, and your inventory grows.

These automated policies with continuous monitoring and updates allows customers to deploy far more—and more granular—policies with less administrative overhead. Because they are created with dynamic insights from your network, they are usable without the tweaks and adjustments typical of “recommended” policies. This leaves your network team with more time to manage the network, not the policies.

Finally, as previously alluded to, Ordr extended the integration to leverage network intelligence from FortiGate firewalls. Enhanced features minimize security alarm noise by correlating dangerous network traffic with FortiGate’s firewall policies (even when not augmented by Ordr). For example, Ordr SCE can reduce an alarm’s criticality level if it sees that FortiGate blocked an IoT device’s outbound communication with a malicious internet site. Additionally, Ordr SCE can gain insights into device behavior in remote sites by ingesting FortiGate’s NetFlow feeds and by parsing ARP tables, better understanding flow data and wireless device connections.


What Comes Next?

Customers and channel partners can find additional information on Ordr’s Fortinet Partner Page, and can reach out to their respective representatives to learn more. Even better, you can take an immediate test drive of Ordr via a Hands-On Lab, or deploy in your own environment for free via the IoT and Asset Discovery Program.

As I look ahead, the breadth of the Fortinet Security Fabric platform offers many exciting opportunities for additional integrations: Ingesting a unified thread feed from FortiGuard via STIX. Centralizing IoT security alerts via FortiSIEM, and enriching 3rd party alerts to identify an anomalous device’s make, model, and location, not just a MAC or IP address. Leveraging endpoint intelligence from FortiEDR, and discovering assets missing an EDR agent. Complementing SD-WAN policies. The list goes on.

On a personal note, working with Fortinet has been an absolute pleasure. The team has been uniformly diligent, professional, and just plain good people. Like Fortinet, Ordr is passionate about solving difficult problems, and I look forward to seeing how our companies can continue to work together to bring higher security and more value to our customers.

* Bryan Gillson is Vice President of Business Development at Ordr

3 Comments
EsthShee
New Contributor
All these schemes look a little complicated but still I find them very useful. Thank you!
BryaGill
New Contributor
Thanks for the note, Esther! The solution certainly does present a lot of information, which can seem complicated, but is surprisingly easy to navigate - especially considering the quick, deep insights it can provide into your network and device inventory.
Not applicable
One of the best post here