According to Sun Tzu in The Art of War,1 it’s a military principle not to advance uphill against the enemy, nor oppose him when he comes downhill.
For those watching the OT security landscape, there’s no shortage of battles to discuss. Two that stand out for me are the recent SolarWinds and Exchange Server hacks. While the incidents were quite different, there are many similarities that should raise concern for defenders.
Each one involved hundreds or even thousands of nation-state hackers tasked with breaking through the security of thousands of companies and government systems. Both exploits serve as stark reminders that as OT security defenders, we face an uphill battle against adversaries willing to burn the tech ecosystem and create billions of dollars in damage in exchange for short-term, small and ill-gotten gains.
In my role as cybersecurity technologist, I’ve seen firsthand that those who invested early in cybersecurity are much better prepared to launch a quicker, cheaper and more effective response to incidents.
We all know that it’s fairly simple to determine whether an enterprise was exposed to either SolarWinds Orion or Exchange Server vulnerabilities. But determining whether the vulnerabilities were leveraged by the attackers to implant other backdoors for later use, move laterally between IT and OT systems, or impact the business or industrial process is a much larger challenge. So is understanding how to extricate attackers, and monitoring for their return.
Organizations with a mature cybersecurity posture are more resilient to these incidents. They’re able to navigate the previously mentioned challenges more easily than those who waited until an incident occurred before investing in cybersecurity defense.
How Cloud-Based OT Security Tools Level the Playing Field
The Sun Tzu Book 7 rule cautions against fighting an uphill battle – the exact situation security teams find themselves in after a cyberattack has occurred.
Rather than fighting back post-breach, it’s way more effective for security defenders to level the playing field pre-breach. Cloud-based OT security solutions are uniquely able to do that. Here’s how:
Establish a Higher Level of Cyber Resilience
In times of crisis, having critical information at your fingertips in both the cloud and on-premises ensures that your teams maintain a high degree of situational awareness … as attacks unfold and as recovery plans evolve.
Recovery efforts might involve a disconnect from the internet altogether, a disconnect on part of the network, or a full shutdown of the facility. In every scenario, operators will have access to the relevant data and tools needed to perform their duties, no matter where they are, even while working remotely.
A cloud-based security platform gives operators the context needed to understand the impact of an attack across all parts of their enterprise. For example, they could see it affecting one or two specific factories, but not the other hundred. With instant visibility into all actions the attackers have taken, defenders can scope the damage and make fast decisions on the best way to maintain operations while in the midst of an incident.
Get 360-Degree Visibility Within a Single Pane of Glass
Cloud-based OT and IoT security provides a single pane of glass from which to view the entire cybersecurity landscape. This allows defenders to quickly assess what’s going on across the organization. For example, with separate views, a threat hunter needs to run a query within each Central Management Console (CMC). If one hundred facilities each contained one CMC, the threat hunter would need to duplicate efforts for each instance. With all data consolidated in the cloud, a single query can be used to gain visibility into all assets, all CMCs, and all Guardian sensors.
Access to Historical Data is Critical for Disaster Recovery
Security professionals need access to information that explains what happened when a facility is offline or unreachable. Or, if a kinetic incident occurs, like a fire or an earthquake that destroys data, having a copy of that data in the cloud is extremely beneficial. It is also particularly useful in heavily regulated environments where detailed records are key to maintaining compliance (FDA CFRs, NIST, etc.).
Enable Your Allies
You have many allies in the fight against cybercrime – those who contribute to your supply chain, manage systems, and provide services. These partners – and particularly their cybersecurity analysts – need access to your systems. Opening up every factory or network to them can be avoided by using a cloud-based permission-controlled console.
This allows your allies to securely access the data they need, without exposing any of your networks. Cloud-based OT security platforms enable a SOC to go global in minutes. Smaller organizations without the resources for a SOC can work with a partner to fill this need without sacrificing security.
Scale Faster and More Effectively
By leveraging the inherent advantages of cloud computing, such as autoscaling and automation, SaaS-based OT security offers unprecedented scale in the of number of devices, networks and facilities it can monitor. There is no need to go through hardware sizing activities, or maintain the underlying technology needed for large scale rollouts. Cloud-based security platforms remove the limitations imposed by traditional hardware.
Get Quicker Time to Value
Cloud-based OT and IoT security can significantly reduce the complexity of deployments and the overall footprint of the solution. This allows customers to deploy less, manage less, and use the technology faster. In the long run, this results in a lower TCO and improved security investment ROI.
Evolve Your Security Strategy to Meet Evolving Threats
When attackers go after a target protected by state-of-the-art defenses, they’re the ones facing an uphill battle.
Building cyber resiliency before an incident happens is key to establishing a defensive lead. And when it comes to gaining ground, SaaS-based OT security solutions provided the much-needed advantage.
In this respect, Nozomi Networks Vantage is leading the charge. Vantage leverages the power and simplicity of software as a service (SaaS) to deliver unmatched security and visibility across your OT, IoT, and IT networks. It gives defenders the tools and visibility needed to prepare for an attack, before it happens. It not only limits an attacker’s ability to succeed, it provides the insight needed to get back to business quickly.
If you’d like to find out how the Nozomi Networks Vantage platform can help you level the playing field, watch the on-demand webinar below or request a personalized demo.
