Segmenting My OT Network for Cyber Resiliency

CHALLENGE

Improving Your Cyber Resiliency with OT Network Segmentation

When a ransomware called LockerGoga hit one the largest aluminum producers in the world, the organization was forced to take computer systems offline and switch to manual operations. The malicious phishing attack led to costly outages and production slowdowns.

But LockerGoga isn’t the only cyber threat to impact industrial operations. A new type of ICS malware called TRITON recently reprogrammed a facility’s Safety Instrumented System (SIS) controllers, causing an automatic shutdown of the industrial process.

Regardless of whether a cyber incident originates on the IT side of the business, or was introduced intentionally or accidentally on the OT side, a single firewall separating IT and OT is no longer enough.

Without effective segmentation of ICS and SCADA networks, ransomware and other cyber threats gain free flowing lateral access to operational systems, enabling potentially dangerous disruption or damage.

SOLUTION

Real-time Network Visualization

Nozomi Networks Solution: Network Visualization Topology The Network View pane on the left allows users to easily navigate and filter by different subnets and network segments. The views on the right show details of the network area selected.

As outlined in IEC 62443 standards, OT segmentation is considered best practice when it comes to controlling communications across ICS and SCADA systems.

OT zone segmentation is an effective way to mitigate perimeter breaches, as well as prevent intentional and accidental OT and IoT cyber incidents from spreading. But achieving effective network segmentation requires visibility into your OT network structure, and insight into where vulnerabilities lie.

The Nozomi Networks solution automatically creates a visualization of your entire network, often uncovering aspects of your industrial control system you weren’t previously aware of.

Upon deployment, it immediately analyzes your ICS network traffic and builds a live, interactive network visualization containing extensive information, including:

  • The identity of all entities communicating over the network
  • The ability to navigate and filter to see: 

Nodes

Links

Zones

Sessions

Topology

Traffic

Subnets

Protocols

Network Segments

Open TCP connections

 

Using this information makes it easy to identify segmentation problems or determine where new segmentation is needed.  

The Nozomi Networks solution also automatically identifies asset vulnerabilities. This allows operators to use segmentation as a risk mitigation measure for groups of devices with the same vulnerabilities.

Overall, the solution’s advanced network visualization and vulnerability assessment capabilities help identify opportunities to strengthen cyber resiliency and prevent a network infection from spreading.

Superior Operational Visibility

Vantage network visualization capabilities help improve your understanding of the network structure and activity. It delivers the information needed to plan and implement an effective OT network segmentation strategy.

Let's get started

Discover how easy it is to anticipate, diagnose and respond to cyber threats and process issues before they impact your operations.