What Food and Beverage Companies Need to Know about OT Security
May 6, 2020
Digital transformation has been a boon for companies in the food and beverage industry. Connecting OT networks to IT systems for automation and inputs has unlocked tremendous business value – enabling improvements in operations efficiencies, performance, and quality of service. Most recently, we’ve seen food and beverage companies with digitally enabled supply chains able to quickly pivot to meet shifts and surges in demand during the Coronavirus pandemic.
Yet, IT-OT convergence can also be detrimental. Since many organizations lack visibility into their OT networks, adversaries can enter through the IT side and remain undetected within the OT environment for months or even years, looking for subtle ways to undermine operations and create havoc.
Threats to food and beverage companies
Some of the OT security-related risks food and beverage companies face include:
Malware infection. Without proper security controls in place, both targeted and non-targeted threats have the freedom to maneuver from IT to OT environments. The potential spillover from a malware attack to OT networks can be costly – disrupting or halting production and creating safety and compliance issues.
Threat from third-party remote access. External vendors remotely access plants’ OT networks to service existing machinery, including conducting maintenance work, error fixing, and performance readings. This exposes the systems and controllers on the shop floor to potential compromise if the authorized party’s systems are infected with malware, their access credentials are stolen, or they otherwise don’t adhere to security best-practices. It’s also important to have visibility into unauthorized as well as inappropriate use of access.
Change in controller operation at remote facility. Water treatment facilities, which ensure clean water for the manufacturing process, typically are physically isolated from the plant. The systems that run such facilities are expected to operate the same way every day. Any change can indicate a threat of contamination to the water, but most companies lack granular visibility into these systems to understand and explain changes.
OT security as a business enabler
Digital transformation is here to stay – but it must be done securely, which begins by eliminating blind spots so you can see threats anytime, anywhere across OT networks.
Claroty Continuous Threat Detection (CTD) delivers full spectrum IoT and OT visibility, continuous security monitoring, and real-time risk insights with zero impact to operational processes and underlying devices. The new CTD 4.1 uses five detection engines to detect potential malware infections and then automatically updates threat intelligence in real time to the Claroty Cloud, sharing the latest intelligence with the SOC for incident investigation.
To safeguard against threats resulting from external access, Claroty Secure Remote Access (SRA) limits authorized user activity to specific assets on OT networks while remaining completely segregated from the corporate IT network. SRA also blocks unauthorized parties attempting to access the shop floor for maintenance/support operations. Concurrently, CTD actively monitors the actions of privileged users for risky or unusual activity and, when it detects deviations from the normal baseline, sends alerts to the SOC for investigation and remediation. User sessions are stored for data analysis and forensics if suspicious activity emerges later.
When it comes to detecting changes in operations, even at remote facilities, CTD monitors the entire OT network and generates a behavioral pattern that characterizes legitimate traffic and activity. Deviations in the network and controller configurations trigger alerts to the SOC which are escalated for immediate investigation and response.
When processing plants and bottling and packaging facilities are geographically dispersed, monitoring and managing security risks becomes even more difficult. To simplify management at scale, the Claroty Enterprise Management Console consolidates data from Claroty products and provides a unified view of assets, activities, and alerts across multiple sites.
As we continue to enhance our solutions, the latest releases deliver even greater visibility and accessibility to all users. Expansions to protocol coverage, as well as the level of detail provided at the asset, network, and process levels, further enhances visibility. Meanwhile, fully customizable dashboards enable users to more-easily filter, pinpoint, and action the information most critical to their priorities.
In recent weeks, we’ve all gained a greater appreciation for operational uptime and availability across many industries – especially food and beverage. Now, more than ever, the impact of additional disruptions in the form of security threats will only be magnified as resources are already stretched to their limits.
As OT and IT environments continue to converge, OT security becomes a business enabler. Food and beverage companies can extend the value of their digital transformation and connectivity initiatives across the global enterprise and ecosystem of facilities while reducing risk. Even in the face of disruptions, you can move forward with greater confidence and clarity.
To learn more about the Claroty Platform and its new features, request a demo.