OT security
Operational Technology (OT), whether factories or other infrastructure, is increasingly getting connected, but often lacks behind the IT networks in cybersecurity monitoring. Do any of the following challenges sound familiar?
- Lack of visibility on network assets and missing dynamic tracking of the new assets
- Missing network segregation or no mechanisms to verify the segregation
- Network connectivity has evolved over time and has become unclear
Build visibility into the OT networks in a stepwise approach
It is beneficial to start from identifying the assets and connections first. While an IT-like approach, e.g. attack detection, is useful also in the OT networks, jumping straight to the deep end can lead to noise and false positives.
-
Step 1.
Deploy Instruments like Asset Guard, Beacon and PortDiff for inventorying the assets and connections, hardening and closing the unnecessary services while at it.
-
Step 2.
Once the baseline has been established, use these same Instruments for continuous integrity monitoring.
-
Step 3.
The next step could be systematic log collection with the help of Log Forwarder, or attack detection with the Suricata IDS Instrument.
-
Step 4.
Now you have comprehensive 24/7 detection capabilities up and running. Maybe it's a good time to add Instruments aiding in forensics, such as Netflow collector and Traffic Recorder? They are just a few clicks away.