 back to blog

Vectra and Nozomi Networks Safely Secure the IT/OT Convergence

Henrik Davidsson
Sr. Director for Global Partner Strategy, Programs & Enablement, Vectra
August 12, 2019
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

The time of separated networks—when you could safely keep tools for manufacturing, transportation, utilities, energy and critical infrastructure apart from your IT environment—is long gone. The need for organizations to adapt to digitalization and accommodate how people want to work has forced organizations to move information technology (IT) into operation technology (OT).

Consequently, this shift has dramatically increased the number of IT and IoT devices in OT environments. It has also provided benefits driven by automation, supply chain effectiveness, agility, flexibility, big data intel and more. Unfortunately, it’s also a green field for cybercriminals due to the significant expansion of the OT attack surface.

IT and OT environments are fundamentally different in nature. IT and internet of things (IoT) environments run on IP-based networks and are exposed to all attack vectors out there in the wild. OT environments are highly specialized and proprietary, usually by the producer of the OT tool, and security often has been set aside. Tools that look at OT protocols need to be extremely competent on the specific protocols and behaviors of these systems.

From my experience having worked on a few IT/OT projects, I recommend starting by visualizing threats in the IT/IoT environment because most originate in the IT environment and then progress into the OT environment. Once the IT/IoT environment has the right level of visibility, it is vital that the OT environment is handled. Each environment requires a different technological approach to understand the underlying protocol and attack behaviors.

As leaders in their respective domains, Vectra and Nozomi Networks have joined forces to provide customers with a holistic view and visibility into threats across IT/IoT/OT environments through a single pane of glass.

Attacking IT/OT environments can be initiated by rogue states, hacktivists, corporations, individual troublemakers and criminal organizations where motivation is driven by everything from counter intelligence, havoc, and intellectual property to individual anger. There have been several reports on potential attacks on power plants, nuclear generators, water supplies, as well as weaknesses onboard ships which could be exploited.

Other scenarios might include:

  • Changing the formula to medication in the production line of a pharmaceutical company.
  • Tampering with the viscosity of tires to impact automobile manufacturing supply chains.
  • Emptying the ballast tanks of a ship putting it in danger of capsizing.
  • Locking down a country’s mobile network grid or shutting down its energy supplies.

The potential list of consequences is immense, posing a significant impact on target organizations and society as a whole. Many organizations lack resources, tools and processes to adequately mitigate and minimize the attack surface for these types of threats, and there is often a lack of responsibility over who owns the responsibility of both environments.

To increase effectiveness, organizations should adopt a holistic view of their environments by combining IT and OT landscapes. The key benefits of working with Vectra and Nozomi is complete coverage of cyberattacks inside the industrial network, including the progression of attacks. This enables you to quickly identify advancing threats and take appropriate action.

Vectra and Nozomi also identify and prioritize host devices that pose the highest risk to an organization across IT and OT environments. And the integration capabilities of both solutions enable customers to generate more value out of existing investments such as SIEMs, EDR, forensics tools, firewalls and NAC. Both solutions are also MSSP-friendly for customers who need dedicated security monitoring and resources around the clock.

For more information about Vectra and Nozomi, check out the solution brief.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch