ORDR.

A radiologist at Cleveland Clinic wheels a portable ultrasound into Room 312. The device hums to life, pings the network, and tells the world its model number, firmware version, and that it is - quite possibly - still running an operating system Microsoft stopped patching in 2014. Somewhere in a Santa Clara data center, an ORDR sensor sees the whole thing happen and writes it down.

That is, more or less, the entire pitch. ORDR sees the devices you cannot. Not the laptops with neat little MDM agents on them. Not the servers in the racks you actually inventory. The other ones. The infusion pumps. The HVAC controllers. The building access readers. The IP cameras a contractor installed in 2019 and nobody documented. The 60-million-plus connected things that, in aggregate, make up the modern enterprise attack surface and, until recently, were nobody's job.

01 / WHO THEY ARE NOWThe Order Brigade

In May 2026, ORDR is a roughly 130-person security company headquartered at 2445 Augustine Drive in Santa Clara, with about $33M in annual revenue, $94M raised across four rounds, and 500-plus enterprise customers that skew heavily toward healthcare, manufacturing, and the kinds of utilities that get named in DHS briefings. Its tagline - new as of HIMSS 2025 - is "Bringing ORDR to Chaos," which is the sort of line that survives a brand workshop only when it happens to be true.

The chaos is real. The order, increasingly, is too.

02 / THE PROBLEM THEY SAWThe Devices Nobody Owns

For most of the 2010s, the cybersecurity industry built itself around a comfortable fiction: that you could install a small agent on everything, and the agents would protect you. This works fine for laptops. It works less fine for the 4,000 patient monitors in a regional health system, because nobody is letting you install a third-party agent on an FDA-regulated device. It works not at all for the programmable logic controllers running a utility's water treatment plant, because the PLCs have 16 megabytes of memory and were manufactured in 2011.

The result was a quiet crisis. Security teams could see, defend, and patch maybe 40% of what was actually plugged into their networks. The rest - the IoT, the IoMT, the OT, the alphabet soup of cyber-physical things - existed in what ORDR's own marketing politely calls "security black holes."

Two engineers thought this was unacceptable. They also thought it was solvable.

03 / THE FOUNDERS' BETTwo Engineers, One Hypothesis

Pandian Gnanaprakasam and Sheausong Yang co-founded Ordr in 2015. Between them, they had spent decades at Cisco, Aruba Networks, and AT&T Bell Labs, which is to say they knew exactly how enterprise networks were built and, more usefully, exactly how they were broken. Gnanaprakasam had run engineering and product management at Aruba as Chief Development Officer. Yang had spent years deep in switching and security architecture. The bet was deceptively simple: if you could not put an agent on a device, you could still watch how it talked.

Every device speaks. Every device has a dialect. A Siemens MRI does not chatter the way a Honeywell thermostat does. A bedside infusion pump does not behave like a building badge reader. Listen long enough, with enough math, and you can identify almost anything from its network traffic alone - then watch it for the moment it starts behaving in a way it never has before.

That listening engine, dressed up over a decade in machine learning and deep packet inspection, is still what the company sells today. The dressing is much fancier now.

04 / THE PRODUCTWhat Plugging It In Actually Does

ORDR ships as a platform. There is no agent. You install a collector, point it at network traffic, and within hours - the company is fond of this number, and it appears to be defensible - the dashboard fills up with every connected thing on the network, classified by manufacturer, model, firmware version, criticality, and risk.

The product line, simplified in early 2025, now has three pieces. There is the ORDR Platform itself, which does the discovery and profiling. There is AI Protect for Security, which prioritizes which of the discovered risks actually matter and automates the response workflows. There is AI Protect for Segmentation, which generates microsegmentation policies and pushes them into the firewalls and NAC systems the enterprise already owns. Bolted across all of it is ORDR IQ, an agentic AI assistant that lets a security analyst ask, in plain English, "which of my Windows 7 devices talked to the internet last Tuesday," and get a real answer.

05 / THE PROOFCustomers Who Don't Get to Be Wrong

Selling security to a hospital is harder than selling it almost anywhere else, because in a hospital the cost of a false positive is measured in pages to an exhausted clinician at 3 a.m. and the cost of a false negative is measured in lawsuits. ORDR has Cleveland Clinic. It has Christus Health. It has Cook Medical. It has Engie, the French utility, which is harder in different ways. The mix - regulated healthcare on one side, critical infrastructure on the other - is the kind of customer list that suggests the demos hold up under pressure.

The investors agree. Kaiser Permanente Ventures wrote a check. So did Mayo Clinic. When the actual hospital systems that you sell to also fund you, the conflict-of-interest column is uncomfortable, but the validation column is hard to argue with.

06 / THE MISSIONOrder, as a Verb

"Bringing ORDR to Chaos" sounds like a brand-strategy artifact, and to be fair it is one. But it captures something the company has been doing for a decade in a way the previous tagline ("see, know, secure connected devices") did not. The new framing puts a verb on it. Order is what ORDR does to a network. It is not a product feature. It is the outcome.

The company's stated mission, in plain language, is to give security teams complete visibility, real risk profiling, and automated enforcement for every asset on the network, without an agent and without guesswork. The vision behind that is more ambitious: a world where every connected device - clinical, industrial, commercial, weird - is discovered, classified, and protected by default, the way endpoints are now. That world does not exist yet. It is, however, closer than it was in 2015.

07 / WHY IT MATTERS TOMORROWThe Numbers Keep Getting Worse

Gartner has been counting connected devices for years and the curve has not bent. By most estimates there will be more than 40 billion of them online by 2030. A very small fraction will ever run an agent. A larger fraction will run firmware their manufacturers no longer support. Almost all of them will sit on networks defended by teams who, on a good day, can name maybe half of what's connected.

If ORDR's bet is right - that the only durable answer to that math is passive observation, machine learning, and automated enforcement that meets devices where they actually are - then the company has roughly a decade-long head start in a category that is about to matter very loudly. If ORDR's bet is wrong, somebody will need a new theory of how to defend infrastructure, fast.

The bet looks right.

08 / RETURN TO ROOM 312The Closing Scene

The portable ultrasound from the opening paragraph is still humming. The ORDR sensor still sees it. But now the dashboard does something it would not have done in 2015: it tags the device as high-risk because the firmware version is on a known-vulnerable list, correlates it against the segmentation policy already in production, and quietly drops it into a network segment where it can do exactly one thing - send images to the radiology server - and nothing else. No one at the hospital had to do anything. The ultrasound still works. The radiologist files her report. The chaos got a little smaller. The order got a little larger.

That is the ORDR business in one paragraph. Everything else is implementation.