Thought Leaders on Internet of Things: Ordr CEO Greg Murphy (Part 1)

IoT Security is a huge vulnerability all over the world at the moment. Greg breaks down the problem into opportunities for innovators to offer solutions.

Sramana Mitra: Let’s start by introducing our audience to yourself as well as the company.

Greg Murphy: I’m the CEO at Ordr. We’re the leader in connected device security focusing on IoT and all connected devices in the enterprise.

Sramana Mitra: In simple positioning terms, what is special about IoT security?

Greg Murphy: A lot of the founders of our company came from Cisco and Aruba and are very aware of network security. One of the things that we realized early on is that a lot of companies have very little idea of what was actually connected to their networks. That gap was particularly great with devices that didn’t look like the traditional IT estate like your laptops and mobile phones. These devices in the healthcare setting could be millions of devices.

What’s different with security for these types of devices is, it’s not possible to put a software agent on these devices. If I want to have security and control over a typical Windows workstation, I can put on a CrowdStrike agent. That’s not possible when you’re talking about everything from video surveillance cameras, to door locks, and HVAC systems. They just can’t support an agent. It wouldn’t be practical for organizations to put software agents in all of these devices.

The real question came down to if I don’t have an agent, how do I know what these things are? If I don’t know what they are, how can I possibly put in place an intelligent strategy to secure that? That was the fundamental difference and insight that led Ordr to be started.

Sramana Mitra: What is the answer?

Greg Murphy: Organizations really need to use agentless technologies to be able to identify everything that’s connected to their network. We talk about securing IoT devices. Our framework is See, Know, Secure.

First is to get visibility. Understand what that device is, and be able to distinguish between a building management system and a door lock from a video surveillance camera. Identify accurately what those devices are and then know and understand what their particular vulnerabilities might be. That could depend on what operating system they’re running, whether they’ve been patched or not, and how they’re behaving.

Which of these devices have vulnerabilities and which of those vulnerabilities might be exploited? Once I know that, how do I take steps to protect these devices? Very often, the protection is going to need to come from the network side. I need to regulate what this device is allowed to do. I want to make sure that none of my video surveillance cameras can communicate with a destination in Russia.

You may want to apply a firewall policy. Someone has to generate the policy and then automate that so you don’t have to have an army of human beings manually generating policies. That is what’s going to enable organizations to scale to hundreds of thousands, or even millions, of connected devices.

This segment is part 1 in the series : Thought Leaders on Internet of Things: Ordr CEO Greg Murphy
1 2 3 4