Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

Vectra and Nozomi Networks safely secure the IT/OT convergence

By:
Henrik Davidsson
August 12, 2019

The time of separated networks – when you could safely keep tools for manufacturing, transportation, utilities, energy and critical infrastructure apart from your IT environment – is long gone.

The need for organizations to adapt to digitalization and accommodate how people want to work has forced organizations to move information technology (IT) into operation technology (OT).

Consequently, this shift has dramatically increased the number of IT and IoT devices in OT environments. It has also provided benefits driven by automation, supply chain effectiveness, agility, flexibility, big data intel and more.

Unfortunately, it’s also a green field for cybercriminals due to the significant expansion of the OT attack surface.

IT and OT environments are fundamentally different in nature. IT and internet of things (IoT) environments run on IP-based networks and are exposed to all attack vectors out there in the wild.

OT environments are highly specialized and proprietary, usually by the producer of the OT tool, and security often has been set aside. Tools that look at OT protocols need to be extremely competent on the specific protocols and behaviors of these systems.

From my experience having worked on a few IT/OT projects, I recommend starting by visualizing threats in the IT/IoT environment because most originate in the IT environment and then progress into the OT environment.

Once the IT/IoT environment has the right level of visibility, it is vital that the OT environment is handled. Each environment requires a different technological approach to understand the underlying protocol and attack behaviors.

As leaders in their respective domains, Vectra and Nozomi Networks have joined forces to provide customers with a holistic view and visibility into threats across IT/IoT/OT environments through a single pane of glass.

Attacking IT/OT environments can be initiated by rogue states, hacktivists, corporations, individual troublemakers and criminal organizations where motivation is driven by everything from counter intelligence, havoc, and intellectual property to individual anger.

There have been several reports on potential attacks on power plants, nuclear generators, water supplies, as well as weaknesses onboard ships which could be exploited.

Other scenarios might include:

  • Changing the formula to medication in the production line of a pharmaceutical company.
  • Tampering with the viscosity of tires to impact automobile manufacturing supply chains.
  • Emptying the ballast tanks of a ship putting it in danger of capsizing.
  • Locking down a country’s mobile network grid or shutting down its energy supplies.

The potential list of consequences is immense, posing a significant impact on target organizations and society as a whole.

Many organizations lack resources, tools and processes to adequately mitigate and minimize the attack surface for these types of threats, and there is often a lack of responsibility over who owns the responsibility of both environments.

To increase effectiveness, organizations should adopt a holistic view of their environments by combining IT and OT landscapes.

The key benefits of working with Vectra and Nozomi is complete coverage of cyberattacks inside the industrial network, including the progression of attacks. This enables you to quickly identify advancing threats and take appropriate action.

Vectra and Nozomi also identify and prioritize host devices that pose the highest risk to an organization across IT and OT environments. And the integration capabilities of both solutions enable customers to generate more value out of existing investments such as SIEMs, EDR, forensics tools, firewalls and NAC.

Both solutions are also MSSP-friendly for customers who need dedicated security monitoring and resources around the clock.

For more information about Vectra and Nozomi, check out the solution brief.

About the author

Henrik Davidsson

Henrik Davidsson is director of sales business development at Vectra, where he is responsible for customer value creation & managed service providers. He has over 15 years’ experience in working with large enterprises, service providers and always stays in the frontline of new security challenges and coaching end customers and partners alike on how to augment their security posture and cyber resilience.Henrik has held leading position at companies such as Cisco, Juniper Networks, VMware, FireEye and NTT Security.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

How to gain full threat visibility where only the network exists

June 6, 2019
Read blog post
Security operations

Accelerate your cybersecurity with a managed detection and response service

June 20, 2019
Read blog post
Security operations

Vectra and Nozomi Networks safely secure the IT/OT convergence

August 12, 2019
Read blog post