Uncovering the hidden risks in your ICS network
Imagine trying to secure a facility without knowing what’s inside. That’s the challenge many industrial organizations face when it comes to cybersecurity. In the world of Industrial Control Systems (ICS), a robust cyber security program begins with a fundamental question: What exactly are we protecting?
ICS cyber security isn’t just about firewalls and intrusion detection. It starts with a comprehensive understanding of your digital landscape. But how do you build this understanding? And why isn’t a simple list of hardware enough?
We’ll uncover why these OT security challenges are difficult to solve and explore actionable strategies to fortify your OT security program.
Subscribe to our newsletter to stay in the loop with the latest OT cyber security best practices.
The limitations of passive anomaly detection tools
Gathering an accurate asset inventory is a big enough challenge that many well-intentioned ICS security practitioners attempt to use passive anomaly detection tools to gather some form of inventory. But using a cyber security monitoring tool to detect new operational systems brings two challenges: coverage (collecting all assets in scope) and level of detail.
Not thorough enough for IT/OT asset inventory management
Passive anomaly detection tools require a certain level of infrastructure for the deployment of the sensors. This is challenging if you have a well-designed and segmented network or if you have long haul (SCADA) locations with limited bandwidth.
Because passive tools require assets to communicate through a monitoring point, you need to pay for and deploy sensors on every piece of communications equipment in your network to connect to all assets. You also need to consider that serially-connected (or non-networked) segments will never appear in your asset inventory.
Passive anomaly detection tools do not provide comprehensive coverage to account for all OT assets in your network.
Lacking critical asset details
To define an asset inventory you must ask if it is enough to have a list of IP addresses and basic information (i.e., Cisco ASA vs Dell HMI). Or, is a richer set of data required for assets that don’t transmit? For passive tools, if the asset does not transmit specific data, you won’t ever get that data.
Industrial asset details such as installed software, version, and history, is valuable. Missing patches, security risks (compared to the National Vulnerability Database), users, groups, shares, services, and ports, are all key components of analyzing an asset and its relative risk to operations.
This deep and broad asset inventory acts as the foundation to true endpoint management and security. Having this kind of inventory at your fingertips significantly reduces cost and time.
Non-technical challenges in the cyber security industry
Our research across several studies shows that the top five list of non-technical challenges found in cyber security was:
- OT cyber security governance
- Staff training/issues, and security awareness
- Business continuity plan (especially with limited budgets)
- Third-party management
- Incident response planning
The biggest hurdle to fixing these cyber security challenges is gathering specific asset context to make meaningful improvement and prioritize tasks. This is why the Verve Security Center adds risk context and criticality to an asset record. Is this asset critical to my operations or safety? Is it a legacy device? Who is the owner, where is it located, and is it redundant?
The asset context questions manage realistic discussions about governance, business continuity, and incident response for OT leaders.
For example, say a remote desktop vulnerability emerges and you have an agent-based security solution that can quickly aggregate asset data into a single report to shows which assets by type, region, owner, criticality, or OS type (lab or field-based) were affected. With this insight, you can effectively and efficiently assess and prioritize remediation action.
Watch on Demand:
Building the Foundation with Asset Inventory and Assessment
Industrial organizations face mounting pressure to secure OT systems against cyber threats and meet regulatory compliance. A comprehensive OT asset inventory is the critical first step in building an effective cybersecurity program, regardless of your current security maturity. This on-demand webinar offers insights on achieving complete asset visibility, overcoming data collection challenges, and setting up a robust, adaptable security strategy.
Why IT/OT asset inventory management is the foundation of a cyber security program
For industrial organizations looking to increase cyber security posture, asset inventory management is the right place to start. But the most effective asset inventory tools are the ones that work as a foundation to propel your overall cyber security journey.
This robust foundation for OT/ICS security requires real-time visibility into the following that live in your network:
- All hardware
- Software
- Users
- Accounts
- Patches
- Vulnerabilities
- Network device configurations
- Windows settings
- Embedded device backplanes
- Status of various security elements such as application firewalls, whitelisting, antivirus,
Identify, Protect, Detect, Respond and Recover from a single platform to feel in command of your operations when time and information is on your side. Leverage an automated asset inventory to increase the efficiency and cyber security maturity of your industrial environment by centralizing all endpoint asset data into one vie