De-risk IT/OT convergence: rethink cybersecurity risk management

Common patterns have been found in CI attacks that have occurred over past 10 years. Many of the attacks weaponized existing vulnerabilities or cyber hygiene gaps such as weak passwords and insecure apps or protocols. Network convergence implies that IT environments can enable pathways to OT targets. While the rise of OT vulnerabilities must be watched, vulnerabilities in IT assets must also be vigilantly defended. “Vulnerability debt,” the noncritical vulnerabilities that are ignored or accepted form the time being so products ship faster, must be considered as they are ticking time bombs. It’s a myth that vulnerabilities that are already known are harmless, as it’s easier for threat actors to weaponize older, known unpatched vulnerabilities to breach organizations.

Companies we talk to who are dedicated to maintaining cybersecurity with IT/OT network convergence tell us they struggle with four major problems:

• No single pane of glass view of assets and vulnerabilities for IT and OT estates.
• No consistent, effective framework for addressing vulnerabilities across the entire lifecycle, from discovery to remediation to reporting.
• Small teams struggling to comply with increasingly stricter regulations and passing audits successfully.
• Challenges in pinpointing connectivity gaps in complex converged networks.

To best meet critical infrastructure organization’s cybersecurity needs, part of our business strategy at Skybox is to join with the right technology alliance partners to provide a holistic cybersecurity solution. We recently held a webinar that shares the details of our alliance and the benefits that customers receive.

Nozomi Networks and Skybox Security bring together innovative technologies to solve OT cybersecurity challenges

The Skybox Security and Nozomi Networks alliance offers a solution that reduces risk, provides unprecedented visibility into OT, IoT, and IT environments and improves operational reliability. Nozomi Networks provides comprehensive monitoring that generates immediate breach and failure alerts with actionable real-time insights so organizations can respond before their operations are compromised. Customers have full knowledge about their assets through immediate access to asset and networking data in all OT, IoT, and IT environments, giving them actionable intelligence that enables them to detect and respond to instability and problems before equipment fails address cyber threats as they happen.

Combining the Skybox Security Posture Management platform, customers can aggregate and centralize complete sets of data that reflect their security controls and network configurations from all domains: on-premise data centers, public and private cloud networks, OT networks, and all networks that connect their various business locations, users, assets, and applications. With these rich data sets, the Skybox platform models the customer’s hybrid network, allowing them to visualize and gain full context and understanding of their attack surface. The Skybox platform then provides customers with visualization, analytics, and customized reporting that empowers them to make informed decisions. They can automate actions and prioritize remediation so they ultimately achieve an optimized overall security posture.

Customers gain exponential value due to the Nozomi Networks and Skybox Security technology alliance

The value of our integration with Nozomi Networks is that customers achieve comprehensive visibility of all IT, OT and IoT assets and vulnerabilities, obtain a multi-factor risk scoring framework for prioritizing risks, diverse remediation options, and flexible, easily customizable dashboards and widgets for complete reporting capabilities.

Nozomi Networks and Skybox Security join together to help organizations navigate the significant risk brought about by IT/OT convergence. They are doing that because they are getting numerous benefits, such as:

• Reduced (or capped) costs and complexity due to the reduced number of management systems
• Rapid assessment of the state of operations from both IT and OT
• Increased nimbleness of Integrated operational and production systems
• Improved reporting using visibility across a holistic set of metrics; correlation

In addition to the benefits, there have been many drivers for organizations to move to IT/OT network convergence, including globalization, pandemic-era support for remote access and systems oversight, and a tighter integration with the supply chain.

Cyber risk management challenges resulting from IT/OT convergence

By opening their systems to IT/OT convergence, Organizations still have to deal with challenges that they need to fully understand so it is easy to navigate skillfully between both IT and OT stakeholders. It is with these challenges that we see major cybersecurity issues emerge. These challenges are:

• Performance – Critical systems availability and strict latency requirements exist with overarching HSE/Health and Safety and Environment concerns. System downtime means reduced throughput, product schedule slippage, a total plant shutdown, or worse injuries or fatalities.
• Systems – IT and OT systems that were physically separated are now connected and accessible.
• Complexity – Patching and maintenance are difficult due to proprietary devices often being deployed in remote and even inhospitable or hazardous locations (e.g., offshore rigs, underground mines). There are also device obsolescence issues.
• Skills – There is already a talent gap in cybersecurity, so finding practitioners who also understand IT/OT convergence implications is rarer. In addition, some organizations still have silo-ed IT and OT security teams and lack clear identification of which team owns initiatives.

Rethinking security to de-risk IT/OT convergence

Through our alliance with Nozomi Networks, customers now have a way to address all these challenges and solve these problems associated with IT/OT convergence. Customers can now take advantage of the following cybersecurity capabilities necessary to de-risk IT/OT convergence:

• A comprehensive inventory of OT and IT assets and vulnerabilities for a single baseline view.
• A continuous, vulnerability lifecycle management program-oriented approach for prioritizing the riskiest vulnerabilities, remediating them, and reporting on results.
• Real-time visibility and cybersecurity of Every Device, Everywhere.
• Actionable intelligence and insights driving business decisions.
• Secure automated processes for regulatory compliance that reduce the burden on small teams.
• A path for access analysis based on context from the converged infrastructure.

Because OT environments are particularly vulnerable, IT/OT convergence demands flexible and vendor-agnostic attack surface modeling to reduce critical cybersecurity risks and optimally stop cyberattacks in their tracks. However, our research has found that, on average, organizations have upward of 75 security technologies in their environment but haven’t realized the full benefit of these solutions. They still lack a clear understanding of their evolving business risk; can’t figure out how to optimize all their technologies, controls, and people resources to address the complex security landscape; and struggle to do all of this efficiently due to manual and disconnected processes.

The number of new vulnerabilities exploited in the wild rose by 24% in the past year. That signals how quickly cybercriminals are now moving to capitalize on new weaknesses, shrinking the window that security teams have to detect and address vulnerabilities before an attack.

The time is now for organizations to move to a comprehensive, well-integrated set of tools and techniques to move from firefighting attacks to preventing breaches.

Get the report that provides insight into the rapid evolution of the threat landscape: