Five steps to improve OT security

Modern vulnerability management tools are needed to proactively manage security posture amidst increasing IT and OT network complexity.

A new Skybox research study, “Cybersecurity risk underestimated by operational technology organizations” finds that network complexity, functional silos, supply chain risk, and limited vulnerability remediation options impede companies from securing their OT systems.

Over 78% of all respondents and 75% of CISOs and CIOs said complexity due to multivendor technologies pose a challenge to gaining complete visibility across their attack surface. In addition, 96% of energy and 87% of utilities respondents said the same.

Almost half of CISOs and CIOs said disjointed architecture across OT and IT environments and the convergence of IT technologies are two of their top three greatest security risks. And 56% of Security Architects and engineers said that one of the most significant risks to their OT environment is that misconfigurations will open their network to bad actors.

Without complete network visibility of the IT-OT attack surface, teams cannot see misconfigurations, understand vulnerability exposure, identify access policy violations, tackle weak security controls, and improve change management capabilities. Without these insights, companies will be ill-prepared to meet today’s cybersecurity challenges. Here are five steps companies can take to navigate complexity and shore up their OT security:

1. Strengthen security posture management

Because many companies lack a proactive approach to strengthen their security posture management systems, they are often reactive due to an inherent lack of resilience. Instead, organizations should be focusing on creating mature, consistent, and enterprise-wide security posture management programs. This joint approach across the IT and OT environments enables leaders to optimize security planning, deployment, and remediation processes to reduce exposure risk.

2. Implement automation to ensure continuous compliance

The propensity for human error to muck up IT and OT security is a problem that will only worsen. And that’s why automation is so critical to maximizing security posture.

Automating workflows, such as change processes and validation, removes human errors, streamlines operations, and reduces the risk of misconfigurations. For example, automated closed-loop workflows for firewall rule creation, recertification, and de-provisioning to close security gaps, limit vulnerability exposures, and maintain continuous compliance. For large companies, this type of automation is imperative to minimizing network risks.

3. Find exposed vulnerabilities with the network model

Organizations must see and understand their entire attack surface, including IT, OT, virtual and multi-cloud networks. Illuminating the whole network provides a better, more complete foundation to understand risks anywhere in the organization. How do you do that? With a network model. A network model provides a visualization of all network elements across an organization’s various environments combined with understanding all the rules and configurations. With network modeling, you can run security assessments and simulations against all the devices, vulnerabilities, and configurations within the security environment.

Security, IT, and OT teams can gain the context needed to implement automation across a wide range of operational security processes. Network modeling provides the insights and visibility needed to perform accurate exposure analysis. The ability to prioritize the most dangerous vulnerabilities reduces downtime and other operational impacts.

Zero in on what matters with a network model to reduce cyber exposure and minimize business disruption. Watch video.

4. Eliminate silos for unified security efforts

Create a standard view, processes, and communications to eliminate silos between security, IT, and plant managers. Mitigate security blind spots by sharing comprehensive data sets across teams, assets, and infrastructure. This transparency allows for the collection, normalization, and optimization of data sets.

The ability to connect, aggregate, analyze and normalize data across devices enables teams to speak the same security language and work together to find and prioritize critical vulnerabilities to bolster security resilience and limit downtime. In addition, IT can see what needs to be patched instead of stopping production to unnecessarily patch the entire network by knowing all the access paths and infrastructure components, including firewalls.

5. Remediate with options that go beyond patching

What security teams need today is a solution that calculates risk scores for assets by factoring together four critical variables: the asset’s measured CVSS severity, vulnerability exploitability; asset importance; and asset exposure based on the security controls and configurations in place across the network. After accessing how dangerous the risk is to the organization, the next step is to provide prioritized remediation options that include:

  • Applying IPS signatures
  • Modifying access rules
  • Making network segmentation adjustments to block attack paths
  • Updating and optimizing firewall and security device policies/rules
  • Updating and optimizing networking device configurations and patching as needed

Security teams can better protect OT environments when provided a scorecard that highlights the most dangerous risks and the best options to fix them.

Enterprises need to move from looking in the rear-view mirror toward proactively managing their security posture to prevent disaster. They need to continuously assess the overall strength of their security controls, processes, and compliance programs and proactively strengthen security efficacy to reduce exposure risks. In addition, it is necessary to gain visibility across IT and OT systems, identify and prioritize exploitable vulnerabilities, and correlate this data with unique network configurations and security controls to determine if the system is potentially open to a cyberattack. Only then can companies prevent breaches to their critical infrastructure.