Safeguarding the Industrial IoT: Adopting a next-generation approach – Part 2

Trevor Daughney, VP of Product Marketing at Exabeam

The digitalisation of industrial assets is driving a growing awareness of the importance of protecting connected OT environments from cyberattacks that damage production, plant and assets – and expose sensitive data, says Trevor Daughney, vice president of product marketing at Exabeam

As we discovered in the previous article, cyber threats are increasingly being directed at industrial control systems (ICS) with the aim of shutting down production lines or inflicting massive physical damage to equipment.

With threats to industrial networks on the rise, employees responsible for managing and securing IT and OT will need to collaborate closely to pinpoint potential vulnerabilities and prioritise where security gaps need to be closed. In doing so, IT and OT teams gain the deep understanding they need of the inter-relationships between OT environments, business networks and the wider industrial ecosystem itself – which may also incorporate suppliers, vendors and partners.

That’s no easy task when you consider how, until now, IT and OT security issues have largely been addressed in their respective silos. What’s more, the challenge of addressing the security of OT solutions is not an easy one to surmount.

Air-gapped systems are not a viable solution

When it comes to protecting industrial control systems, many organisations still employ an approach known as air-gapping, or security by isolation, in a bid to bolster the security of legacy OT systems against cyberattack. However, while effective as a stop-gap security measure, air-gapping isn’t an ideal solution for the long term. And it certainly shouldn’t be utilised in isolation. Take the Stuxnet worm attack, for example, which was designed to breach its target environment via an infected USB stick – crossing through any air gap. With malicious computer worms such as this in existence, air-gapping alone is not adequate security.

Aside from the fact that air-gapping systems significantly limits the ability of organisations to leverage the real-time data these systems generate to cut costs, reduce downtime and improve efficiency, many of today’s modern architectures now enable the connection of legacy OT to the internet for the purposes of modern operational command and control. Indeed, 40% of industrial sites have at least one direct connection to the public internet – which puts these OT networks directly in the line of fire when it comes to potential exposure to adversaries and malware.

Getting to grips with complexity

Unfortunately, many of the security solutions designed for the IT world weren’t custom-built to handle the complexities of today’s connected OT environments. That’s because the IIoT devices utilised within OT systems weren’t devised to be integrated with the security monitoring and management tools designed for corporate IT networks.

The implications of this for organisations are profound: they have no visibility of OT network events or assets. And without an enterprise-wide view of all potential risks, vulnerabilities and potential infiltration points, the rapid threat detection and response capabilities of these companies are seriously compromised.

That’s not good news for security teams tasked with protecting IIoT environments from a growing number of threat actors who are targeting the control systems of multiple industries.

Addressing device risks with UEBA

The good news is that efficiently and effectively monitoring OT devices isn’t an impossible task. Typically designed to operate without human action, these devices ‘behave’ in a certain way. For example, they communicate using specific ports, with certain IP addresses and devices, at expected times. These actions can be reinterpreted as ‘behaviour’ and user entity behaviour analytics (UEBA) deployed to increase security monitoring capabilities that can be integrated with security information and event management (SIEM) to perform comprehensive infrastructure monitoring in a truly unified manner.

Rather than spending days or weeks using a legacy SIEM system to manually query and pivot each of the hundreds or thousands of logs per second generated by a single OT control point, UEBA makes it faster and easier to uncover indicators of compromise.

Using analytics to model a comprehensive normal behavioural profile of all users and entities across the entire environment, UEBA solutions will identify any activity that is inconsistent with these standard baselines. Packaged analytics can then be applied to these anomalies to discover threats and potential incidents.

In this way, it becomes possible to systematically monitor the voluminous outputs from IIoT devices, alongside IT devices, to find potential security threats. Other activities, such as device logins, can also be monitored.

Taking an integrated approach to security

As we’ve seen, the limitations of both legacy and modern IIoT, OT and IoT solutions are persistent, but there are steps that companies can take to ensure the integrity of their business operations.

The key here is to avoid a ‘point solution’ approach and instead opt for an integrated solution that combines UEBA with a modern SIEM platform to deliver an enterprise-wide view of IT and OT security. Making it possible to initiate the all-important centralised monitoring that enables the increased detection of threats – including difficult to detect techniques like lateral movement.

With this in place, a single SOC team can leverage the SIEM to ingest and analyse data from all the organisation’s sources and gain a real-time view on all security – including full visibility of all devices in their OT environments.

The author is Trevor Daughney, vice president of Product Marketing at Exabeam

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Surrey leads new £8 million FORT centre for advancing secure networks

Posted on: March 18, 2024

The Engineering and Physical Sciences Research Council (EPSRC) announced that Surrey’s 5G/6G Innovation Centre will lead a new £8 million Centre for Doctoral Training in Future Open Secure Networks (FORT). 

Read more

Protecting assets with LTE, NTN & 5G LPWA

Posted on: March 15, 2024

In this compelling piece, part of the Key Industry Insights Series, Analyst Robin Duke-Woolley of Beecham Research and Kevin Guan of Fibocom, explain how LTE Cat 4/1/1bis/M, NTN and 5G LPWA are working to change the game for protecting goods and supply chains with total, global coverage asset tracking for reduced losses and improved operations

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more