Reducing Cyber Risk of Connected Operational Networks in the Absence of Physical Isolation
The absence of air gaps = increased risk
Operational technology (OT) networks for essential industries such as Oil & Gas, Pipelines, Electric Generation, Transmission & Distribution, Water & Wastewater, Transportation and Manufacturing are being increasingly targeted for cyberattacks. For these enterprises OT networks are the lifeblood of their organization. But for cyber criminals, OT networks are prime targets, with successful attacks proving to be destructive, destabilizing, and costly.As operational devices and infrastructure become more connected to corporate, cloud, and Internet-connected networks, the previous ‘air gap’ between IT and OT environments no longer exists. This creates risk that can result in substantial financial losses, the disruption of essential services, and possibly affect national security and public welfare.
The need for connection, detection, and response
Air gaps were once the ultimate enabler of ‘security by obscurity’. Since the OT network wasn’t directly connected to other networks, threats were unable to locate and access the network, making remote attack difficult.Bringing previously disconnected OT networks online can help organizations create new efficiencies in areas such as real-time optimization, monitoring and maintenance. Connected OT can enable safer working environments using sensors to detect and prevent equipment malfunctions.
At the same time, OT/IT convergence increases risk, expands the potential attack surface, and creates new pathways into critical infrastructure.
As this reality evolves, a compensating control for the vanishing air gap needs to deliver more than modernized ‘security by obscurity’. The OT/IT boundary must be defended while the OT network requires the ability to dynamically detect threats and respond without introducing the risk of unplanned downtime. This can be especially valuable when monitoring connected vendors and service providers.
OT360™
A compensating control that
exceeds original requirements
PacketViper’s OT360 has the ability to ‘shroud’ or ‘screen’ aging and vulnerable OT network assets that require connectivity to operate effectively. The solution provides multi-context, deception-enabled boundary protection while delivering enhanced threat detection within the operational network. OT360 can also actively defend OT with automated threat detection and response capabilities for both external and internal threats. It turns the tables on threats at the earliest stages of the attack cycle, greatly increasing the difficulty of the attack at initial reconnaissance.
Threat detection is equally effective against known and unknown threats. OT360 uses Decoys, Sirens and Sensors for network obfuscation, threat detection without false positives and the ability to automatically respond to threats. The agentless nature of it makes it ideal for OT/ICS environments.
Beyond traditional perimeter defenses
The static nature of boundary firewalls and unidirectional gateways are not enough to withstand the dynamic nature of today’s cyber threats.OT360 brings the principles of a ‘moving target defense’ to boundary protection, making critical assets almost impossible to discern during reconnaissance.
In the event a threat gets onto the network, OT360 can detect it earlier and reduce dwell time, while actively preventing data exfiltration and command and control communications from being established.
Modernized protection of OT devices without a costly ‘rip and replace’
Properly functioning OT networks frequently push the limits of aging devices as manufacturers announce impending end of support timelines and as technologies approach their end of useful life. This forces security teams to consider the risks between the cost of upgrades versus the cost of unplanned downtime if aging and vulnerable control systems are attacked and compromised.Figure 1 below illustrates a traditional IT/OT air gapped approach. Figure 2 illustrates an IT/OT network connection that has the OT network obfuscated through deception. Furthermore, within the OT network deceptive artifacts can be deployed across individual segments making the actual OT assets difficult for threats that make it onto the network to discern. Also, by providing network activity and connection context, OT360 enables real-time vendor behavior monitoring and policy enforcement at the boundaries and within the network.
Figure 1. Traditional IT/OT physical separation via air gapping
Figure 2. Deceptive shrouding of the connected OT network with detection and response capabilities
Building trust
OT360 can evolve from mirror mode to in-line security. When placed inline, customers can act on threats directly from the solution, up to and including blocking. Operating inline the solution can also harvest and apply new machine-readable threat intelligence (MRTI) at wire-speed. OT360 provides a proactive way of detecting and identifying threats to your external and internal networks before they become a full-fledged attack.Deployment options can be on a purpose-built appliance, in a virtual instance, or through AWS or Azure. Either way, from a basic initial setup and deployment to ongoing active threat hunting and dynamic deception campaigns, operators can achieve desired security outcomes.