This Week Health

Don't forget to subscribe!

March 26: In this episode of This Week Health, Wes Wright, Chief Healthcare Officer at Ordr, discusses cyber security. They explore the transformative power of Ordr's technology in addressing the critical needs of healthcare IT infrastructure. How does Ordr's asset visibility tool redefine the approach to network security, and what implications does this have for healthcare providers' ability to protect sensitive data? With the advent of Ordr AI CAASM, how will the landscape of cyber asset attack surface management evolve, and what does this mean for the future of healthcare cybersecurity? As Ordr paves the way for rapid, comprehensive network visibility, we're prompted to reflect on the broader implications: How will such technologies shape the strategies for managing healthcare IT infrastructure, and what lessons can be learned about the importance of network segmentation and vulnerability management?

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

  Welcome to This Week Health. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health, where we are dedicated to transforming healthcare, one connection at a time. Today , we have an interview in action from the 2024 conferences, the spring conferences, VIVE in LA, HIMSS in Orlando.

Special thanks to our sponsors, Quantum Health, Gordian, Dr. First, CDW, Gozeo Health, Artisite, and Zscaler. You can check them out on our website, thisweekhealth. com. Now, onto our interview

  this is Drex on This Week Health, and we're at HIMSS 2024, the big show is on. All the big news are happening, the Wes Wright from Ordr with me. Hello. Wes and I have been partners in crime for many years. crime,

mostly good stuff.

Mostly good stuff, not necessarily 📍 crime . But for people who don't know you, Introduce yourself, tell us a little bit about your background. Okay Wes Wright. Chief Healthcare Officer for Ordr. a made up title, but I'm the head of Ordr's healthcare stuff, so if you're in healthcare and you want some Ordr, come see me.

For five years I worked at Improvata as the CTO out there, but more importantly than that For the 30 years prior to that, I was probably in one of y'all seats as either CTI CTO or CIO. And those times I couldn't duck fast enough. I even had to do an interim CISO every now and then.

So with that background, I kind of, I feel like I know what. Folks need and that's what's, that's what's really driven me to Ordr. I know if they put Ordr in or an Ordr type of tool Ordr would be best. Of course, if you put that in, so many questions get answered so easily.

So I'm pretty enthused about it. I think this goes on to the next question. Tell us

about Ordr and what Ordr does and why. It's such a great fit for some of the challenges

in healthcare. Perfect. A little history about me in Ordr. Actually, you kind of have a little bit of history too. 2017 or so, I brought, at the time it was called CloudPost, into Sutter Health.

had a friend who said, Hey, I know this person that can show you everything on your network. I don't believe And brought them in, and sure enough, they showed me everything on the network. And at that time, I left Sutter Health and went to Improvata. Actually stayed on the advisory board for, Ordr for the whole time.

I've been with them, have watched them grow, have watched Ordr target the product more and more really help the CISO and really operational IT. I know everybody thinks about Ordr and our competitors as an IOMT tool. It's not. It's an asset visibility tool. you can see everything on your network, there's so many questions you can answer.

So that's what Ordr is.

I was just having a question. I had a conversation with somebody else about how everything is connected to everything

everything. Yes, everything, the cool thing is we can see everything talking to each one device may talk to CrowdStrike and then Workday, and then these devices are chatty little bastards, , and they're talking all the time.

And what we do is take all, intercept all that API talk put it in our database Hey, based upon this, we know it's this type of device. And to your earlier comment, yeah, then we can also see, Hey, that device is trying to talk to Russia.

You may want to do something about that. Yeah, we should probably make that a,

stop. What we hear a lot of folks talking about in cyber security is network segmentation,

Are you guys a part of that? If I can see everything and see how everything's talking to each other, I can really set up ICE super easy now.

But, yeah, we're big on the segmentation, specifically with Cisco's ICE product, but we can also do it with Fortinet and Cali. Graded into the platform. Integrated into the platform.

Depends on your platform that you use. Our protect platform, which most people use, if you deploy with sensors, then you can manage that equipment. ' cause those sensors talk to the gear some stuff we can do without the sensors, but that really deep packing, inspection, and moving.

Micro segmentation, But I'm awfully glad you brought up segmentation because I just listened to competitor on the stage over there that said something that I thought was heretical. And that was, Ah, segmentation's too hard and you should save that to the

exact

opposite of the way things should happen.

HHS just released their guidelines on asset management. And they said, first thing you should do is figure out what's on your network. Everything that's on your network. So we were good with that in Ordr. And the second thing they did, made me think a little bit.

They said, segment. Most people like when I deploy Ordr you can see all the vulnerabilities because we hooked it all the vulnerability database You can see just a massive amount of vulnerabilities and everybody wants to dive into there and take care of those vulnerabilities But they say no don't do that instead macro segment get your PCI stuff away from everything else.

Get your medical equipment away from everything else. So first thing, second thing, after you know where everything's at, second thing you do is get a macro segmented and then you can dive into some of those vulnerabilities if you want to, but make it to where You hear people talk about the blast rate.

Yeah. You're just, your collateral damage is much higher. Smaller. When you have these little tiny areas instead of this big flat network saying, by God, once you see everything, then slice it up to where it, it doesn't hurt each other. Our ship doesn't sink

yes.

In our product, we'll show you, hey, this has a high risk vulnerability, but you've mitigated it because of this thing in the VLAN or ACL or something. We'll pull that out when we're reporting your high risk vulnerabilities, because we know that mitigated that.

But if you just went down, went down your list, let me start it, ha, let me do every one,

What's the big stuff that's here

or coming soon? Yeah, it's not

here yet. We're still demoing our eight, eight oh 8.3 products here, but just around the corner in March 19th, I think we'll be announcing Ordr AI chasm. Which is a cyber asset attack surface management product.

That's an acronym that comes from Dartner, don't blame me for it. You can check that out. We're releasing that, and what's the big deal with that? It's a new way to get the instant visibility data. So instead of, in our traditional way, instead of going out and taking the time to plug in a sensor here and over here, Taking a network downtime, getting, screw that.

Instead, what we're doing is, remember when we talked about all the devices on the network talk to APIs, they talk to something or else they shouldn't be on the network. So instead, what we're doing is we go out and give as many API keys from our customers as possible, load those into our product, and start getting that data from the APIs.

Matter of fact, CrowdStrike's a great example. Our API integration with them is cloud to cloud. So we don't even have to be on prem to get the data from CrowdStrike. And a lot of the APIs are that way. I was talking to somebody earlier, if you had a tech guy sitting next to me On a Zoom call, we could stand up Ordr, this new Ordr, Chasm AI.

We could stand that up in two hours. And you would get visibility across your entire network in two hours.

That's pretty incredible, to be able to turn it on that fast and not break anything. You're just seeing only, right? You're

The traffic is already being passed around on your network by somebody.

That's great. Well, I can't wait for that to be released. Say again, when?

March 19th is our target date for OrdrAI Chasm. At the same time we're have OrdrAI Protect is what we call it. It's the product that we have now that really gives you that deep inspection.

And if you want to monitor Like, how often are my radiology machines up, or my MRIs up? That product, we still have, still a great product. But, the cool thing is, we've taken the deployment methodology from the Chasm AI, and applied it to the Chasm Protect. So we can bring you that instant visibility, and then once you get that visibility, Then we can take a look and say, okay, it looks best to put a sensor over

here.

So if you want more detail, you Phase one is see everything. See everything. Understand what you've got. Then make really good, clear decisions about where to place sensors. So

Perfect. Dude, I love that.

Yeah, most of the place, in the hospital. We've talked to a bunch of patients. They don't want to put a sensor out ambulatory clinics. There's not a whole bunch of equipment and stuff out there. We can see most of the stuff that's happening. generally in that hospital.

And frankly, Pretty close to the radiology switches, where you probably want to throw your first sensor in. Yeah.

What haven't I asked you about? What else is going on? Other things that folks

need to know? the show, the HEMS 2024 is actually a lot better than I thought it was going to be.

Yeah. Let them know that I think that, HEMS is back. The interactions that we missed are back. So come out and join us. good to see everybody.

It's good to have the face to face interactions. COVID kind of disrupted, obviously, a lot of that. I think people then Still have a little bit of the habit of I'm not going to go.

Yeah. And I think because of that, a lot of people are going to Come from this and ViVE previously, but come from these conferences and go, I've got a lot done face to face as compared to what it would have been with the Zoom.

having fun. I

appreciate it.

Talk

  Thanks

for listening to this Interview in Action episode. If you found value in this, share it with a peer. It's a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. If you could do that would be great, and we want to give a big thanks to our partners who make this possible.

Quantum Health, Gordian, Dr. First, CDW, Gozio Health, Artisite, and Zscaler. You can learn more about them by visiting thisweekhealth. com slash partners. Thanks for listening. That's all for now.

Contributors

Thank You to Our Show Sponsors

Our Shows

Newsday - This Week Health
Keynote - This Week Health2 Minute Drill Drex DeFord This Week Health
Solution Showcase This Week HealthToday in Health IT - This Week Health

Related Content

1 2 3 252
Transform Healthcare - One Connection at a Time

© Copyright 2023 Health Lyrics All rights reserved