Combat converged IT and OT security risks - Forescout
Ongoing digital transformation combined with escalating attacks on IT and operational technology (OT) networks by increasingly sophisticated hackers is creating unprecedented levels of vulnerability for organisations.
At specific risk are healthcare organisations, manufacturers, energy providers, and any business where building management technology is part of the IT network.
This risk is putting new demands on CIOs and CISOs who are now tasked with protecting this entire business ecosystem.
In the next two years, the amount of OT security managed directly by CIOs and CISOs is likely to double.
By 2023, Gartner predicts that the average CIO will be responsible for more than three times the endpoints they managed in 2018.
To meet the challenge, they need complete device visibility and control, according to ForeScout. , for, Forescout Asia Pacific and Japan senior director Steve Hunter says, “The rapidly expanding use of connected devices to automate business operations and boost efficiency is impacting security.
“This is particularly prevalent in the healthcare sector where Internet of Things (IoT) devices help manage and monitor patient health, and in manufacturing and energy provision, where traditional industrial control systems are increasingly intertwined with the corporate IT network to create a hyperconnected infrastructure.
“The convergence of OT with IT isn't necessarily new but it is being seen in unexpected areas. For example, facilities managers used to hold full responsibility for building access management,” Hunter says.
“Now, tenants such as bank branches are more likely to control some of those access systems, creating a new layer of OT that needs to be secured.
“The challenge for businesses across all industries is to identify where this convergence is occurring in their organisations and act accordingly to shore up any security blind spots that are leaving them at risk and vulnerable.”
A recent survey by Forescout revealed that 85% of respondents believe integrated visibility into their IT and OT environments would add value to their organisation by addressing challenges including increasing interconnectivity between IT networks and operational/industrial systems (27%); the ability to keep up in real-time with the increased volume of devices and vulnerabilities (19.5%); the lack of visibility into the growing number and diversity of network-connected devices, especially Internet of Things (17.5%); and siloed security solutions that don't communicate with each other (11%).
Forescout has identified four key features that organisations need to combat the risks of converged IT and OT systems:
1. Device discovery
The number of devices and endpoints is exploding, and each one represents a risk to the network. IoT and OT devices represent most of the new devices, so it's essential for organisations to gain complete and reliable visibility into what these devices are and where they're connected, across the business location, data center, cloud, and OT networks.
Once visibility is achieved, organisations need a tool that accurately identifies and catalogues the devices. Granular classification is essential to create and enforce targeted policies to secure these devices. This process must be automated because manual processes can't keep up with the rapidly-increasing number of devices; even one compromised device connecting to the network could be disastrous.
3. Risk assessment
The growing connectivity between IT and OT networks makes it essential to understand the risk profile of devices in both domains. A vulnerable device on either side can compromise the entire network, causing business disruption and financial loss. Therefore, organisations need a solution that assesses devices' vulnerability and detects rogue devices. Then, the solution can enforce mitigating controls such as segmenting these devices into safe network zones until they can be remediated or their access blocked.
4. Control orchestration and automation
Highly-skilled security teams waste too much time manually troubleshooting low-impact issues, distracting them from proactive risk reduction or fast threat response activities. It's essential to have a security platform that provides device context as well as the ability to orchestrate actions and automate controls such as network segmentation and incident response. Hunter says, “It's important to have full visibility into IT and OT networks for organisations to maintain a secure posture.