In my blog about how new threats require proactive security posture management, we explored the increasingly volatile cyber threat landscape and how Critical National Infrastructure (CNI) providers need to be able to “see everything” across their IT and OT technology assets to manage their exposure.
This sounds good in theory, but the reality is that it’s a colossal challenge. Many CNI providers have been providing critical services – for decades. As a result, they’ve amassed a truly daunting number of different IT and OT systems from various suppliers stretching back over many years. Understanding the entire asset inventory is a challenge, let alone making changes to network access or understanding exposure to the latest threats and vulnerability exploits.
Fortunately, the Skybox Security Posture Management platform can help customers address this challenge. Using the platform, customers can create a detailed network model that spans the IT/OT estate, precisely emulating the actual multi-domain network of the organization. The model is a dynamic, visual representation of the network generated by aggregating and centralizing data about all the firewalls and network assets harvested from a range of sources.
Having a detailed and dynamic network model of the individual organization is an incredibly powerful tool for analyzing the status quo, simulating changes, and playing out “what if” scenarios.
Ensure network access compliance
Marking the network model in terms of access zones (for example, Internal, External, DMZ) makes it possible to analyze network access compliance across the IT and OT estate. Skybox can analyze access between the different network segments, identifying all the relevant routes between the zones as well as any pertinent firewall rules along the route.
Skybox is a powerful simulation tool that analyzes access between one or multiple networked points across the estate. This gives the organization the ability to demonstrate and ultimately ensure they comply with the regulations governing network segmentation.
Boost network firewall security
Using the Skybox network model, organizations ensure the firewalls across the technology estate are correctly configured in line with industry best practices. Rule compliance policies are used to inspect specific rules to identify violations in the configured source, destination, port or application.
Access compliance policies can be used to identify firewall rules that allow violating traffic to move between network zones. To help maintain good firewall hygiene, Skybox identifies shadowed or redundant rules, optimizing overall performance.
Optimize network change management
Because the Skybox network model is a true and constantly up-to-date representation of the organization’s actual network, it’s easy to track any changes made to firewall access rules, recording new, deleted, and modified rules to create a comprehensive audit trail for the purposes of troubleshooting, forensic analysis, and compliance.
Change records include details of the change made, the time and date stamp and details of the user who made the change. These change records make it easy to reconcile every detected change to the firewall with an existing change request in the organization’s chosen change management platform.
Manage network segmentation and compliance
The network model lies at the heart of the Skybox Security Posture Management platform. It is the ideal simulation and assurance tool for managing network segmentation and compliance, particularly for CNI providers with substantial and complex IT and OT technology estates.
But it performs another vital function as well. It enables the organization to understand the extent of their exposure to threats and vulnerabilities and manage the vulnerability lifecycle, from discovery to closure. Subscribe to our special Blog series ‘Securing operational technology’, where we continue to explore this topic.