What Does Industrial Cyber Security Have in Common with the NYPD?

My daily commute into Manhattan, as is the case with most New Yorkers, involves mass transit. There has been a highly successful campaign by the NYPD that if, on one’s journey something looks amiss, report it to an NYPD officer in the area. 

How Can We Start Identifying Potential Threats to Industrial Environments?

The promotion is smart because having 10,000 eyes looking for a problem will yield results faster -- and more comprehensively. A similar idea is now beginning to gain in popularity when it comes to identifying and arresting potential threats in industrial environments.

More virtual eyes on the converging IT and OT environments can help find stealthy and sophisticated security incidents that might evade point security products that do not work together in cooperation with one another.

For example:

  1. OT Centric Views

    OT networks have historically NOT generally been built with an eye to security. With the move to IIoT however, these environments are now extremely vulnerable to attacks.

    One important element in achieving OT security is to partner with an ICS security leader that not only protects the network against attacks targeting the OT infrastructure, but also the devices that are operating in that environment.

  2. OT to SIEM 

    SIEMs are designed to gather feeds from different areas of the global network. By using advanced correlation methods, you can find questionable behaviors or traffic and alert on it.

    The power of the SIEM is to take the “haystack” of data and find the needles in them. ICS centric security solutions can provide a crucial feed from the OT environment and forage it to the SIEM for analysis.

    For the very first time, SIEMs can perform the advanced correlation to identify threats on the IT side and the OT side as attacks can have a lateral creep to encompass both.

  3. OT to NGFW 

    Next generation firewalls go beyond analysis to stop attack propagation with advanced rulesets. Like the previous example, NGFWs can take the additional intelligence from the ICS vendor and build appropriate rule sets and enforcement that span both IT and OT.

This new reality has significantly changed the attack footprint and thus has obviated the methods by which security companies threat hunt in this new era of attacks.

Like the NYPD's concept of more eyes on the problem and the mantra of “see something, say something” this is being adopted in the world of industrial cyber security.

The Importance of Bridging the Gap Between IT and OT Security Vendors

Partnering of IT and OT security vendors for comprehensive visibility, security and control across the environments is vital.

This is being wholly embraced by security conscious industrial organizations, not only because it raises the security profile of the company, but also because it helps them get additional value out of security products they already have.

[Watch Webinar] Bridging the Gap: A Map to IT/OT Convergence

Indegy has partnered with a number of top IT security leaders including next generation firewall providers such as Palo Alto, Fortinet, and SIEM solutions such as McAfee, Forescout, RSA and Splunk to bridge the gap between IT and OT environments and provide the virtual eyeballs needed to identify and mitigate threats before the damage is done. 

These types of partnerships can provide organizations with solution value that is bigger than the sum of the individual parts. It also allows organizations to securely and efficiently carry out their mission without having to accept unacceptable risk.

Now, that’s something.

Industrial Security