Total visibility.
Focused Protection.™
The Evolving IT–OT Landscape
In order to achieve operational efficiencies, OT environments have become increasingly connected to both corporate IT networks and the public internet. Supply chain optimization, process optimization, centralized management and globalized production are some of the key and inevitable drivers for connecting OT; but change has both exposed once–isolated environments to external threats and opened new attack vectors to traditional IT.
With the potential for exposure and the criticality of services at stake, it’s no wonder OT networks have become such an attractive target to adversaries.
OT environments have typically focused on managing operational risk to maximize availability and reliability. As such, the objectives of IT teams in charge of cyber risk management have not aligned with those of engineers overseeing OT systems and devices. Additionally, many of the technologies on which IT security relies, such as active vulnerability scanners, can’t be deployed within the OT network. There are also impediments to patching, and often infrastructure that is not known or cataloged.
Skybox integrations with leading OT security platforms give organizations with ICS and SCADA systems a way to gain crucial visibility across the hybrid IT–OT environment to:
• Understand reachability between networks and network zones
• Contextualize risk and effectively plan remediation
• Proactively reduce risk to safeguard the organization without sacrificing uptime
HYBRID IT-OT
Business Brief
NETWORKS WITH SKYBOX SECURITY
SECURING
2
Securing Hybrid IT-OT Environments | Business Brief
Challenges in OT Security
Legacy Technology
OT is rife with legacy technology, sometimes decades–old. In comparison, IT generations are much shorter, making it hard for inherent OT defenses to keep pace with the ever–evolving security and threat landscape. And, due to the need for continuous uptime of OT infrastructure, it’s not always operationally possible to maintain the environment’s security in the same was as traditional IT networks.
Outdated Systems
The age of many OT systems means that it’s common for portions of the technology to be running on outdated operating systems — sometimes with no updates available — leaving them vulnerable. Additionally, IT assets within the OT network often run outdated systems with known vulnerabilities that may not have the vendor support to fix them (e.g., Windows XP).
Convergence With IT
As OT connects with the corporate network and the internet, issues such as malware, IT vulnerabilities and malicious insiders all need to be considered. In addition, as OT systems become smarter and more IT–enabled, OT engineers are tasked with adding IT knowledge and security expertise to their already full and distinct workloads. Conversely, IT teams aren’t typically well–versed in OT systems, concerns and protocols.
Organizational Challenges
Because IT and OT each have different teams, technologies, processes and objectives, it is difficult to create and maintain security architectures that meet the needs of both groups. This security management disconnect creates “cracks” through which attackers can covertly slip into an organization.
Limited Visibility and Insight
Finally, propriety protocols in OT make it difficult, if not impossible, for IT solutions to map the attack surface. IT security solutions, for the most part, have not been adapted to work in OT environments. For example, active scanning of the OT network is generally prohibited, leaving these areas in the dark in terms of vulnerability identification, risk awareness and proactive threat protection.
Historically, OT networks have been exclusive to critical infrastructure and manufacturing organizations.
But with the advent of smart buildings, more organizations are finding themselves connecting OT and corporate networks, with limited insight to the risks they share.
SKYBOX OT SECURITY INTEGRATIONS
3
Securing Hybrid IT-OT Environments | Business Brief
Azure Test
VPN Partner
Partner
Los Angeles
London
OT
App DMZ DB App
Internet
PRIVATE CLOUD
Finance
AWSCustomers
AWSProduction
AWS
Microsoft Azure
Azure Production
Development
ON PREMISES
VPN
AWSDevelopment
OPERATIONALTECHNOLOGY
VMware NSX
PUBLIC CLOUD
Azure Production Azure Test
VPNVPN IPS
VPN Partner
Partner
Los Angeles
VMware NSXVMware NSX
London
OT
AWS
Microsoft Azure
AWSCustomers
AWSProduction
AWSDevelopment
AWSDevelopment
App DMZ DB App
Internet
ON PREMISES
PRIVATE CLOUD
Development Finance
OPERATIONALTECHNOLOGY
PUBLIC CLOUDPUBLIC CLOUD
Web Server
FIG 1: A representation of the Skybox model encompassing onprem, public and private cloud and OT environments — their topology, security controls and assets
The Skybox Solution
Skybox for OT™ gives organizations with hybrid IT–OT environments the comprehensive visibility they need to ensure security and compliance standards are met throughout their networks and that risks are systematically reduced and operations run smoothly.
Skybox provides the broadest set of out–of–the–box integrations with enterprise technology. It passively collects information from your networking and security solutions to centralize data and establish a single source of truth. Combined with data collected from OT security management systems, Skybox builds this data into a model of your hybrid environment, giving comprehensive and indepth visibility to your traditional IT, cloud and OT networks.
Visibility, contextual intelligence and analytics–driven automation lets you see and understand where your biggest risks lie and streamlines processes to eliminate risks or quickly respond to attacks.
A Unified IT-OT Network Security Solution
• Highlight an organization’s full attack surface, including vulnerabilities in both the OT and IT network to determine potential attack path exposures
• Analyze network paths end to end — between and within IT and OT networks — to improve access and configuration compliance and secure firewall change management
• Provide visibility of significant risks (e.g., zero–day vulnerabilities based on the PLC firmware version, or a critical pivot point such as an OPC workstation that has a WannaCry vulnerability)
4
Securing Hybrid IT-OT Environments | Business Brief
About Skybox Security
Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 130 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world’s largest organizations.
www.skyboxsecurity.com | [email protected] | +1 408 441 8060
Copyright © 2019 Skybox Security, Inc. All rights reserved. Skybox is a trademark of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. 04262019
WHERE TO START
To learn more about how Skybox can assist with securing your hybrid IT–OT environment, download our whitepaper or visit our website.
• Identify key compliance issues (e.g., a dual–homing engineering station with interfaces to both the OT and IT networks that has created a bypass, or that a new communication path exists from a PLC to an unknown host, or a violation of Critical Control #10 of the NERC CIP standard has occurred)
• Enable cross–organizational processes such as proactive defense planning, automated compliance reporting, vulnerability management, incident response, security monitoring, exposure analysis and more
Key Business Benefits
• Gain comprehensive visibility of your organizations attack surface in a single view
• Decrease security risks in missioncritical OT networks and limit the potential for downtime or damage
• Confirm effective controls without disruption to maintain continuous compliance and steadfast security
• Improve collaboration and alignment between security and OT teams
• Simplify and reduce costs of operational processes
Top Related