Bridging the Gap Between IT and OT Network Security
Shannon Ragan Nov 14, 2016
Cyberattacks on systems managed by industrial control system (ICS) networks can have a catastrophic impact on safety, economies and critical services, which makes them a notorious and potentially lucrative target.
“From a technology perspective, these networks are especially attractive, which is why we’re seeing more attackers target them,” said Skybox VP of Products Ravid Circus. “The standard defenses IT networks rely on — next-generation firewalls, packet inspectors, intrusion prevention systems — don’t translate to these environments. Combined with their legacy technology, out-of-the-box settings and lackluster patching, this is a huge area for cyber risk.”
With network modeling, access simulation and vulnerability analysis, security professionals can unify cybersecurity management of IT and operational technology (OT) environments. Comprehensive attack surface modeling brings enhanced visibility to critical infrastructure deployments, enabling end-to-end access analysis from any source to any destination including virtualized networks and ICS devices. Vulnerability exposures can also be analyzed on the model using context-aware attack simulations which take into account existing security controls and known risks. This way, security teams can be sure to identify exposures anywhere in their IT or OT network and focus response on actually critical risk. These security management improvements mean increased uptime and reduced disruptions in critical infrastructure operations.
Skybox Joining Forces with CyberX
Skybox has launched an integration with the CyberX industrial internet security platform. Through the integration, Skybox will power complete visibility across industrial control systems (ICS), supervisory control and data acquisition (SCADA) and IT networks.
The CyberX XSense platform models OT networks as a state machine. XSense uses continuous monitoring, real-time data collection and machine learning to detect unfamiliar activity to protect against cyberattacks and operational malfunction or tampering.
Integration with the Skybox® Security Suite pulls data from the XSense platform into a visual, interactive model of the attack surface. The model combines ICS and SCADA network data with information from a variety of sources including the Skybox® Vulnerability Database, threat intelligence feeds, security analysts, SIEMs and more. This provides comprehensive visibility and contextual intelligence for more accurate prioritization of cyber risks not just in the IT network, but across the entire organization.
“As the Industrial Internet and IT networks grow, the line between the two is disappearing fast, and attackers know it,” said CyberX CTO and Co-Founder Nir Giller. “With Skybox, we’re helping customers in industries such as energy, manufacturing, and oil and gas to ensure their security also bridges that gap. You need to be able to consolidate all of your connected assets and understand how the interrelationships impact risk. This integration makes that possible – and actually pretty easy.”