Mitigating Industrial Production Risk with Tripwire | The State of Security


It seems that the most popular topics in cybersecurity for the last year has been zero trust as well as the convergence of Information Technology (IT) and Operational Technology (OT). These developments are good, as they signal some positive motion towards better overall security. Some of the current risks are worth noting, with a forward glance to protecting specific industries such as oil and gas production plants.

What qualifies Tripwire as a capable partner in this arena? Tripwire is a leader in cybersecurity and compliance in the IT space. For over 20 years, Tripwire has been able to bring basic and foundational controls to our customers. We provide stable solutions in an otherwise unstable world of cybersecurity. Most recently, in 2015, we were acquired by Belden, which is now our parent company. 

Many people may recognize the Belden name, as it has appeared on every cable that runs everything from small electrical appliances all the way up to full electrical grids as well as the Internet. Belden has also acquired several industrial companies including Lumberg Automation, Hirschmann, Tofino Security, and others in the industrial space. This gives Tripwire customers a broad spectrum of expertise and real-world experience. 

Tripwire and Industrial Cybersecurity

Two areas where the combined areas of the Tripwire portfolio are perfectly realized to mitigate risk, cyber risk, and production risk. With cyber risk, we bring basic controls of IT and OT network and software solutions to mitigate that risk. Production risk is mitigated through reliable configurations and updates of your various devices, ensuring that your environment is operating at the highest output and dependability. How can we offer such high assurances?

We do so in the way we provide our solutions. Tripwire protects your organization by bringing in integrity controls, regulating and alerting on the configurations of your various software and hardware components. Then, we have automated workflows as well as integrations across the workspace. Tripwire also has a very large compliance library which can be applicable both internally and for regulatory needs. Our continuous monitoring platform provides results and tests in order to help customers improve and enforce their security policies. These results are also applicable for audits.

Some of the more refined features that our platform offers includes a hardware and software inventory, giving an organization better visibility into exactly what they are aiming to protect. Also, we offer log management, vulnerability management, and change control. These are all foundational elements in any cybersecurity program. An organization can build on that foundation with third party guidance – for instance, the CIS Controls. Tripwire’s product catalogue makes it easy to map directly to the CIS Controls, offering more strength and credibility to a security operation. 

We also address specific industry requirements. From an electrical utility standpoint, the NERC CIP standards are well-established and a cornerstone of our industrial business. Similarly, our libraries also include the IEC 62443 standards and NIST 800 guidance. From that standpoint, Tripwire is unique, as we are able to bring policy and regulatory audit results to our customers.

We see customers moving from an IT focus and then extending that into the OT spaces. Tripwire has the ability to provide both of those. Likewise, we can manage both of those solutions centrally instead of having to provide multiple consoles and solutions to get the job done. In this way, an organization has a newly established ability to bridge the IT/OT gap. The way we get to do that and really optimize operations from an OT standpoint is to reach out to it by leveraging the IT best practices.

Uniquely, we can also leverage resources and budget. So, closing of the gap is actually highly beneficial for OT in order to tap those resources. They’re well-established on the IT side. Tripwire accomplishes this with two different portfolios. One is through the Tripwire Enterprise product, which has been developed and improved over 20 years. Tripwire also provides Tripwire Log Center for log management, policy change detection, security configuration management, vulnerability assessment, and a dash boarding and analytics tool. On the OT side, we have taken full advantage of our partnership with the Belden, Hirschmann, Tofino,nd Garrettcom, and our OEM-labeled, OT-specific asset identification and vulnerability management tools. This gives our customers an IT portfolio that is based off of technologies that are used in the IT spaces, largely operating system servers.

In the OT spaces, we have OT protocol-driven device detection that relies on a passive technology or deep packet inspection. Those are largely protocol based, making them decidedly different technologies between the IT side and the OT side. Tripwire’s asset inventory, vulnerability management, and network topology results were purposely built for the OT environment.

What makes Tripwire unique is that we take the raw data of all of the devices whether they be IT or OT, their configurations, and their software. We collect the information, and then we put rules and tests upon those individual aspects in our cybersecurity mechanism. The output is actionable information that allows the IT and OT security operators to take the next steps to mitigate that cyber and/or production risk. With this, Tripwire provides the ability to apply cyber security policies and frameworks to IT and OT devices in one solution.

If we look to the Purdue model, it shows how the Tripwire product line maps to each segment of the industrial space, and it goes from IT all the way down to OT, making it easy to visualize.

There are many companies out there that can provide IT solutions, and there are many that can provide OT solutions, but what you really need is a company that can do both. The challenge here is really about a combination of assets, the combination of technologies that are in use, and the IT and OT administration of who owns and operates it. When we add in the budgetary considerations, it’s a very confusing space. However, the Tripwire product line offers the ability to cover all areas in both the IT and OT spaces.

In illustration for oil and gas industries, the physical control room is considered an IT space. Tripwire Enterprise and our IP360 active scanning tool gives the visibility required for industrial visibility. Coupled with Tripwire Industrial Sentinel, which provides asset identification and vulnerability management; Log Center that can work between the two products and Hirschmann hardware solutions give an organization the ability to provide the whole portfolio from the wellhead to the control room. This all creates the optimum set of solutions in order to leverage our resources and our budgets, as well.

Recently, we have also just revealed that we can also integrate Nozomi. Nozomi is another very popular solution in the OT spaces. We have collaborated with them in order to do likewise integration of bringing the Nozomi assets into Tripwire Enterprise for security policy application. This is another very powerful integration, further bridging the gap between IT and OT. We are about to release a managed service for our OT solutions.

We all know that cyber risk is not going away, and one of the most important areas that needs the best protection is our industrial control systems. The only way to truly achieve full security coverage in critical infrastructure is through the nexus of IT and OT. Whether it’s SCADA or a DCS system, timing matters, reliability matters, and all of these can have an impact on your production.

Tripwire offers the ability for IT and OT solutions to bring you cybersecurity risk mitigation as well as production risk mitigation in order to ensure that both areas are with the least risk possible. You can learn more here: https://www.tripwire.com/solutions/industrial-control-systems.



Source link