Blog · 21 Mar 2022

A co-managed approach to security is the future of OT

Deciding how to secure your OT environment must balance out cost, risk, level of in-house expertise and the time available.

Richard Bainbridge
General manager, cyber security portfolio

While there’s widespread agreement that an OT environment moving towards Industry 4.0 needs robust security, how to achieve that is still up for debate.

DIY OT security: why some choose to go it alone

Many organisations have had the same OT environment for years. They know their equipment inside out and, with so much in-house expertise, it’s easy to assume keeping it secure will be straightforward. A big plus for this DIY approach is that it avoids the potential frustration and lags of full outsourcing - where even the simplest tasks must be logged with a third party before they can be completed. And, on the surface, it can look like a DIY route offers cost savings – after all, it’s ‘just’ adding a few more responsibilities to the team’s existing remit.

However, a DIY approach means any OT security solution is the sole responsibility of the organisation. There’s no ongoing support from the vendor, and both management and security fall to in-house teams to grapple with. This generally means a significant volume of alerts to triage and constant tuning to stay on top of new threats and environment changes. Most teams just don’t have the capacity or skillset to manage this effectively. And, when they do turn back to the OT vendor for support, vendors are often either unwilling or unable to provide the outsourced Security Operations Centre (SOC) services that organisations need – including incident response.

Is an integrated OT / IT security platform the answer?

Driven by the increasing need to provide a full organisation-wide view of risk, some organisations are attracted to the idea of integrating IT and OT security.

However, integration can be challenging for established businesses. For organisations starting from scratch, building both IT and OT environments at a greenfield site, it’s a viable and attractive option. But most aren’t in this position, meaning the only way to achieve seamless integration is by re-architecting the organisation’s entire infrastructure.

A more viable compromise can be found in evolving the existing OT network by adding appropriate security related policies and controls that run in parallel with the IT network. It paves the way for a co-management set-up where the organisation works alongside an OT security partner.

Co-management offers the best of both worlds

Co-management offers a middle ground between the potential frustrations of outsourcing and the potential shortcomings of a DIY route. It brings together the strengths of both sides of the partnership in a simple and time-efficient way. The precise balance chosen can flex to reflect the organisation’s security maturity and OT expertise.

Partnering with a managed security service is also a good option for organisations looking to scale up their operations. Too often, successful pilots are abandoned due to difficulties in scaling across multinational operations. A global service partner can bridge this gap to help push the business from pilot to full rollout.

It’s important to remember that much of the benefit from an OT threat management platform is in the visibility that it provides into operational anomalies - not just security alerts - which in many cases can be as much as 50% of the total.

In our experience, co-management works best when organisations split responsibility along operational process vs. security lines. The customer manages any events that require operational understanding, and the security partner manages security alerts. It means the organisation has access to triaged alerts and actionable information, as well as the experience and equipment to accelerate wider security projects like segmentation or asset discovery.

Co-managing OT security in action

Co-management can begin at any point in an organisation’s evolution. A global pharmaceutical we work with, for example, already had an OT security platform when it approached us. It was looking for specific help with eyes-on-glass for alerting, as well as logistical capabilities like hardware replacement, configuration backup and configuration restoration to support the platform globally.

In another instance, an Australian mining company we already managed the IT SOC for, asked us to integrate this with the OT SOC. The aim was to centralise detection and outsource the initial time-consuming monitoring and triage of security alerts. We now manage a combined IT / OT SOC, categorising security alerts and, where necessary, passing these on to the correct people within the business to deal with them in-house. The company retains control over its OT equipment, but didn’t have to learn new tools or upskill its workforce to manage OT detection and response.

A partnership to protect your OT

We have an excellent track record of providing managed security services to enterprises of all sizes for many years. We understand OT and our experts give vendor-agnostic advice on potential products and deployment options. We also have a comprehensive set of OT advisory services covering cyber maturity assessments, threat prioritisation, and OT asset discovery, so we can provide expert advice and recommendations from the outset of our partnership.

We also understand the full security ecosystem covering applications, data, devices, networks, identity and threat management - so our security advice spans an organisation’s complete environment. Plus, we have a global footprint, with SOCs that operate on a 24/7, follow-the-sun model, to support organisations wherever they are in the world.

And if you choose a fully outsourced IT / OT security approach, we also include that service in our OT Threat Management portfolio.

To find out more about how we can make your journey from standalone OT to Industry 4.0 safer, read our whitepaper ‘Industry 4.0: Solving the conundrum of connectivity and security’