Cybersecurity startup Ordr nabs $40M to monitor connected devices for anomalies

In 2015, there were approximately 3.5 billion Internet of Things (IoT) devices in use. Today, the number stands around 35 billion, and is expected to eclipse 75 billion by 2025. IoT devices range from connected blood pressure monitors to industrial temperature sensors, and they’re indispensable. Yet every device increases an organization’s attack surface, along with the potential for a cybersecurity attack.

The challenge was the driving force behind Ordr, a startup focused on network-level device security. Pandian Gnanaprakasam and Sheausong Yang — who between them had tenures at Cisco, Aruba Networks and AT&T Bell Labs — co-founded Ordr in 2015 to address what they call the “visibility gap” in enterprise networks. 

“We realized that enterprise security had reached a breaking point as enterprises tried to implement zero trust strategies when they could not even determine what devices were connected to their own networks,” CEO Greg Murphy told TechCrunch in an email interview. “The visibility gap and the resulting risk was greatest for those unmanaged IoT, internet of medical things, and operational technology devices that could not be secured like traditional IT infrastructure.”

Certainly, the risk of breaches and ransomware has grown in recent years, especially as the pandemic spurred organizations to move more of their devices online. According to one study, 75% of all internet-connected infusion pumps contain at least one vulnerability — a problematically high figure considering that there are 10 million to 15 million medical devices in U.S. hospitals today. 

Murphy said that WannaCry, the coordinated ransomware attack in 2017 that encrypted hundreds of thousands of computers in a matter of hours, was a particularly strong “business accelerant” for Ordr. “Companies, specifically in healthcare, realized the threat not just to data privacy and security, but to every aspect of their operations as they were forced to disconnect their devices and revert to manual processes overnight,” he added.

Recognizing the opportunity, investors, including Dan Warmenhoven (former CEO of NetApp) and Dominic Orr (former CEO of Aruba Networks) contributed to Ordr’s $40 million Series C funding round, which was announced today. Battery Ventures and Ten Eleven Ventures co-led, with participation from Northgate Capital, Wing Venture Capital, Unusual Ventures and several health organizations, including Kaiser Permanente Ventures and Mayo Clinic.

“The company revenue has been accelerating,” Murphy said somewhat vaguely, adding that Ordr has more than 500 customers including federal, state and local governments. “Within other segments like manufacturing, security teams are looking for visibility and security of connected devices. Ordr experienced more than 140% year-over-year growth in new customer revenue in its most recent quarter ending on March 31, 2022, is deployed in three of the world’s top six hospitals, and has been adopted across more than 150 manufacturing sites.”

Ordr claims its technology can autonomously identify and protect connected devices by applying traffic flow and access policies. The startup’s system, which deploys on top of existing infrastructure, uses machine learning algorithms to build a baseline understanding of devices’ behavior and flag suspicious events.

Ordr

Ordr’s device monitoring dashboard. Image Credits: Ordr

It’s key to note that no software is flawless. A 2021 ESG report found that nearly half of all alerts from cybersecurity tools are false positives, and that 75% of companies spend an equal amount of time — or more — on them than on actual attacks.

But Murphy makes the case that Ordr’s solution is differentiated by the visibility it offers into devices and risks, its “behavioral baselining” of devices and its automated creation of enforcement policies across networking and security products.

“Because devices are deterministic, with specific behavior based on its function, this ‘baseline’ enables Ordr to detect devices behaving anomalously. These machine learning models also form the basis for zero trust enforcement policies that are dynamically generated by Ordr,” Murphy explained. “Ordr collects 1,000 attributes for every device, including data from close to 70 technology partners. Data models are built based on the use cases and have a built in continuous learning model by incorporating feedback loops from partners and customers.”

Ordr’s rivals include Palo Alto Networks’ Zingbox, Armis and Claroty’s Medigate, as well as Claroty, Sternum, Vdoo and Karamba Security, which provide cybersecurity tools designed to protect industrial control, IoT and embedded systems. But despite broader economic headwinds, there’s an abundance of venture capital to go around in cybersecurity. Last year saw a record $21.8 billion poured into cybersecurity companies, with $7.8 billion invested during the fourth quarter alone, according to Crunchbase data.

“[M]ore than ever before, enterprises today understand the need to closely monitor and secure all their connected devices, and to do so in an automated fashion … The Ordr platform enables device utilization insights that can help organizations be more efficient in their operations, as well as optimize maintenance scheduling [and] help inform and support asset management/purchasing decisions for CIOs,” Murphy said. “A broader business slowdown will impact IT operating budgets, and those budgets will naturally be allocated to mission-critical initiatives and basic cyber hygiene essential to business operations …. Given the continued explosion in the number of connected devices that coincides with a dramatic increase in cyber attacks, companies like Ordr are well-positioned to expand even in a challenging macroeconomic environment.”

To date, Ordr has raised more than $90 million in venture capital. With the proceeds from the recent round, Ordr plans to double its roughly-80-person workforce within the next year with an emphasis on the marketing, customer success, and engineering teams and a “focus on investing in partners,” according to Murphy.

“The funds will be used for expansion of our go-to-market capability,” Murphy added. “On the technical side, investments will be used to expand integrations with leading security solutions, and simplify workflows for all classes of users, consistent with Ordr’s goal of becoming a single source of truth for connected devices in the enterprise.”