Keysight Strengthens Their Production Line Defenses

The Customer: Keysight Technologies

Keysight Technologies is a global test and measurement equipment manufacturer with over 20,000 employees. Their headquarters is in the United States, but they have a global presence, with manufacturing sites in North America, Asia and Europe.

How Does a Global Manufacturer Maintain a Real-time Asset Inventory Across All of Its Facilities?

There were several factors that led Keysight Technologies to look for a solution. First, with OT cyberthreats on the rise, relying on traditional enterprise security controls for the OT environment was no longer sufficient and posed a significant risk to Keysight Technologies’ overall business. They wanted to identify ways that the existing Security Operations Center (SOC) could be leveraged to protect the business’s operations and supply chain from cybersecurity risk. Because they wanted to leverage existing security tools in their SOC, IT and OT networks, it was crucial that the OT security solution they chose fit cohesively into their existing architecture.

‍

Another factor was that Keysight Technologies’ manufacturing facilities use device fingerprinting and asset inventories for cybersecurity and insurance purposes, which meant that information had to be generated and updated manually. Because this process required hours of extensive manual auditing, updates could be made only periodically. It was also difficult to detect new devices over time, generate a vulnerability registry, and translate data into actionable activities.

‍

When selecting a solution, there were several important considerations that the cybersecurity team at Keysight Technologies looked for. First, they wanted a solution that could provide the in-depth visibility and analysis needed to accurately identify all the assets running in Keysight’s manufacturing plants worldwide. They needed to automate the process of maintaining a real-time asset inventory across all of their facilities and easily deliver an accurate and up-to-date asset registry at any time. All of this needed to be done without slowing their manufacturing processes down.

‍

Additionally, the solution needed to provide actionable insights and extend the use of OT network data to support a faster, more targeted response to anomalies and threats.

Cloud-based Asset & Network Visualization with Asset Intelligence Enrichment

Nozomi Networks worked closely with Keysight Technologies to address these challenges. First, Vantage was deployed to provide a consolidated view of all assets, networks, and vulnerabilities across Keysight’s worldwide manufacturing facilities, solving for their visibility challenges.

‍

Vantage’s asset intelligence enrichment engine was also enabled, which leverages cloud-powered artificial intelligence (AI) to identify unconfirmed assets based on confirmed asset data and correlated asset behaviors. When an unconfirmed asset’s behavior aligns with certain criteria, asset details such as type, vendor, and product name can be determined with a high level of confidence. This ensured that Keysight Technologies’ need for asset inventory accuracy and depth was met, and also complemented the device fingerprinting and asset enrichment performed at the edge.

‍

They also use a single Guardian sensor to monitor the entire facility for asset and vulnerability visibility, anomaly detection and signature threat detection. This simplifies management and maintenance for the platform and ultimately reduces TCO of the solution for Keysight’s entire IT and OT cybersecurity practice.

‍

The Nozomi Networks platform detects both anomaly-based and signature-based alerts and transmits those events to the Keysight Technologies SOC in real-time. Machine Learning models in the Guardian network sensor correlate detections that are related with a high confidence threshold. Furthermore, the Vantage IQ AI engine performs ongoing analysis of the current and historical dataset of alerts, providing insights such as changes in alert patterns over time, dramatic increases in the quantity of high-risk alerts at a facility, and identifying when multiple events indicate a confirmed incident with high likelihood.

‍

Keysight also deployed its own products, taps and network packet brokers in its IT environment to monitor network traffic. This ensures that data collection does not impact existing network infrastructure performance and no switch interfaces are consumed by port mirroring (SPAN) configuration. It also ensures that traffic could be aggregated, de-duplicated and filtered prior to transmission to maximize the performance of the Nozomi Networks Guardian, and that network traffic can be used for other purposes at a later date.

Lowering OT Incident Response Times By 50% With AI-Powered Targeted Alerts

Keysight Technologies’ partnership with Nozomi Networks allowed Keysight to meet their challenges head on. Keysight Technologies reported an impressive 50-70% average improvement in its ability to identify and accurately classify assets after activating Nozomi Networks’ asset intelligence enrichment. The real-time asset inventory and vulnerability data informs Keysight Technologies’ broader security decisions and significantly reduces the manual labor previously required. Overall, Keysight Technologies has eliminated hundreds of hours of manual labor each month a year.

‍

Keysight Technologies Security Analysts are empowered with event data as it occurs in the OT environment. Data may be incorporated into the SOC’s review and escalation processes to enable the business to dramatically reduce the effort and time required to identify security threats. AI-powered insights in the platform enable the existing team to evaluate a larger volume of data and dramatically reduce the time-to-value of Keysight’s investment.

‍

By leveraging their existing SOC, Keysight Technologies is able to receive and review security events detected in the OT environment, expand the scope of SOC monitoring to include OT in a cost-effective way, and reduce the mean time to resolution for potential OT cybersecurity incidents through rapid detection. Keysight Technologies has also been able to cut OT incident response times by 50% with AI-powered targeted alerts.