Get the latest updates on the Coronavirus impact on engineers.Click Here
Cybersecurity

IT-OT collaboration needs context and increased visibility

Information technology (IT) and operational technology (OT) are continuing the process of working together, but non-manufacturing types need more understanding and context of what is happening on the plant floor for this merger to work.

By Gregory Hale April 30, 2020
Courtesy: Kepware

Information technology (IT) and operational technology (OT) are continuing the process of working together – or even uniting – but what is truly needed these days is the ability to grant the non-manufacturing types more understanding and context of what is happening on the plant floor.

After all, they need as much help as possible, not because they are not smart people, but a mistake could be very costly at the least.

“We don’t view OT cybersecurity as a separate discipline,” said Galina Antova, co-founder and chief business development officer at cybersecurity provider, Claroty. “A company has a series of networks, and those networks are interconnected, whether or not you want to label them IT or OT, it doesn’t really matter to the attackers. To the adversary, the network is a full network. We identify the core security controls like asset management, vulnerability management, or virtual segmentation and think about the way you can expand those controls to the OT technology. In effect, providing security teams with the capability to see those assets and start securing those assets in the communications.”

Antova said the goal has been and continues to be finding those invisible pockets in the networks and providing security teams with the necessary tools.

Platform upgrade

That is one reason why she was making the rounds to tout Claroty’s enhanced platform with stronger capabilities reduce risks posed by increasing connectivity between OT and IT networks.

Claroty upgraded its Continuous Threat Detection (CTD) 4.1 and Secure Remote Access (SRA) 3.0 components, where the platform addresses four areas integral to risk reduction: Visibility, threat detection, vulnerability management, and triage and mitigation.

The four areas include:

Visibility: Before the risk to an industrial environment can be reduced, it must be assessed, which requires full visibility into the environment’s OT network. With CTD 4.1, users can see and customize their view of critical information. SRA 3.0 focuses on securing OT remote access, but it also provides real-time monitoring and recordings of all remote sessions.

Threat detection: Aside from visibility, OT threat detection also requires distinguishing true threats from false positives. It can now automatically weed out false positives and alert users in real-time to anomalies and known and Zero Day threats. With CTD 4.1, users can also access and act on the latest OT threat intelligence with automatic updates via the Claroty Cloud.

Vulnerability management: The prevalence of legacy systems means vulnerabilities are common, but so are false positives and negatives due to visibility and bandwidth limitations. The updated platform resolves these issues by automatically identifying and comparing each OT asset to an extensive database of vulnerabilities.

Triage and mitigation: Time can significantly impact risk. The longer it takes for an alert to be evaluated, a threat neutralized, or exposure mitigated, the greater the risk to OT availability, reliability, and safety. New features within CTD 4.1 and SRA 3.0 combine purpose-built automation with deep OT context to further streamline and accelerate triage and mitigation processes.

“It is important to have conscious and contextual awareness,” said Warren Small, senior vice president and global head of security sales and innovation at NTT Ltd. “The industry is now pivoting to three domains: Let’s get visibility, then we can create a response program and then we can drive protection.”

With new visibility tools, manufacturers can be more proactive and not wait to suffer an attack.

“We continuously have to be looking for adversity, we continuously have to be looking for an anomaly, we have to be continuously assessing our point of weakness or our frame of weakness,” Small said. “It is now becoming a normal conversation.”

The catch is, manufacturers need security protection, but it has to be non-labor intensive.

“We need to make it as seamless as possible into (manufacturers’) technology stack and gain visibility into those previously unseen invisible parts of their networks that may include legacy devices,” Antova said.

Virtual zones

One of the advances Antova was touting was an extension of virtual zones capability.

“Not only is it possible to visualize an OT network in a better way, but you can also create policies of how those zones should be communicating to each other; how a human-machine interface (HMI) should be communicating to controllers between the different subnets and what are the relationships there. It really accelerates physical segmentation projects because you can now see your network and you know how you can segment it. But in the meantime, you can achieve risk reduction immediately.”

With IT getting more involved in the OT environment, this can now allow IT SOC analysts the capability to handle and understand an OT risk.

“We are providing an actionable analytic overlay on top of the alerts and threats, so the analyst can get better sense on what does that mean in the context of what is going on,” Antova said.

This content originally appeared on ISSSource.comISSSource is a CFE Media content partner.


Gregory Hale
Author Bio: Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector.