What is OT/ICS network segmentation?

OT/ICS network segmentation is the process of dividing a network into component parts so administrators can limit access and flows to only required communication. 

Core elements of network configuration include:

  • Analysis of current and required flows and connections
  • Design of hardware and configuration rules to enable least privilege access to each subnet
  • Implementation of hardware, software, and configuration rules as designed
  • Monitoring of changes to rules to ensure segmentation is sustained over time

 

OT/ICS network segmentation is challenging for several reasons:

  • Often dealing with older networking equipment without modern management functions
  • In many cases, there is little asset inventory visibility to know what should be on each subnet
  • Networks often have physical wiring or IP-addressing limitations
  • Some communications may only be required in infrequent circumstances, but segmentation needs to account for those
  • Different OEM vendors require different network standards that must be aligned

 

Verve’s team of technicians has over 25 years of experience working across different industries and almost every OEM system. Using the Verve Security Center’s asset inventory and flow analysis, we begin with a robust mapping of the current status. We then use our knowledge of the underlying process and OEM systems to design a secure and reliable approach to network segmentation. Finally, we have the hands-on capabilities to implement the hardware, software and rules necessary to deliver on the newly designed network.

On-Demand Webinar

Applying Network Segmentation to Secure OT Environments

Purdue model, IEC 62443 zones and conduits, SD-WAN and other terms can confuse more than enable and the process of implementing network segmentation in OT systems can be misleading. CISA recommends network segmentation as one of the most effective ways of protecting OT systems and can successfully bridge IT & OT systems.

In this on-demand webinar, you will learn how to:

  • Begin implementing network segmentation in your OT systems
  • Achieve effective visibility of segmentation
  • Gain buy-in with your team and investors
  • Effectively bridge IT & OT systems

Effective Network Segmentation in ICS Security

Effective segmentation requires the right building blocks, technology, and talent along with close partnership with our clients

Read our Data Sheet
Verve Iconography Asset Inventory

Asset Inventory

Asset Inventory creates the baseline to enable proper understanding of what needs to communicate and where segmentation gaps exist.

Learn More
Verve Iconography Engineering 4

Configuration/ Rules/ Flows Analysis

Based on the current state of assets and network architecture, Verve analyzes current and required flows and rules. The result of this is a summary of the baseline and objectives of change.

Learn More
Verve Iconography Automation Design 4

Architecture Design

The next phase includes designing the appropriate hardware and software, as well as rules, configurations, etc. to achieve the desired outcome. This includes elements such as hardware recommendations, necessary cabling, required re-IPing, new rules and configurations, etc.

Schedule a Call
Verve Iconography Scorecard

Implementation & Testing

Our hands-on team programs the necessary hardware and develops the rules necessary to ensure reliability and security. This process includes robust testing and monitoring to tune the final outcome.

Learn More
Verve Iconography Alignment 4

Vendor Agnostic

Verve has experience with all networking equipment vendors and expertise working on almost every ICS OEM system

Schedule a call
Verve Iconography End to End 4

Turnkey

Verve provides support from asset inventory through design, procurement, implementation and documentation

Learn More

Schedule a consultation

If you are curious how network segmentation, design and configuration can accelerate your security maturity, schedule a call with our experts for a free consultation

Book a Call