Industrial Control Systems and OT devices overall are no longer ‘air gapped’; instead, they’ve become ‘smart’ and connected with the corporate network, cloud resources and even third-party organisations that are part of the supply chain.
But connecting OT to the wider network is also inadvertently adding complexity and creating a much greater cyber-attack surface. Already, we’re seeing attackers penetrate OT networks by finding known and unknown vulnerabilities across both IT and OT and using them as a route into other areas of the network. So, while you may be entering an exciting new era of digital transformation, your cybersecurity teams need to reduce potential attack surfaces and close security gaps to keep the business secure.
Here are five key ways that your organisation can improve the security of today’s more integrated IT-OT environments:
1. Gain a holistic view of your business
Cybersecurity teams are having to accept OT is now becoming their responsibility. Some are creating an OT specific SOC, and some are incorporating OT security as part of their enterprise or traditional IT SOC. IDC’s European Security Survey in 2020 found that, in 70% of organisations, OT security is now managed by the security team, so the CISO is already in charge of all OT security in most cases. Yet IDC also found that only half of those organisations already have a fully integrated approach to their cybersecurity operations. OT environments often consist of very specialised architectures that run unique industrial protocols and are well established with decades-long lifespans, all of which is rather foreign to the IT side of the business. OT environments also cannot tolerate any performance impacts or rely on agents to gain a holistic view of all connected assets. This means that many effective security tools for IT systems aren’t necessarily compatible with the OT side of the operation and vice versa.
Given that by 2025, 75% of OT security solutions will be interoperable with IT security solutions and delivered via multifunction platforms, it’s important to find a unified security solution that can provide detailed contextual insight into every connected device across your entire IT and OT estate, in real time.
2. Trust no one and no thing on your network at all times
The expansion of IoT, increased IT-OT connectivity and growth of smart OT devices expands the attack surface for many enterprises. As a result, security architects are being forced to re-examine the concept of identity to include every connected device, and not just those traditionally managed by IT endpoint agents. Any connected device can represent a threat vector: devices using default credentials, devices leveraging TCP/IP stacks with built-in vulnerabilities, unpatched devices and other non-compliant devices of all kinds. By 2025, IDC predicts that there will be 41.6 billion connected IoT devices so, with the growing numbers of autonomous devices on the network, it’s vital that security teams treat them with the same level of suspicion as any human user.
Your security team should continuously confirm the identity of and assess the profile of every connected device using rich contextual data and monitor all activity for anything outside the norm, essentially extending Zero Trust beyond users to include all devices accessing your network.
3. Dynamically control network access and segmentation
Due to the expanded attack surface, organisations are facing greater vulnerability and reduced visibility over their network. It’s critical to keep unauthorised devices off the network and minimise the damage any threat could cause to your operation by proactively defining granular, business-logic-based segments focused on device/job function, then dynamically enforcing those policies in response to real-time device intelligence. Policy enforcement should also be multifaceted, leveraging multiple methods and heterogeneous network infrastructure to ensure proper segmentation regardless of where a device initially connects. This will not only enable network managers to dramatically limit their potential attack surface, but will also allow for immediate threat response to isolate anything suspicious before it reaches other critical systems.
Organisations need a solution that can dynamically enforce granular network access and segmentation policies based on real-time contextual device intelligence. The ability to do this without relying on agents, physical network segments or a particular network architecture is also critical to rapidly adapt to changing device environments and respond to threats against any connected device, anywhere, anytime. It also valuable to continuously monitor enterprise-wide network segmentation policy effectiveness using business context to make sure communications are limited to what they should be. By reducing the attack surface or potential blast radius of an attack with assurance that communications are limited, organisations are able to more confidently reduce risk.
4. Enforce device compliance without relying on agents
Many traditional IT endpoints, like employees’ laptop computers and data centre servers, are secured by using agent-based endpoint security solutions. This helps cybersecurity teams actively monitor corporate IT endpoints for threats. But, what about non-compliant corporate endpoints that lack the agent, guest laptops that will never get the agent or all those many IoT and OT devices that can’t support agent-based security tools? Solely relying on (IT) endpoint security and management tools is not enough to secure your network.
Organisations need a solution to ensure device compliance and monitor for threats across their network without solely relying on agent software to do so. They need to be able to assess and continuously monitor all connected devices to detect device non-compliance, posture changes, vulnerabilities, weak credentials and other high-risk indicators.
5. Optimise threat detection and response
Once you’ve gained rich contextual visibility and control over your enterprise-wide network, you’ll need to be able to effectively manage your operational and cyber-risks in as near real time as possible. Enabling your security team with a single, converged view of all your IT, IoT and OT assets and threats will simplify the task of prioritising alerts and responding to incidents in a timely manner with minimal business disruption. Ideally, you’ll also want to automate threat response with context-aware policy-driven workflows as much as possible, such as immediately containing a compromised or non-compliant device until it’s been remediated
We understand you need to adopt a next-generation strategy that will protect your ‘enterprise of things’ and allow you to digitally transform safely. So, we’ve created a solution that offers complete visibility across your entire IT and OT estate, by combining our integrated security platform with BT’s Managed Network Access Control (NAC) and OT Threat Management Security services.
The solution takes a Zero Trust approach by accurately identifying and continuously assessing the risk posture of every connected device and automatically enforcing regulatory and corporate policy compliance based on real-time device intelligence, such as required device configurations, network access and segmentation policies. The solution can also automate policy-driven, context-aware workflows in response to threats or non-compliance detection to mitigate and/or remediate these incidents, further reducing risk and increasing operational efficiency.
To find out more about our combined services, please speak to your account manager.