OT/IoT Security Superheroes: Tackling the Remote Employee Challenge

OT/IoT Security Superheroes: Tackling the Remote Employee Challenge

Organizations around the world are coping with a variety of challenges related to the COVID-19 outbreak. Many companies are struggling to convert their processes from ‘in-office’ to ‘remotely accessible’. And, they’re scrambling to find new ways to “remote” tasks – with “remote” now becoming a verb.

For example, we’ve heard from many customers that adding or expanding remote employee access capabilities is a hot topic. One such customer told us that they went from 9% of their workforce working remotely, to 52%. Wow!  That’s not only a substantial change to operations and processes – it also directly impacts the company’s security posture.

The challenge facing OT security practitioners is daunting. We absolutely must secure the people and systems responsible for saving mankind from an alien super-virus pandemic. But, while the bad guys are lobbing attacks from afar, the good guys are acting behind the scenes like NPCs (non-player characters). They’re bypassing the security systems we developed through years of hard work, like using Gmail or Zoom, or turning off anti-virus, in the name of getting things done.

As a cybersecurity professional, I feel like I’m participating in a new video game or movie (remember Matrix or Jumanji?)! At times like this, I’m reminded of a line from a Robert Frost poem “…no way out but through.” Let’s look at how we can make it through this pandemic with our cybersecurity shields held high.

OT and IoT Security Challenges in the COVID-19 Age

The challenges we’re facing today start with the obvious medical risks and operational disruptions resulting from the coronavirus itself and continue with the struggle to adapt to safe work practices. Many businesses are facilitating social distancing by eliminating face-to-face meetings and in-office hours, splitting shifts, and altering operational layouts, among many other tactics.

Numerous organizations are trying to maintain operations with an entirely remote workforce, rapidly converting processes from ‘in-office’ to ‘remotely accessible’. Overnight, they’ve had to find ways to enable employees’ productivity from home, during the quarantine.

For cybersecurity practitioners, this brings its own set of challenges and risks. First, how to safely implement or expand secure remote access. Second, how to successfully monitor an environment that’s drastically different than it was a month ago.

To make matters even more complicated, many organizations can’t deploy new cybersecurity tools before the remote access project is completed. They’re faced with reducing security, then bolting on monitoring afterwards. Had a more formal project process been followed initially, the remote access strategy would have perhaps better optimized for solving use cases.

In the face of past challenges, we learned how to work with what we had on hand. Today, the floodgates are opening at a record pace and cybersecurity teams are being tasked with using readily available tools to tackle the problem.

And, in case this predicament isn’t hard enough, let’s remember that many security professionals are also tasked with sustaining critical infrastructure like the power grid, water systems, oil and gas facilities and the manufacturing of medicines and medical supplies.

Secure Remote Access Implementation and Monitoring — Made Easy

At Nozomi Networks we’ve been laser-focused on finding new ways to help the world during this unprecedented situation. We’re holding multiple brainstorming sessions each day to strategize on how we can make your lives easier.

To improve security around remote employees, existing customers can take advantage of our integrations with leading remote access solutions from TDI ConsoleWorks and Pulse Secure. With either of these solutions, cybersecurity teams can easily reach across IT/IoT/OT/ICS environments to secure practically any type of remote access required. This includes everything from VPN to client-less Remote Desktop within a browser, and anything in-between.

Plus, asset inventory data sharing between the Nozomi Networks solution and third-party remote access solutions makes it seamless to expand the purview of both solutions. As new objects appear, Guardian understands what it is, where it’s from, why it exists, and monitors all access to the critical infrastructure from those objects. Additionally, when remote access is being granted, the integrated solution leverages the shared asset inventory to make better decisions on the privileges being granted.

This enhanced intelligence makes rolling out or expanding remote access much easier and more secure. The joint solution reduces the demands on cybersecurity teams for both implementing access rights and monitoring cybersecurity.

Secure Access via SSL VPN
The joint solution of Pulse Secure and Nozomi Networks enables the discovery and classification of a vast range of IIoT devices with continuous analysis of the operational environment for potential threats. Pulse Policy Secure enables granular secure remote access based on user identity and role (RBAC).

OT and IoT Security Tools and Training for Enhanced Superpowers

Nozomi Networks is working with OT security professionals around the world to help strengthen their defenses against the emerging COVID-19 themed threats and malware attempting to leverage coronavirus fears for their own benefit.

We’re providing free training, threat intelligence and community tools that specifically address COVID-19-related security threats.

Threat Defense Training and Q&A-We’re offering a series of video broadcasts where our top technical people will provide training and tips on fighting new pandemic-related threats. These sessions will include a live Q&A.
-Registration links for the training sessions are available at the end of this blog.Threat Intelligence-We’ve created a webpage and new GitHub downloads that provide Indicators of Compromise (IOCs), rules, and other information for COVID-19-related cybersecurity threats.
-These resources are being continuously updated with new information.Community Tools-Our free Guardian Community Edition (GCE) uses passive network monitoring to provide visibility to OT and IoT assets. It’s a good starting point for improving cybersecurity for critical systems.
-GCE supports assertions (queries) that check for COVID-19 related IOCs in your network, such as communication with malicious IP addresses and URLs.
-It also helps with remote access security monitoring using assertions that check the number of simultaneous remote connections and generating alerts if the number surpasses a threshold.

For customers, we’ve also making available Guardian queries, assertions and reports that specifically identify COVID-19-themed threats.

Supporting COVID-19 Cybersecurity Superheroes

As you face the daunting challenge of helping your organization re-engineer itself during the pandemic, remember, you ARE a superhero. With perseverance, cybersecurity superpowers and support, we’ll all make it through.

Please reach out to us, let us know what you’re up against, and we’ll work with your organization to find the way through the challenges that lie ahead.