As the saying goes, security leaders cannot protect what they cannot see. But seeing all devices in the world of critical infrastructure systems and operational technology (OT) is more challenging than in the case of enterprise IT.
Industrial environments do not deal simply with computers and web servers. From smart pumps and robotic arms to automated lighting systems and employees’ smartwatches, there is an array of devices that cannot be managed with traditional IT security tools.
With IT/OT convergence and the rise of the Internet of Things (IoT) and even the Industrial Internet of Things (IIoT), the number of devices connected to industrial companies’ networks is continuously growing. A study from GSMA Intelligence forecasts that IoT connections will reach nearly 25 billion worldwide by 2025, up from 10.3 billion in 2018. The GSMA report also indicates that smart manufacturing will be the fastest-growing segment.
Industry 4.0 initiatives drive the convergence of IT, OT and IoT devices, enabling data-driven decisions, increased operational efficiency, and cost savings for organizations. More digital assets also contribute to expanding the attack surface on industrial environments.
Traditional enterprise IT devices, such as PCs and servers, can be monitored through endpoint solutions because they can have security agents installed. However, ICS, OT and IoT devices do not take agents and are therefore unmanageable from a traditional security perspective.
OT and IoT devices might be connected directly to the internet via Wi-Fi. They might also be daisy-chained to other connected devices via protocols such as Bluetooth.
Examples of OT devices include programmable logic controllers (PLCs), human-machine interfaces (HMIs), barcode scanners, robotic arms on a production line, smart forklifts, and more.
The list of IoT devices is extensive. Some popular examples include:
A study commissioned by Armis suggests that 90% of the devices in industrial environments are unmanaged. Those assets are an easier target for cyberattacks, as the threats against critical infrastructure and manufacturers are on the rise, especially in the form of ransomware.
Bring your own device (BYOD) trends, in which employees are allowed to use personal devices to connect to corporate networks, and the adoption of cloud and virtual machines create even more blind spots.
Security teams need to identify activity and risk within managed and unmanaged devices, as well as cloud, multi-cloud, and hybrid environments. Here are some of the asset management problems in the industrial world:
Such is the importance of visibility for effective cybersecurity that the Center for Internet Security (CIS) makes it a starting point for its CIS Controls. Currently in version 8, this framework offers a set of actions to secure companies and their data from known threats.
CIS Control 1 is precisely about the inventory and control of enterprise assets. With continuous asset discovery, security teams can identify unauthorized assets to remove from the network or remediate. CIS Control 2 deals with all software assets, such as operating systems and applications. This type of asset inventory helps to identify unauthorized and unmanaged software and prevent them from installation or execution.
There is an increasing need for OT and IT teams to work closely together – especially now with the dissolution of the air gap that used to separate the ICS network from enterprise IT.
Highly publicized cybersecurity breaches affecting OT have started on the IT side of the house. The WannaCry malware, which spread through computers operating Microsoft Windows, has caused manufacturing disruptions across the world, as in the example of the chipmaker TSMC and Renault factories. LockerGoga, another ramsonware targeting Windows, led aluminium maker Norsk Hydro to temporarily halt production and suffer losses of over $40 million.
As Gartner notes in its Market Guide for Operational Technology Security, recently observed tactics include the use of spear phishing to get initial access to the IT network before moving to the OT network. An effective cybersecurity strategy needs to offer device visibility across both IT enterprise and the factory floor. In other words, the security solution needs to work with all assets, both managed and unmanaged.
Enter the Armis Agentless Device Security Platform. When deployed, our solution discovers all assets in your environment and performs a risk assessment to identify all vulnerabilities and threats. This information is crucial to developing a plan to mitigate exposure.
Organizations don’t know what they have in their networks. In many cases, they get surprised by our findings. Here are some examples of vulnerabilities discovered by Armis:
Thanks to the breadth, depth, and accuracy of our asset inventory and device discovery, our customers say that they see 50% to 70% more devices after deploying Armis.
The Armis platform works with all devices because it is agentless. That means that it does not require any hardware installation or network changes. No intrusive probes are performed either because it is a completely passive solution.
The Armis platform discovers, identifies and classifies all devices connected to your network or in your airspace, generating a rich data repository, including:
Our platform analyzes traffic and device behavior, including device-to-device behavior and data transmissions via wireless protocols such as Bluetooth and Zigbee. Examples of risks might include manufacturer reputation, malicious domains visited, and software vulnerability history. The Armis platform knows:
Our solution is able to identify anomalies and take action because it understands the context of each device thanks to our Device Knowledgebase – the largest in the world, tracking over 1 billion devices.
Asset discovery is the first step to a successful cybersecurity strategy in the Industry 4.0 era. Security teams need to know what they have across the operational and enterprise environments in order to manage both OT and IT assets.
Organizations also need to identify when devices behave unexpectedly, which might indicate they are compromised. The Armis platform calculates a risk score for each device, helping your team prioritize vulnerabilities and take proactive steps to minimize your attack surface.
Real-time monitoring of assets and traffic is crucial to active threat discovery. Passive monitoring ensures that your network, systems and devices are continuously tracked without disruption.
Organizations also need real-time policy enforcement and automated remediation to isolate devices, trigger alerts and initiate software updates. The Armis platform can automatically generate segmentation policies to reduce exposure to threats.
To see what the Armis Agentless Device Security Platform can find in your industrial environment, request a risk assessment.
Check out all IT OT Convergence Playbook Chapters:
Sign up to receive the latest news