The time of separated networks – when you could safely keep tools for manufacturing, transportation, utilities, energy and critical infrastructure apart from your IT environment – is long gone.
The need for organizations to adapt to digitalization and accommodate how people want to work has forced organizations to move information technology (IT) into operation technology (OT).
Consequently, this shift has dramatically increased the number of IT and IoT devices in OT environments. It has also provided benefits driven by automation, supply chain effectiveness, agility, flexibility, big data intel and more.
Unfortunately, it’s also a green field for cybercriminals due to the significant expansion of the OT attack surface.
IT and OT environments are fundamentally different in nature. IT and internet of things (IoT) environments run on IP-based networks and are exposed to all attack vectors out there in the wild.
OT environments are highly specialized and proprietary, usually by the producer of the OT tool, and security often has been set aside. Tools that look at OT protocols need to be extremely competent on the specific protocols and behaviors of these systems.
From my experience having worked on a few IT/OT projects, I recommend starting by visualizing threats in the IT/IoT environment because most originate in the IT environment and then progress into the OT environment.
Once the IT/IoT environment has the right level of visibility, it is vital that the OT environment is handled. Each environment requires a different technological approach to understand the underlying protocol and attack behaviors.
As leaders in their respective domains, Vectra and Nozomi Networks have joined forces to provide customers with a holistic view and visibility into threats across IT/IoT/OT environments through a single pane of glass.
Attacking IT/OT environments can be initiated by rogue states, hacktivists, corporations, individual troublemakers and criminal organizations where motivation is driven by everything from counter intelligence, havoc, and intellectual property to individual anger.
There have been several reports on potential attacks on power plants, nuclear generators, water supplies, as well as weaknesses onboard ships which could be exploited.
Other scenarios might include:
The potential list of consequences is immense, posing a significant impact on target organizations and society as a whole.
Many organizations lack resources, tools and processes to adequately mitigate and minimize the attack surface for these types of threats, and there is often a lack of responsibility over who owns the responsibility of both environments.
To increase effectiveness, organizations should adopt a holistic view of their environments by combining IT and OT landscapes.
The key benefits of working with Vectra and Nozomi is complete coverage of cyberattacks inside the industrial network, including the progression of attacks. This enables you to quickly identify advancing threats and take appropriate action.
Vectra and Nozomi also identify and prioritize host devices that pose the highest risk to an organization across IT and OT environments. And the integration capabilities of both solutions enable customers to generate more value out of existing investments such as SIEMs, EDR, forensics tools, firewalls and NAC.
Both solutions are also MSSP-friendly for customers who need dedicated security monitoring and resources around the clock.
For more information about Vectra and Nozomi, check out the solution brief.
Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.