Enterprise IT managers face an uphill battle when it comes to detecting and mitigating ever more frequent and sophisticated cyber threats. In their constant match of wits against sophisticated hackers, next generation firewalls (NGFWs) have emerged as a game-changing IT security asset. And enterprises worldwide have voted with their pockets - a recent MarketsandMarkets report forecasts 12.3% CAGR for the NGFW market from 2017 to 2022, reaching USD 4.27 billion by 2023.
With the increasing convergence of IT and OT threats, industrial enterprises are looking for ways to leverage and adapt their existing IT cybersecurity investments to address new cyber threats targeting their OT networks as well.
Integrating NGFWs with dedicated ICS security solutions, such as the Indegy Industrial Cybersecurity Suite, can provide industrial organizations with comprehensive and effective protection for their IT and OT networks. Let's explore some of these advantages and see how such an integrated solution works.
Deploying NGFWs in OT Networks
A next generation firewall is an IT-oriented network security device that provides advanced filtering capabilities beyond a traditional, stateful firewall. In addition to port and protocol inspection of incoming and outgoing network traffic, NGFWs typically include functionality like application awareness and control, integrated intrusion prevention and threat intelligence.
NGFWs offer a deep-packet inspection function that examines the data carried in network packets. They are also well-equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. This is very important for detecting complex, multi-vector attacks that can traverse from the IT to the OT network.
NGFWs have been deployed in critical infrastructure sectors, including utilities and transportation, oil and gas, and manufacturing, with various levels of success in preventing cyberattacks on ICS and SCADA.
Adding OT Expertise to Your IT Cybersecurity Arsenal
With the rise of external and internal threats targeting industrial infrastructure, organizations need real-time, 360-degree visibility and security while addressing the unique technical and operational requirements of their OT networks.
In this context, deploying NGFWs in conjunction with OT-specific security tools can enhance network visibility and control. Monitoring OT network traffic and ICS devices requires technical expertise and tools that don't exist in most IT organizations. NGFWs, for example, cannot query ICS devices in their native language. This type of functionality is critical for detecting unauthorized changes to ICS devices that do not travel across the network (e.g., serial connection).
Another key OT security requirement is an up-to-date and accurate inventory of ICS assets. A typical ICS network may contain hundreds of controllers (PLCs, RTUs, DCSs) from a mix of vendors. To assess risk and build an effective defense strategy, you need to know the manufacturers, models, firmware versions, latest patches and current configuration for each asset in your network.
NGFWs can integrate with ICS asset discovery and tracking tools. Detailed asset inventory information, such as IP address, device type, vendor and model, can be delivered as a tag to the NGFW. This enables admins to define and extend security policies across IT and OT environments and improve their overall cybersecurity posture.
In addition, by combining OT alerts with IT procedures and policies in a single pane of glass, industrial organizations can reduce management complexity and accelerate the implementation of OT-focused firewall rules.
1) Streamline ICS device maintenance using granular security policies
Critical maintenance activities require network connections to sensitive ICS devices. Setting up a connection may necessitate a change in the NGFW intentionally strict security policies. These activities often need to be authorized on short notice, which requires detailed asset inventory information or clear visibility into the ICS network.
By integrating OT network security with the NGFW, administrators can configure policies that apply to specific ICS assets using DAG, taking their various characteristics into account. For example, when ICS network access is required to update engineering stations, the NGFW administrator can set a policy that applies only to these devices without having to rely on IP addresses which may have changed over time.
2) Secure Network Connection Between ICS and IT Environments
To enable network connections between assets in the ICS network and corporate IT applications, NGFW administrators are compelled to set permanent firewall rules that are too permissive and can’t automatically adapt when changes occur. This increases security risk by expanding the potential attack surface.
Using an integrated solution, administrators configure specific rules for individual ICS assets and to group assets by type or vendor. There is no need for prior knowledge of the network or IP address specifics. For example, an administrator can set a rule to allow only necessary communications to facilitate data gathering by a manufacturing efficiency system to other devices in the OT network.
In summary, by integrating NGFWs with dedicated ICS security solutions, industrial organizations can augment visibility and control of the OT network. This type of integration enables unified detection of IT and OT threats, faster mitigation of potential risks and maximum return on investment.
Learn about Indegy's OT security integration with a NGFW: