Ordr and Check Point’s joint solution provides the most effective technology to identify, classify, regulate, and secure IoT and digital OT devices.
The most effective means to protect IoT and digital OT devices is through zone-based segmentation and Zero Trust policy rules. Check Point Security Gateways provide scalable policy enforcement and zone controls for the enterprise. Ordr Systems Control Engine discovers, classifies and groups all devices and automatically maps them into their respective zones, areas, and cells using Check Point IoT Asset groups, and then dynamically generates Security Gateway policy rules based on these groups to deliver streamlined microsegmentation.
For example, building automation devices are seamlessly mapped to the Facilities Zone and facility devices within this zone are further segmented from each other. Security policy rules are enforced by Security Gateways to restrict access between zones, areas, and cells based on the minimum access required to allow devices to properly function while protecting them from insider or outsider attack. An HVAC system can talk with a trusted smart-building controller using approved protocols and applications such as BACnet, but blocked from communicating to the Internet or to another HVAC system.
Ordr SCE integrates natively with Check Point Security Management for multi-gateway policy enforcement. Security Gateways enforce zone-based segmentation policy to protect all devices inclusive of IoT and digital OT in the enterprise campus or manufacturing plant, the data center, as well as securing communications traversing the Internet edge. When new devices are connected to the network, they are automatically classified and updated in Check Point Security Management and Security Gateways with the proper IoT Asset membership. Through its network and device awareness, Ordr SCE maintains current IP addressing for IoT Assets in all Security Gateways.