Our new Biannual ICS Risk & Vulnerability Report is the most up-to-date look at CVEs disclosed in OT devices.
Check it out!
Three reasons why CISOs should focus on OT security at RSA Conference
Feb 10, 2020
The convergence of IT and OT networks is creating greater urgency to bridge the IT/OT security gap. While convergence unlocks business value in terms of operations efficiency, performance, and quality of services, it can also be detrimental because threats that target OT environments now have a pathway into IT environments and vice versa. This creates additional challenges for Chief Information Security Officers (CISOs). The three reasons below are why CISOs and their teams should meet with the Claroty team on-site at RSA Conference in San Francisco.
1. Digital transformation is shrinking the divide between IT and OT.
No industry is untouched by digital transformation—the adoption of digital technologies that shift an organization’s core operations in order to boost productivity, reduce costs, capture market share, or better-serve customers, among other objectives. Specifically for the manufacturing, oil and gas, utilities, and similar industries, digital transformation efforts are widespread yet present a host of new security challenges.
These efforts typically entail increasing connectivity between IT and OT networks, thereby creating pathways between industrial processes, as well as the machinery that controls them, on the OT side and the proprietary information, systems, endpoints, and ultimately, the open internet on the IT side. The result is a greater surface area and more vectors for potential cyber attacks, as well as a greater risk of exposure to such attacks.
Although cyber attacks can range extensively in terms of type, motivation, and impact, it’s crucial to recognize that OT environments in particular–and especially those in the aforementioned industries–have historically been seen as desirable targets by nation states and other threat actors seeking to advance geopolitical agendas via cyber warfare.
Claroty Co-founder and Chief Business Development Officer Galina Antova will cover this topic in-depth during her presentation titled “The Age of Economic Warfare: What to Expect in This New Reality” on Friday, February 28, at RSAC. Register for the talk.
2. Your traditional IT security solutions are incompatible with OT environments.
One of the biggest challenges IT security leaders often face with respect to OT security stems from the myriad fundamental differences between IT and OT.
More specifically, while IT environments control the flow of information, comprise standardized protocols and assets, and can be feasibly visualized and assessed as necessary, their OT counterparts are the polar opposite. Rather than information, OT controls physical processes and machinery; proprietary protocols, legacy systems, and unfamiliar (and often unknown or unidentifiable) assets are prevalent.
While these differences do mean that traditional IT security solutions are simply incompatible with OT, they don’t necessarily mean you’ll be forced to make substantial investments in new tools and staffing in order to properly secure your organization’s OT environment.
Claroty’s converged IT-OT security solutions are tailored to the unique characteristics of OT environments and integrate seamlessly with SIEMs, SOARs, analysis platforms, ticketing systems, firewalls, and a number of other IT security solutions you almost certainly already use.
If you’d like to learn more about our robust integrations ecosystem and converged approach to OT security, we’ll be available onsite during RSAC and would be happy to discuss with you. Request a meeting.
3. Effective OT security is not only good for IT security—it’s good for business.
The benefits of a secure OT environment are far-reaching and compounding. Given the mounting convergence between OT and IT, these benefits include reduced exposure to cyber risks that originate within an OT network but traverse connectivity paths into the IT network. In other words, stronger OT security yields stronger IT security.
Another often-overlooked but impactful benefit, however, is the fact that OT security is a business enabler. In addition to improving OT availability, safety, and reliability, Claroty’s solutions are agentless and passive, meaning they can be easily installed and operated by IT teams, OT teams, or both without disrupting productivity or causing downtime.
As a result, our customers gain more uptime and thus greater efficiency and resilience across the business, security, and production operations.