Choosing a technology partner that can manage the complexities of IIoTJun 24th, 2019 Edit post
Nozomi’s solution is ideal for ICS, and provides full visibility and security, because it was designed with a thorough understanding of industrial networks and processes.
Traditional cyber security solutions were not designed to meet the specific needs of ICS (industrial controls systems), and as more of these systems come online, they become vulnerable to threats that are complex and sophisticated, making them hard to detect and prevent.
The industrial Internet of things (IIoT) is vastly different from other Internet of things (IoT) applications in that it centres around connecting machines and devices in critical industries, including petro chemical, oil and gas, power utilities and manufacturing. While the IoT includes consumer-type devices such as smart appliances, home security, lighting, fitness trackers, and other applications that don’t, besides for some extreme cases, cause an emergency or catastrophe should something go awry.
But when it comes to the IIoT, there is a lot more at stake. Any sabotage, system failure or downtime can result in high-risk, life threatening, situations. It could even cripple a country and bring it to its knees. The IIoT brings computers from IT to operational technology, opening up massive possibilities for instrumentation, and driving tremendous efficiency and productivity gains for almost any type of industrial operation. What makes the IIoT so different, is that despite the fact that it operates on the same principles to any other piece of IoT technology, with connectivity, sensors, automated instrumentation – the scale of it is vast, seeing up to hundreds of thousands of endpoints existing in a single IIoT deployment.
And with the IIoT, as an increasing number of devices are connected to the process control network, a growing number of risks arise. An industrial cyber security event could be anything that would negatively impact the ability to view, monitor and control industrial processes, and can result from a variety of situations, including malfeasance, human error and equipment failure. ICS are also vulnerable to threats that are not necessarily targeting them.
Let’s look at the notorious WannaCry ransomware that crippled organisations in 2017. It spread rapidly, and impacted they systems of major major organisations across the world. Although it was not its primary objective, it also managed to negatively affect ICS, infecting Windows computers that managed industrial control software. WannaCry was particularly cunning, as it spread rapidly, with no intervention from the user, making use of a Microsoft Windows vulnerability and a service message block (SMB) protocol dubbed EternalBlue. So why did it affect ICS and OT environments in when this was not the aim or motivation of the attack? Multiple plant systems (HMI, engineering station, and suchlike) employ Windows as the platform and the SMB protocol to communicate, and, therefore were affected through shared folders. What exacerbated the situation, was a lack of patching on multiple machines, a fact further aggravated in OT were patching, due to locations and reluctance to experience downtime. This, in conjunction with incorrect and badly managed segmentation, created an ideal environment for WannaCry to spread, infecting multiple machines, and shutting down processes.
So what can be done to help mitigate the potential impact of a cyber security event? Nozomi Networks has been providing innovative cyber security and operational visibility solutions for ICS for several years. The company applies network behavioural analytics to ICS environments, and its flagship product SCADAguardian, realising that you can’t protect or defend what you can’t see, delivers real-time visibility into process network communications and configurations. Its ICS network mapping and automated process analysis detects cyber attacks and operational missteps to allow immediate remediation.
The Nozomi Networks solution improves reliability for industrial control systems. It does this by providing superior network and asset visibility and by rapidly identifying cyber security and process risks. It significantly reduces industrial control system (ICS) monitoring and threat response efforts and results in improved availability and cyber resiliency.
Another aspect of ICS security and process reliability which the tech department has found challenging and onerous, is knowing which devices are vulnerable and need updates or special protection. SCADAguardian automatically identifies devices with vulnerabilities by checking against a repository that can be updated with the most recent disclosures on a user-defined schedule. It also uses a hybrid approach to detect risks and threats, including behaviour-based anomaly detection and multiple types of signature and rules-based detection. Moreover, anomaly detection and signature detection results are correlated with operational context to provide rapid insight into what is happening, reducing mitigation and forensic analysis time.
Nozomi’s solution is ideal for ICS, and provides full visibility and security, because it was designed with a thorough understanding of industrial networks and processes. The technology is 100% safe and reliable, and brings superior visibility, real-time network monitoring and threat detection.
For too many years, industrial operators and cyber security teams have faced the daunting task of trying to manage and monitor systems that were not thoroughly documented or easy to visualise. With Nozomi, as soon as the solution starts analysing the network traffic of an ICS, it builds an interactive, live visualisation of it.
Although breaches that were clearly carried out with malevolence litter the headlines, there are multiple cyber events that happen due to carelessness or negligence too. SCADAguardian identifies many indicators of attacks, including DDoS attacks, logic changes, man-in-the-middle or scanning attacks, process variable values reach a critical state, set-point changes, firmware downloads, malware signatures detected, and more. It blocks attacks and integrates with firewalls from several leading vendors for optional automated active response. If an anomalous or suspicious behavior is pinpointed, an alarm is generated and sent to security operators and network administrators. At the same time, SCADAguardian has the ability to automatically modify the right policy in a firewall to block the suspicious traffic.
The Nozomi solution also features incident and forensic tools that are tailored to speed response times and maximise employee productivity. The tools were built on top of a foundation of effective and proprietary dynamic learning, which greatly reduces false alerts.
In terms of safety and reliability, Nozomi understands that many industrial systems operate 24/7/365 and involve processes with notable safety risks. Network interruptions or system failures could harm individuals, or result in service or production interruptions, with negative economic consequences. Nozomi’s solution poses no risk to safety and reliability, it is completely passive, and observes network traffic via a SPAN or mirror port. It supports dozens of industrial protocols, and easily extends to proprietary protocols.
The industrial sector is evolving at an increasingly rapid rate. While connected systems deliver new benefits and improved productivity, they also continually increase cyber risk. Because of this, there are other key dimensions to IIoT security that can’t be overlooked, and the main one is choosing the right technology partner, who possesses the skills, expertise and experience to mange implementations in these complex environments.
Axiz is about building ecosystems. We identify and deliver outcomes that our customers want. We believe in injecting real value and transcending the technology by bringing complementary vendors into our stable, and building ecosystems with them. We started offering integrated products, software, services and capabilities that provides a marketplace or ‘ecosystem’, offering a wide range of services and solutions from (and to) our vendors and customers. It is a platform company business model, which differs vastly from the traditional distribution approach.
Choose a partner like Axiz, that understands the technologies down to their core, and offers environments built around flexibility, security and rapid evolution.