Story image

Combat converged IT and OT security risks - Forescout

09 Apr 2019

Ongoing digital transformation combined with escalating attacks on IT and operational technology (OT) networks by increasingly sophisticated hackers is creating unprecedented levels of vulnerability for organisations.

At specific risk are healthcare organisations, manufacturers, energy providers, and any business where building management technology is part of the IT network. 
This risk is putting new demands on CIOs and CISOs who are now tasked with protecting this entire business ecosystem.

In the next two years, the amount of OT security managed directly by CIOs and CISOs is likely to double.

By 2023, Gartner predicts that the average CIO will be responsible for more than three times the endpoints they managed in 2018.

To meet the challenge, they need complete device visibility and control, according to ForeScout. , for, Forescout Asia Pacific and Japan senior director Steve Hunter says, “The rapidly expanding use of connected devices to automate business operations and boost efficiency is impacting security.

“This is particularly prevalent in the healthcare sector where Internet of Things (IoT) devices help manage and monitor patient health, and in manufacturing and energy provision, where traditional industrial control systems are increasingly intertwined with the corporate IT network to create a hyperconnected infrastructure. 

“The convergence of OT with IT isn’t necessarily new but it is being seen in unexpected areas. For example, facilities managers used to hold full responsibility for building access management,” Hunter says.

“Now, tenants such as bank branches are more likely to control some of those access systems, creating a new layer of OT that needs to be secured. 

“The challenge for businesses across all industries is to identify where this convergence is occurring in their organisations and act accordingly to shore up any security blind spots that are leaving them at risk and vulnerable.” 

A recent survey by Forescout revealed that 85% of respondents believe integrated visibility into their IT and OT environments would add value to their organisation by addressing challenges including increasing interconnectivity between IT networks and operational/industrial systems (27%); the ability to keep up in real-time with the increased volume of devices and vulnerabilities (19.5%); the lack of visibility into the growing number and diversity of network-connected devices, especially Internet of Things (17.5%); and siloed security solutions that don't communicate with each other (11%). 

Forescout has identified four key features that organisations need to combat the risks of converged IT and OT systems: 

1. Device discovery 
The number of devices and endpoints is exploding, and each one represents a risk to the network. IoT and OT devices represent most of the new devices, so it’s essential for organisations to gain complete and reliable visibility into what these devices are and where they’re connected, across the business location, data centre, cloud, and OT networks. 

2. Auto-classification 
Once visibility is achieved, organisations need a tool that accurately identifies and catalogues the devices. Granular classification is essential to create and enforce targeted policies to secure these devices. This process must be automated because manual processes can’t keep up with the rapidly-increasing number of devices; even one compromised device connecting to the network could be disastrous. 

3. Risk assessment 
The growing connectivity between IT and OT networks makes it essential to understand the risk profile of devices in both domains. A vulnerable device on either side can compromise the entire network, causing business disruption and financial loss. Therefore, organisations need a solution that assesses devices’ vulnerability and detects rogue devices. Then, the solution can enforce mitigating controls such as segmenting these devices into safe network zones until they can be remediated or their access blocked. 

4. Control orchestration and automation 
Highly-skilled security teams waste too much time manually troubleshooting low-impact issues, distracting them from proactive risk reduction or fast threat response activities. It’s essential to have a security platform that provides device context as well as the ability to orchestrate actions and automate controls such as network segmentation and incident response. Hunter says, “It’s important to have full visibility into IT and OT networks for organisations to maintain a secure posture.”

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.