Rather than referring to a specific type of technology or device, the Extended Internet of Things (XIoT) is a holistic umbrella term that encompasses all cyber-physical devices connected to the internet. An organization's XIoT can include cyber-physical systems in a variety of contexts, including industrial (OT and ICS devices), healthcare (connected medical devices), and commercial environments (building management systems and enterprise IoT).
In this blog, we'll address some frequently asked questions about the XIoT and the importance of securing it properly.
The XIoT refers to all connected assets that underpin CPS in industrial, healthcare, and commercial environments. It has emerged as a side effect of digital transformation and, thus, escalating interconnectivity between the internet and assets that control physical processes.
This cyber-physical web spans everything from OT assets such as PLCs, to building management system (BMS) devices such as HVAC controllers and elevators, to IoT devices such as security cameras and vending machines, to healthcare and IoMT devices such as infusion pumps and MRI machines.
Diagram visualizing the broad scope of the XIoT umbrella, as well as the benefits of the XIoT for industrial, healthcare, and commercial environments.
To put it simply, digital transformation has intensified so that an incredibly broad range of assets are now interconnected, making it difficult for a solution intended solely for OT, IT, or any other specific use case to cover all the bases. Understanding the need to secure enterprise XIoT environments holistically, Claroty provides comprehensive visibility and security for any and all connected assets in your environment.
Digital transformation has been ongoing and well-documented for more than a decade, but it has been catalyzed dramatically since the start of the COVID-19 pandemic. In the world of technological innovation, two years is a long time, even under typical circumstances. But as a global health crisis forced enterprises around the world to rely more than ever on digital communication and remote work, it's safe to say that most enterprise networks are far more decentralized and interconnected than ever before.
An XIoT asset is an umbrella term that refers to any physical asset that serves as or connects to CPS. It’s important to note that beyond OT, BMS, IoT, or IoMT assets, the XIoT encompasses any information technology (IT) assets that may be directly or indirectly connected to CPS.
The escalating digital transformation that continues to fuel the XIoT provides ample opportunity to drive innovation, growth, sustainability, and efficiency, but these benefits often come at the cost of making cyber-physical systems far more susceptible to cyber threats. In addition, the XIoT greatly complicates the requirements for securing and managing these critical assets.
Unless properly secured, the XIoT can be conducive to threat actors targeting and compromising CPS. As a result, organizations may face costly downtime, as well as negative impacts on critical outcomes such as patient care and manufacturing process integrity
One of the most critical challenges security teams face is providing secure remote access to their evolving technology environments. Digital transformation has made network boundaries more difficult to define, rendering traditional, perimeter-based approaches to cybersecurity obsolete. Not only are more employees working from home — new types of data are now moving through the cloud, from communications controlling industrial processes to medical images and sensitive patient data. Traditional, IT-centric VPNs were not designed to handle these complex use cases, and security teams need purpose-built technology to protect the complex and diverse set of assets within their organization's XIoT.
As the network perimeter for operational environments such as manufacturing sites and healthcare facilities become increasingly difficult to define, security teams must adopt a zero-trust approach to protect assets through granular least-privilege access enforcement. In doing so, it's crucial to understand that zero trust is not a one-and-done, off-the-shelf solution that can simply be implemented in a "set it and forget it" manner. Rather, zero trust must be seen as a strategic approach leveraging multiple data points that provide context to enable risk-based decisions.
Cybercriminals are well aware of the challenges security teams face in protecting their XIoT — which in addition to remote access, also visibility, threat detection, network segmentation, and vulnerability management. And with the fifth anniversary of the NotPetya ransomware attack coming later this month, it's safe to say it's made a lasting impact on threat actors' shift from opportunistic attacks to a more deliberate, targeted, and strategic approach. Over the past year, we've seen targeted ransomware attacks disrupt operations across a wide range of industries, and the main takeaway for defenders should be the need for a thorough and comprehensive security strategy that covers their entire XIoT.
Enterprises are rapidly modernizing their industrial and commercial environments by deploying new XIoT assets alongside their existing brownfield CPS equipment. These conditions are fueling new risk blindspots, amplifying scalability requirements across technology stacks, and leading to more types of cybersecurity stakeholders with increasingly complex needs.
We introduced xDome to tackle these challenges and, ultimately, further enable enterprises to embrace digital transformation safely, securely, efficiently, and with confidence.
xDome spans the entire cybersecurity journey, from empowering organizations with complete asset visibility and effective vulnerability and risk management, to enhanced network protection, to optimal detection and response. Core use cases and capabilities include:
Asset Discovery: A complete XIoT asset inventory is the foundation of the industrial cybersecurity journey. To ensure full visibility, xDome offers three flexible methods that can be combined or used separately based on the unique needs of each environment.
Vulnerability & Risk Management: xDome automatically correlates every asset with our comprehensive vulnerability database. Customers can leverage 90+ variables to customize their risk tolerance parameters, which xDome then ingests to provide tailored risk scores and recommendations to inform effective mitigations.
Network Protection: xDome leverages its XIoT to recommend network communication policies. Customers can then easily monitor, refine, and automatically enforce these policies through their existing infrastructure. This lays the lay foundation for effective implementation of Zero Trust best practices that insulate environments against threats.
Threat Detection: xDome continuously monitors for the earliest indicators of known and emerging threats. By profiling all assets and communications, xDome establishes a baseline of normal behavior to weed out false positives and minimize alert fatigue.
Asset & Change Management: xDome harnesses in-depth asset insights and an enriched CMDB to monitor for maintenance issues and necessary updates, enable SLA compliance, support audit requests, and drive workflow and supply chain efficiencies.
xDome is the first and only SaaS-based platform to support the full industrial cybersecurity journey without compromising on the breadth or depth of controls. Highlights include:
The broadest and deepest asset discovery capabilities of any SaaS solution. All other SaaS solutions only offer “one-size-fits-all” asset discovery via passive monitoring, xDome offers three discovery methods — passive monitoring, our patent-pending Claroty Edge collector, and enrichment via third-party integrations — that customers can mix and match to achieve full visibility in a manner best-suited for their environment.
Vulnerability and risk management support backed by award-winning research. xDome is the only SaaS solution with vulnerability and risk management capabilities backed by Claroty’s domain expertise and acclaimed research arm, Team82.
Unmatched network segmentation controls that protect against escalating risks. Only xDome has the depth of knowledge and purpose-built technology needed to jumpstart and optimize customers’ segmentation programs via expert-defined policies that can be automatically enforced with customers’ existing firewall and NAC solutions.
The industry’s lowest time-to-value (TTV) and total cost of ownership (TCO)
As a SaaS solution with quick and easy deployment options and a flexible UI purpose-built to adapt to all operational, cybersecurity, and executive needs, xDome deploys and scales effortlessly no matter the user or use case.
The intensified digitization and cyber-physical connectivity of the XIoT signifies the many challenges and opportunities presented to enterprises and critical infrastructure operators as we stand at the threshold between Industry 4.0 and 5.0. The escalation of digital transformation provides enormous opportunities to boost operational efficiency and performance, but it also leads to the creation of technology environments that are far more complicated to secure and manage than the primarily IT-centric networks of the 2000s and early-to-mid 2010s.
Year over year, we are seeing an increase in vulnerabilities affecting industrial, healthcare, and commercial environments — and every year, cybercriminals grow increasingly savvy and strategic in their efforts to exploit them through ransomware and other types of cyberattacks. Unless properly secured, the XIoT can be conducive to threat actors compromising and spreading laterally across targeted networks. As a consequence of a targeted attack, organizations may face costly downtime, as well as negative impact on critical outcomes such as patient care and manufacturing process integrity.