Manufacturing security: Bridging the gap between IT and OT

Similar documents
Segment Your Network for Stronger Security

Cisco Industrial Network Director

Cisco Industrial Network Director

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Trends and Challenges We now live in a data-driven economy A recent Gartner report discussing NetOps 2.0 stated, NetOps teams must embrace practices a

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Cisco Connected Factory Accelerator Bundles

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Mobile County Public School System Builds a More Secure Future with AMP for Endpoints

Compare Security Analytics Solutions

Network Visibility and Segmentation

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Symantec Security Monitoring Services

Infoblox as Part of the Ecosystem

TS Advantage Feature Quick Reference Guide

Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

CA Security Management

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

SIEMLESS THREAT DETECTION FOR AWS

SIEM: Five Requirements that Solve the Bigger Business Issues

Best Practices in Securing a Multicloud World

User-to-Data-Center Access Control Using TrustSec Design Guide

THE TRIPWIRE NERC SOLUTION SUITE

Industrial Defender ASM. for Automation Systems Management

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Enhanced Threat Detection, Investigation, and Response

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

McAfee epolicy Orchestrator

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

ForeScout Extended Module for Splunk

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Office 365 Buyers Guide: Best Practices for Securing Office 365

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Cisco Start. IT solutions designed to propel your business

A Comprehensive Guide to Remote Managed IT Security for Higher Education

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cisco Ransomware Defense The Ransomware Threat Is Real

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Medigate and Palo Alto Networks Integration

Security-as-a-Service: The Future of Security Management

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Prestigious hospital. Outdated network.

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

RSA INCIDENT RESPONSE SERVICES

Cognizant Cloud Security Solution

Cisco Technical Services Advantage

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Reducing the Cost of Incident Response

Mobilizing Your Workforce for Success

THE ACCENTURE CYBER DEFENSE SOLUTION

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

AWS Reference Design Document

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

GDPR: An Opportunity to Transform Your Security Operations

Continuous protection to reduce risk and maintain production availability

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

SANS SCADA and Process Control Europe Rome 2011

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Traditional Security Solutions Have Reached Their Limit

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

RSA INCIDENT RESPONSE SERVICES

CloudSOC and Security.cloud for Microsoft Office 365

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Cisco Network Assurance Engine with ServiceNow Cisco Network Assurance Engine, the industry s first SDN-ready intent assurance suite, integrates with

McAfee Endpoint Threat Defense and Response Family

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

SIEMLESS THREAT MANAGEMENT

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Cisco CloudCenter Solution Use Case: Application Migration and Management

T22 - Industrial Control System Security

The threat landscape is constantly

How CyberArk can help mitigate security vulnerabilities in Industrial Control Systems

Sustainable Security Operations

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

TRUE SECURITY-AS-A-SERVICE

CA Host-Based Intrusion Prevention System r8

playbook OpShield for NERC CIP 5 sales PlAy

BETTER Mobile Threat Defense (BMTD)

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

Cisco Security Enterprise License Agreement

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

SECURITY SERVICES SECURITY

Cisco Collaborative Knowledge

Stop Threats Before They Stop You

An Investment Checklist

Transcription:

Manufacturing security: Bridging the gap between IT and OT

For manufacturers, every new connection point is an opportunity. And a risk. The state of IT/OT security in manufacturing On the plant floor, as connectivity increases, so does complexity and so do security concerns. Every new asset you put on the network is another security consideration, and another risk that requires monitoring. In many plants, the increasing number of assets is making it difficult to see security context and truly understand the network at any given moment. Organizations lack the ability to identify what even just normal network activity looks like. When abnormal conditions arise, that means they have no baseline for comparison making it difficult to identify threats. At the same time, the manufacturing industry is becoming an increasingly alluring target for cybercriminals. Again, because of all those assets. Each one is a potential entry point. With so many devices at their disposal, cybercriminals are using ransomware to extract money from manufacturing organizations. Plus, many manufacturers are operating with aging assets and equipment. Having originated in a time far removed from today s threats, this equipment wasn t designed to guard against complex, high-tech cyberattacks. And that leaves the IT/OT staff to pick up the slack. Why can t they see the network? Since industrial control system (ICS) environments consist of many types of equipment operating with many different Industrial Internet of Things (IIoT) protocols, getting a centralized view is difficult, if not impossible. The greater scope of asset types and ages presents challenges that traditional IT environments don t encounter. 2

To prevent issues, OT needs to take ownership of cybersecurity. But IT holds the keys and expertise. Today s cybersecurity challenges for OT Manufacturing operations are changing and becoming more and more connected. It s unlocking new levels of productivity and profit for the industry. Since OT professionals are expected to be the experts about what makes plants run, they must change too. And, indeed, OT teams are becoming more skilled at networking and plant connectivity. But many OT professionals do not have sufficient training or education in cybersecurity necessary to manage the nuances and pitfalls of combatting advanced ransomware or other kinds of evolving threats. Thus, plants find themselves in an awkward position: one where OT teams depend on IT staff that may not be local to the facility to ensure security and manage connected operations. Even though many IT teams often aren t familiar with the complexities of plant operations and manufacturing technologies. Because of disparate systems and compounded by the physical or virtual gap OT teams often have limited visibility into IT security policies. As OT teams make control system changes, they can accidentally violate IT security policies, potentially leading to an attack or to unplanned downtime. What does OT need? When it comes to ensuring continuous operations, OT teams need to be more self-reliant. And that includes security. Without visibility into the network, they can t understand activity or identify anomalies. And without the ability to manage and apply security policies, they re too dependent on IT slowing down responses, creating confusion, and impacting productivity. Of course, IT teams need to stay in control too. They re the cybersecurity center of expertise for most organizations but in manufacturing, they can t do their job effectively without OT s help. 3

With Cisco manufacturing security solutions, IT stays in control. But OT teams get what they need, too. By combining Cisco Industrial Network Director (IND), Cisco Identity Services Engine (ISE), and Cisco Stealthwatch, Cisco delivers comprehensive security solutions that are built for the needs of both IT and OT teams. These solutions do two critical things that help bridge the gap between IT and OT: 1. Deliver visibility into assets on the network and give the OT team a centralized view of network activity, so they have a better idea of both normal and abnormal activity. 2. Enable IT to pre-define security policies and dynamically assign them based on input IO PLC and intent from the OT team. DRIVE CONTROLLER Cisco Industrial Network Director (IND) Modbus CIP PROFINET BACnet INDUSTRIAL ASSETS Provides OT with a userfriendly network monitoring solution Allows OT staff to call down security policies by signaling the intent of what they re trying to do OT VISIBILITY IND pxgrid Cisco Identity Services Engine (ISE) IT ISE Enables full IT control of access to critical assets Empowers IT to create security policies that are dynamically applied to plant floor assets based on signaled OT needs Enforcement policies dacls or SGACLs IP to SGT mapping pxgrid CONTEXT IE Switching CONTEXT Stealthwatch TrustSec micro segmentation CONTEXT NGFW Context-based host groups Cisco Stealthwatch Monitors and analyzes network traffic to assist in policy creation Rules defined in firewall with SGTs Helps speed threat detection and remediation Connected via pxgrid connector 4

CISCO INDUSTRIAL NETWORK DIRECTOR Cisco Industrial Network Director is a network management solution that s built for OT departments. Cisco IND provides operations teams with an easily integrated system for user-friendly network monitoring. It enables OT teams to see a full view of their network topology so they better understand what s normal and what is cause for concern. Users of Cisco IND gain full visibility and control of the industrial Ethernet infrastructure in the context of connected devices and network infrastructure. Cisco IND can automatically discover devices that use common industrial protocols such as CIP and PROFINET to enable a dynamic, integrated view of connected devices and network infrastructure. Connection with Cisco ISE via Cisco Platform Exchange Grid As OT workers go about their day and manage asset connectivity, Cisco IND interfaces with Cisco ISE. OT staff can input their intent such as connecting a device to a remote vendor and Cisco ISE dynamically applies the correct security policies for the scenario, based on previous IT policy definition. It s all enabled by Cisco Platform Exchange Grid (pxgrid), our open and scalable platform that enables multiple security solutions to seamlessly share data and work together. BENEFITS Enable operations to dynamically assign IT-defined security policies as needed: Simply group and tag assets as needed and signal intent over pxgrid to pull down predefined policies from Cisco ISE See industrial network activity: Helps operations teams gain full visibility of network and industrial assets with real-time monitoring Simplify integration and discovery: Unifies industrial endpoints such as programmable logic controllers, IO, HMI, drives, and more into a single view; rich APIs enable connection to other systems as well Apply enterprise security techniques to the plant floor: Enables Cisco security capabilities such as TrustSec micro segmentation, context-based host groups, and Security Group Tag-based firewall rules to be used on the industrial network 5

CISCO ISE Cisco ISE is a powerful tool for controlling access to connected plant floor assets. Cisco ISE gives your IT department the ability to set and enforce access policies for your entire network topology. As operation teams work, Cisco ISE works in conjunction with Cisco IND to allow them to assign pre-set security policies for industrial assets, based on definitions previously made by the IT team. It does far more than that, too. Cisco ISE allows IT to control access for remote experts or vendors, so they can get the information they need without risking security. Segmentation, containment, and remediation functionality ensures a rapid, accurate, and effective response to network threats. 6

CISCO STEALTHWATCH Cisco Stealthwatch is a scalable visibility and analytics solution. To set effective security policies, the IT department needs to be able to understand what both an average day on their network looks like and what a very unaverage day looks like. Cisco Stealthwatch provides the deep network visibility and analytics that IT teams need to build the best possible security policy strategy and to keep up to date on network activity. Plus, Cisco Stealthwatch provides up-to-the-second threat intel, faster threat detection, and enhanced threat forensics. When anomalous traffic is detected, IT teams can quickly get to the bottom of the issue by leveraging audit histories and threat forensics. Integrated segmentation features allow for safer network designs and can help prevent infections from spreading. 7

Use cases Empower OT while keeping IT in control of security WHAT YOU CAN DO: Allow IT to define security policies that dynamically apply themselves based on OT s intentions and input. WHY IT S IMPORTANT: OT needs to be able to take ownership of security to ensure continuous operations, but requires IT expertise to do so. Provide a full view of industrial network topology for OT WHAT YOU CAN DO: Create a centralized network view so that OT can stay abreast of conditions and deep dive into individual assets. WHY IT S IMPORTANT: OT needs better context around security to successfully enforce it. Segment networks WHAT YOU CAN DO: Create discrete network zones within your overall topology that restrict access and prevent infection. WHY IT S IMPORTANT: Cybercriminals are looking for any entrance point they can find. For example, one case of the WannaCry ransomware attack in May 2017 started from a single workstation that was connected to the network at large. Segmentation helps to prevent infections from spreading too far. Enable remote access WHAT YOU CAN DO: Enable secure, remote access to securely bring in remote expertise such as contractors and vendors to help solve issues, apply patches, and more without needing to involve IT in every incident. WHY IT S IMPORTANT: Allowing OT to enable access to select assets for third-party organizations helps increase agility and ensure continuous operations. 8

It s time to give OT teams the tools they need. Cisco manufacturing security solutions enable manufacturing organizations to empower OT with the ability to apply security policies and understand security context while IT remains in ultimate control. Combining Cisco ISE, Cisco IND, and Cisco Stealthwatch, our solutions enable a real-time view of your entire network topology, with alerting, segmentation, and more. So both IT and OT stay informed of what they need to know to ensure continuous operations. It s all built on technologies that are familiar to those in the enterprise IT world increasing usability and preventing the need for a multivendor security solution. Learn more today at cisco.com/go/ind 2018 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback