CHALLENGE

Segmenting My OT Network for Cyber Resiliency

The Challenge

Improving Your Cyber Resiliency with OT Network Segmentation

Earlier this year, a ransomware called LockerGoga hit one the largest aluminum producers in the world. According to media reports, the malicious phishing attack forced the organization to take computer systems offline and switch to manual operations, leading to costly outages and production slowdowns.

But LockerGoga isn’t the only cyber threat to impact industrial operations. A new type of ICS malware called TRITON recently reprogrammed a facility’s Safety Instrumented System (SIS) controllers, causing an automatic shutdown of the industrial process.

Regardless of whether a cyber incident originates on the IT side of the business, or was introduced intentionally or accidentally on the OT side, a single firewall separating IT and OT is no longer enough.

Without effective segmentation of ICS and SCADA networks, ransomware and other cyber threats gain free flowing lateral access to operational systems, enabling potentially dangerous disruption or damage.

The Solution

Real-time Network Visualization

As outlined in IEC 62443 standards, OT segmentation is considered best practice when it comes to controlling communications across ICS and SCADA systems.

OT zone segmentation is an effective way to mitigate perimeter breaches, as well as prevent intentional and accidental OT cyber incidents from spreading. But achieving effective network segmentation requires visibility into your OT network structure, and insight into where vulnerabilities lie.

The Nozomi Networks solution automatically creates a visualization of your entire network, often uncovering aspects of your industrial control system you weren’t previously aware of.

Upon deployment, it immediately analyzes your ICS network traffic and builds a live, interactive network visualization containing extensive information, including:

  • The identity of all entities communicating over the network
  • The ability to navigate and filter to see:
NodesLinks
ZonesSessions
TopologyTraffic
SubnetsProtocols
Network segmentsOpen TCP connections

 

Using this information makes it easy to identify segmentation problems or determine where new segmentation is needed.  

The Nozomi Networks solution also automatically identifies asset vulnerabilities. This allows operators to use segmentation as a risk mitigation measure for groups of devices with the same vulnerabilities.

Overall, the solution’s advanced network visualization and vulnerability assessment capabilities help identify opportunities to strengthen cyber resiliency and prevent a network infection from spreading.

 

Click to enlarge.

The Nozomi Networks solution uses multiple, hybrid techniques to quickly detects threats to your ICS or SCADA system. It identifies early stage advanced threats and attacks in progress, as well as process reliability issues and much more.

Superior Operational Visibility

Guardian’s network visualization capabilities help improve your understanding of the network structure and activity. It delivers the information needed to plan and implement an effective OT network segmentation strategy.

More Operational Visibility & Cyber Security Challenges

Effectively Monitoring My SCADA Networks

To optimize the use of raw materials, production schedules and logistics, I need visibility into – and data out of – my ICS networks.

Proactively Identifying Equipment Wear

A truck can cost $5M. A single tire, $60K. I need to know if any component is approaching burnout before it disrupts process stability.

Defending the Mine Against Malicious Data Theft

To protect my production numbers, business plans and IP from prying eyes, I need to secure my OT data and systems.

#thosewhoknowpicknozomi

Want to Know More?