The basic features of OT architecture
In the previous blog, we zoomed in on network segmentation and the layering of security measurements according to the Defense in Depth method, which are both important factors in creating a secure network environment. In this third and – for now – last blog, we will focus on three additional important features that will help you to create a more secure architecture: non-intrusive monitoring, asset inventory and threat detection/vulnerability scanning.
When it comes to OT environments, there are two big focus points: uptime and availability of the systems. Therefore, a monitoring solution cannot have any impact on the workflow or processes of the business. We absolutely must prevent slowing down the industrial process, because this could lead to losses in productivity and ultimately cause problems for the operational processes within the organization. The goal is to have a passive and non-intrusive monitoring solution that can be beneficial for the company and the employees. The benefits are twofold:
- The solution can detect devices operating within your network and notify you if a problem arises.
- The solution can identify network and endpoint vulnerabilities which might harm the system if left unhandled.
This way, the organization is able to detect problems with devices before they happen, and plan maintenance accordingly without causing any disruption to the system.
Having an accurate and complete view on the network and all connected devices and components in it, provides valuable information to assure security of the network. It speaks for itself that asset inventory is an important feature for the security of both your OT and IT systems.
The feature scans the network and tells you exactly which components are in your network, where they are located and how the communication between the devices happens. Having a clear view on all the assets in your network is not only valuable for security reasons, but also to make sure every device is patched and none is forgotten. The latter could make an organization more vulnerable to attacks.
Threat detection and vulnerability scanning
The detection of threats, the identification of potential vulnerabilities, and the continuous scanning for weaknesses cannot be overlooked when we talk about the complete security of an OT network. Whether it is a human-related or a malware-based problem, potential risks need to be handled in an efficient way to limit the impact on industrial operations.
Examples of vulnerabilities that are commonly present in OT networks are:
- Unauthorized remote access connections
- Rogue or undocumented devices
- Vulnerable device
- Weak firewall rules
This is just a short list of examples. Penetration testing, on top of vulnerability scanning, will give you a better picture of the current state of vulnerability management, and it can pinpoint improvement areas to better protect your network.
While penetration tests are more of a point-in-time view of the current environment and its known vulnerabilities, is vulnerability scanning more of an ongoing and continuous process.
Both principles combined can offer you the best insights and learnings.
How can we support you?
At SpotIT we offer extensive penetration testing to give you a better view on your current vulnerability state. The key learnings make it possible for you to work on improvement areas and guarantee better protection of your network and environment.
Next to pentesting, you can count on us for non-intrusive monitoring tools, which can be integrated in our NOC and SOC.
Please don’t hesitate to contact us to set up an appointment and discuss your security policies and measurements more in-depth.
If you require more information on one of the above topics, please let us know!