Unleash OT Security with the Best of IT
If I were planning security for an exhibit of the crown jewels, you can be sure I’d coordinate efforts with other galleries in the facility. After all, a thief who broke into an adjoining gallery would be just a wall away from breaching mine.
The same applies to securing operational technology (OT) and information technology (IT) networks. IDC highlights the need for IT/OT collaboration on cybersecurity in a new Infobrief called “The Future of Industrial Network Security: Harnessing IT/OT Collaboration and Security Technologies to Build Cyber-Resilient Industrial Operations.” Here’s a summary of IDC’s key points.
IT/OT collaboration is essential for securing industrial networks
IDC writes, “As industrial operations increasingly rely on IT and cloud resources, managing OT security in isolation is no longer viable.” IT/OT collaboration is essential because threats can and do traverse networks. In fact, malware and ransomware pose just as much as a threat to OT as targeted attacks on industrial control systems (ICS). Threats cross from IT to OT when a control engineer clicks a malicious link in a phishing email, for instance, or when a contractor plugs an infected USB stick into an OT workstation.
Of the industrial organizations that IDC surveyed, 71% say they work with IT to secure operations. The study also shows that OT teams that work most closely with IT have the most advanced security practices.
Don’t build a security silo to protect OT—instead, extend the IT security stack
IDC warns that “IT and OT silos create inefficiencies and increase risks.” So rather than building a brand-new silo for OT security, extend the existing IT security stack to also protect the industrial environment. Industrial and enterprise networks need the same protections, and IT security teams already have mature tools and the needed skills. IT security tools can also secure industrial networks if they’re given visibility into OT assets and the context of the industrial processes they’re protecting.
With Cisco Cyber Vision, our Industrial Threat Defense solution brings OT visibility and context to IT security tools that industrial organizations already use. For example, Cisco Secure Firewall Management Center uses the OT asset groups created by Cyber Vision to isolate network segments, strengthen perimeter security, and limit the attack surface. To enforce device-level access policies, Cisco Identity Services Engine looks at the OT asset profiles in Cyber Vision to make sure ISA/IEC-62443 Zones & Conduits segmentation policies won’t disrupt production. Cisco security tools all play well together to protect industrial networks.
Modern threats require the security operations center to monitor OT, IT, and cloud
As OT teams continue to digitize operations, they’re adopting more software, IT technologies, and cloud resources. Today’s complex environments combined with AI-powered cyberattacks and interconnected network domains make modern threats much more difficult to detect. IDC writes, “Organizations need a unified, integrated view of security data from best-in-class IT security tools to enable effective threat detection across IT, OT, and cloud.”
Managing OT security in isolation is no longer viable. Even when dedicated to OT, a security operations center (SOC) needs telemetry from IT to detect patterns and advanced threats that could otherwise go unnoticed. Splunk, Cisco’s market-leading security information and event management (SIEM) platform, can correlate telemetry from all security tools, including OT security data coming from Cyber Vision. The Splunk OT Security Add-on expands the capabilities of the Splunk platform to help analysts zoom into specific OT information when needed. The result is the ability to conduct advanced investigations, detect modern threats that traverse IT, OT, and cloud domains, and automate response to better protect both the industrial and enterprise networks.
Realize that the industrial IoT has different requirements than other cyber-physical systems
The “best” shoe depends on whether you need it for hiking, tennis, or a wedding. Similarly, the best security solution for cyber-physical systems depends on whether you’re protecting the industrial IoT, the medical internet of things, smart building solutions, etc.
We’ve designed our Industrial Threat Defense solution specifically for industrial use cases. Cisco has been helping industrial organizations digitize and secure operations for over 20 years, giving us a deep understanding of OT requirements. Our security solutions for OT visibility, policy enforcement, and zero-trust remote access are embedded in Cisco rugged industrial networking devices. Embedded security helps to lower costs, especially in large-scale deployments. It also helps to make security more effective by collecting data and enforcing policy on the switches or routers that connect OT assets.
The IDC Infobrief concludes, “Adopting scalable unified solutions is critical for organizations looking to strengthen resilience and ensure industrial security. By fostering IT/OT collaboration and making strategic investments in security, businesses can safeguard their industrial operations today and prepare for the future.”
Learn more about protecting OT assets—the crown jewels—in IDC’s new Infobrief:
Share:
