Balancing Risk with Reward in the New IT/OT Reality
By The Claroty Team | April 20, 2021
The convergence of IT and operational technology (OT) networks isn’t a new phenomenon. In fact, it has been happening for years. However, it accelerated and became prevalent during the COVID crisis, as enterprises in every sector underwent extremely rapid change, on everything from online collaboration tools to secure remote access. Nearly overnight, even employees who previously worked on the shop floor could make changes to production lines and manufacturing processes from their home offices. Organizations that were able to pivot faster to adapt to a new, distributed model succeeded in continuing operations and gained competitive advantage. Some companies have reported improved performance, and more than 80% of employers now say the shift to remote work has been successful. It’s clear, IT/OT convergence is the new reality.
At the same time, this accelerated convergence has also exposed security gaps. In July of last year, the NSA and CISA issued an alert calling for immediate actions across all 16 critical infrastructure sectors to reduce exposure of industrial operations that are internet accessible. And a report published recently by the U.S. Government Accountability Office points out that because electricity grid distribution systems are largely no longer air-gapped, connectivity to IT networks or direct connections to the internet introduce vulnerabilities ripe for exploitation.
Cross-domain visibility and threat detection
Industrial enterprises and critical infrastructure companies need core security controls that span the entire enterprise, as exposure and attack vectors can come from any attack surface. Until recently, OT and IT networks were managed differently because of their different characteristics. IT teams typically prioritize confidentiality of data over integrity and availability, whereas the teams that run OT networks prioritize availability (or uptime), over integrity and confidentiality. What’s more, organizations tended to think of these as separate networks, but it has become abundantly clear that adversaries don’t see things this way. To them, a network is a network, so attacks are intertwined. Threats, such as ransomware, have clear pathways across the IT/OT boundary.
So, while it’s true these networks are different and require different security approaches, the goal is the same–risk reduction. Defenders must be able to monitor for threats and detect the different steps in the attack kill chain–along these pathways across the IT/OT boundary, and anywhere on these networks. Solutions that provide this cross-domain visibility, while respecting differences, are what’s needed for truly effective risk reduction.
The CrowdStrike-Claroty Joint Solution addresses this challenge, bringing together The Claroty Platform’s unmatched OT asset discovery and threat detection capabilities with CrowdStrike Falcon’s leading endpoint telemetry. The joint solution helps organizations get full-spectrum IT/OT/IoT visibility and detection capabilities for threats that cross the IT/OT boundary for proactive risk management.
Proactively managing risk requires being able to examine risk from different yet complementary perspectives to bring context to the overall security of an environment. Organizations need a clear understanding of both their asset risk posture and of their network traffic.
Understanding asset risk posture begins with visibility into industrial control system (ICS) networks and endpoints, and centralizing IT and OT asset information without the need for added connectivity. This way, human-machine interfaces (HMIs), historians, and engineering workstations (EWs) can be enriched with information about IT threats and vulnerabilities, improving the security of these assets without impacting productivity or downtime. This extensive caliber of visibility the CrowdStrike-Claroty Joint Solution provides, serves as a solid and critical foundation for superior threat detection and vulnerability management capabilities.
Contextual security information related to network traffic is also key to identifying and tracking threats that cross the IT/OT boundary. Many attacks that impact OT environments begin on the IT network, which means defenders need threat signatures for ICS devices and OT networks as well, in addition to those built for IT systems. The CrowdStrike-Claroty Joint Solution secures the converged IT/OT enterprise, without the need for signature reconfiguration or manual updates, to accelerate detection and response.
A converged IT/OT environment requires a converged approach to IT/OT security, whereby IT and OT teams can work together for more effective and efficient security governance and strengthened security posture spanning all connected sites. This has always been the ultimate goal, now brought forward due to world circumstances. And with growing appreciation among organizations for the significant rewards when IT and OT networks converge, and the availability of an all-in-one solution to mitigate risk, the time to realize this goal is now.