We have been talking about the need for fully integrated security platforms more than 20 years. Yet, each time a new security challenge emerges, hundreds of vendors rush to provide a targeted solution for that specific threat. The result is a disconnected collection of technologies and tools that CISOs and their security teams struggle to use in an efficient and effective way. A recent global report by Ponemon Institute and IBM confirms this, finding that organizations are using more than 45 different security tools on average, and each incident they respond to requires coordination across 19 tools on average. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack than those respondents with less tools.
There’s no need to replicate the complexity that hinders detection and response on the IT side. Because most critical infrastructure environments are starting with a clean slate when it comes to industrial cybersecurity, we have an opportunity to take a simpler approach. Instead of introducing more isolated tools into your overall security infrastructure, what’s needed is a single, agentless solution that includes asset visibility to identify vulnerabilities and suspicious behavior, continuous threat monitoring to detect and track threats that cross the IT/OT boundary, and secure remote access solutions with strict controls over sessions. With capabilities to connect OT security to IT systems, workflows, and endpoints, including IoT and IIoT devices, you eliminate the complexity and blind spots that point solutions introduce. Combining multiple capabilities within one industrial cybersecurity platform also eliminates the need to partner with more consultants and deploy more resources to manage and maintain solutions each with their own interface.
The time is now
Two recent examples highlight the urgency for this approach.
First, the stealthy nature of the SolarWinds supply-chain attack, and the advanced capabilities and backdoors in use, require that any organization running affected versions of SolarWinds Orion software be on alert, including critical infrastructure, industrial control systems (ICS), and SCADA operators. Once inside the environment, it’s likely that the threat actor has been able to move laterally on Orion customer networks to gain access to other network domains in order to steal data or exploit other vulnerabilities. As organizations tend to “whitelist” network management systems to prevent false positives, the attackers have been able to use this foothold to hide in plain sight. Their presence is further enabled when organizations lack visibility into the contents of their industrial networks and detection techniques to look for unusual behavior.
More recently, the attack against the Oldsmar, Florida, water treatment facility which involved a remote attacker connected via TeamViewer desktop-sharing software, is a prime example of attackers moving seamlessly between endpoints and OT networks and assets. Fortunately, operators were able to cut off the attacker’s access and prevented contaminated water from ever reaching the public. But underlying their quick action are systemic problems across critical infrastructure that are going to be compounded as more companies enable remote connections to critical industrial systems.
We need to think of security holistically because it’s clear that for adversaries, a network is a network, so attacks are intertwined.
Enabling the business
A simpler, comprehensive approach to industrial cybersecurity enables you to identify, manage, and protect your OT, IoT, and IIoT assets. What’s more, when you extend integration to include connecting your industrial cybersecurity program to your IT security program, something even more powerful happens. Strategically, you can look at governance and processes holistically and centralize responsibility and accountability for enterprise-wide risk management with the CISO. Tactically, IT and OT teams are able to work together so you can avoid duplicating processes and efforts and save valuable resources. The result is more secure and efficient operations and reduced risk for the lowest possible total cost of ownership, as well as far greater support from, and alignment with, the rest of the business.
The continuous innovation happening in cybersecurity is essential and exciting. But to fulfill the long-term vision of companies in the industrial space to unlock new business value through digitization, the time has come for comprehensive solutions that seamlessly and securely work across the extended ecosystem. It’s the only way businesses can operate, drive resiliency, and innovate in the industrial economy with an acceptable level of risk.