Thought Leaders on Internet of Things: Ordr CEO Greg Murphy (Part 2)

Sramana Mitra: Architecturally, we’re in the last mile of where these devices are located. How close to those devices are you putting the agent that can collect data?

Greg Murphy: What we’re doing is, we’re putting a sensor. Our job is to passively monitor the network traffic. In a typical manufacturing environment or hospital, you may put one sensor and use that to monitor the traffic. Once we understand that and see all the communication patterns through and from every device, we use that knowledge to build a behavioral model of each of these devices.

We can say a video surveillance camera that is deployed in this hospital communicates via these protocols to the following destinations inside and outside the network. We use all of that data to build out those behavioral models. That’s what allows us to do a good job of detecting anomalies.

Sramana Mitra: I’m trying to visualize it in my head. I did my Bachelor’s thesis on routing problems in avoiding hotspots. Are you saying that there is one central point in the hospital setting that is managing all the devices within a hospital, or are there a lot of servers managing local network devices?

Greg Murphy: It depends on how the particular network is architected. We are usually going to want to put a sensor as close as we can get to a core switch.

Sramana Mitra: You need an agent as close to the agentless device as possible. That’s the problem we’re dealing with here.

Greg Murphy: Right. There are different ways to do that. We can operate in a container on the switch itself for a number of enterprise-grade switches out there or we can have a virtual sensor running on a virtual environment. When you start to talk about other locations, you may have lots of clinics associated with the main hospital facility. In this case, we can gather information via net flow.

You can think of us as a data lake gathering information and integrating with the actual network infrastructure itself. We gather information from as many different sources as we can. We’re compiling all of that information and using that to identify what the device is and what its behaviors are. That context of where it sits on the network, what it is, and how it’s behaving allows us to do anomaly detection and policy generation.

Sramana Mitra: Are vulnerabilities device-specific? Does a surveillance camera have a different kind of vulnerability versus a medical device?

Greg Murphy: One of the challenges with IoT devices is that, unlike your traditional IT estate, they have a useful life of 10 to 15 years. You don’t replace your MRIs the same way you replace a mobile phone. You commonly find that IoT devices have old legacy operating systems. One of our healthcare clients had 9,000 different medical devices that were running on Windows 7. That’s been end-of-life for quite some time. There are vulnerabilities that are associated with the operating system. It can be difficult to patch these devices.

There are vulnerabilities that are inherent to the device, but there’s also the question of where is that device and how is it behaving. Surveillance cameras shouldn’t probably go out to Russia or destinations outside. You can start to identify not just the vulnerabilities that are innate to the device but start to see behavior patterns. Is this camera behaving the way a surveillance camera should? These devices are pretty deterministic. When a behavior pattern changes, that’s usually something the IT or security organization wants to be aware of.

This segment is part 2 in the series : Thought Leaders on Internet of Things: Ordr CEO Greg Murphy
1 2 3 4