Manufacturers Don’t Ignore the Convergence of IT and OT

Convergence is coming; resistance is futile. IT (Information Technology) and OT (Operational Technology), long seen as separate fiefdoms within most manufacturers, are coming together. IT and OT integration is quickly becoming accepted as a best practice that rationalizes investments and contributes to organizational agility. But while convergence has real upsides, it brings new risks with it from a cybersecurity perspective. The standard IT cybersecurity playbook simply won’t cut it when it comes to OT.

TL:DR: What protects your IT won’t necessarily protect your OT

In a recent survey by TrapX Security cited in the Security blog, 53% of cybersecurity professionals in US manufacturing organizations say their OT infrastructure is vulnerable to cyberattack. And this is for organizations that already have a dedicated cybersecurity group. A further 58% said they use a common strategy and tactics to protect both IT and OT. According to a joint study by the SANS Institute and firewall-maker Fortinet, 74% of OT organizations suffered malware intrusions over the last year, resulting in impacts on productivity, revenue, brand trust, intellectual property, and physical safety.

IT / OT Convergence - The Merck Example

Pharma companies are famously careful when it comes to cybersecurity. They are alert to the threat that ransomware can pose. But in 2017, a ransomware that became known as NotPetya crippled 30,000 workstations and 7,500 servers. But that was just a cover for an even more severe attack aimed at shutting down critical infrastructure. The attack, disguised to look like “consumer” ransomware, actually delivered a package targeted to cripple vulnerable OT infrastructure. The end result was that the production of a key medication was halted entirely. It took Merck 18 months to make up the production shortfall and cost the drug-maker over $1.3 Bn USD. You can read all about the Merck hack here.

How is OT risk Different From IT?

Your OT stack differs quite significantly from your IT stack. Unless you are a new operation, your OT stack was likely developed in a more closed environment, air-gapped from the wild world of the internet. Industry 4.0 and the advent of OT networking mean traditionally insulated OT systems are increasingly exposed to a broad range of potential cyberattacks.

Your OT stack is full of proprietary operating systems, ICS controllers, SCADA, and even IoT devices. While traditional IT cybersecurity systems like firewalls and SIEMs provided some protection, tools like antiviruses are not designed to protect your OT systems. If it’s difficult to effectively protect these systems, at the very least, they need to be continuously monitored for indicators of compromise.

Alert Overload

On top of that, organizations already face challenges with threat intelligence and response on the IT side. When you add all the new threat vectors represented by your OT systems, that load can become unmanageable. It’s called alert overload. And SOC teams all over are being overwhelmed by a tidal wave of threat intel.

In a 2019 article on the popular Security Boulevard blog, CISOs named alert overload a top 3 security team issue. The article also cites a study from Fidelis Cybersecurity where 67% of CTOs, CIOs and CISOs identified alert overload as a top challenge.

If your organization has a small SOC team or no specialized cybersecurity resources and your IT department takes care of responding to security alerts, the situation can spiral out of control quickly.

One Technology that Answers Both Challenges

The answer is Network Security Monitoring. For manufacturers, there is one technology that addresses both the difficulty of protecting OT infrastructure and the threat of alert overload crippling your ability to respond.

Protect IT and OT

Network security monitoring (threat detection, intrusion detection) works differently from perimeter-based solutions (like firewalls, SIEMs, antivirus and EDRs), which try to block threats at your network perimeter. Although they play an essential role in your overall security posture, those systems all have two limiting factors. Because they are signature-based, they can only detect known threats. Until a threat has been documented and your system updated, you have no protection. The other drawback is the need for your security team to sift through mountains of alerts, evaluate and then take action on serious threats.

Advanced network security monitoring technologies (like StreamScan’s CDS) use AI and machine learning to identify indicators of compromise being generated by devices (including OT devices), automatically quarantine the machine and block the threat. Advanced network security monitoring can provide an essential layer of protection behind your perimeter defences. It can provide visibility on IT, OT, cloud infrastructure and cloud applications.

As they are AI-based, these technologies can detect even zero-day attacks through behavioral profiling. Network monitoring is also your only line of defence for threats that make it through your perimeter. According to research from the Ponemon Institute in 2018, the average time it takes to detect a data breach is 128 days. With network monitoring, that figure drops to minutes.

Solve Alert Overload

Today’s security environments are, for lack of a better term, noisy. Because they identify a lot of threats, they generate a lot of alerts that all have to be evaluated and responded to.

Another key benefit of smart network security monitoring is the ability to integrate with existing security systems to automate threat blocking capability. Automated blocking improves your security posture by reducing delays and eliminating the possibility that threats slip through due to human error. Automation also reduces the repetitive workload on your security team and allows them to focus on other key tasks, and helps you control your need for new SOC team members. Interested in seeing how network security monitoring works, you can watch a quick 2-minute overview by watching our video.

Protect Your IT and OT with StreamScan

We’re convinced that after seeing our MDR solution (powered by our CDS network security monitoring technology) in action, you won’t want to leave your network and OT unprotected again. So we are offering a 30-day free trial that includes:

  • Fact-finding session
  • CDS configuration
  • 30-day free Proof of Concept
  • First month activity report and recommendations

Email: Freetrial@streamscan.ai

Phone: 1 877-208-9040