Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image

TAP Into Technology

Leading the Way in Network Technology

Bridging the IT, OT and IOT Divide

Posted by James Cabe | 7/16/20 8:00 AM

Visibility and asset management has to be the cornerstone of modern Operational Technology (OT) security architecture and digital transformation. To secure Industrial Control Systems (ICS) and reap the productivity benefits of IT-OT convergence, the industrial cyber security program must be recognized as a cross-functional lifecycle and journey. IT and OT must work together for either team to be successful. We must get beyond addressing cybersecurity and addressing process-centric and protocol operational issues. Garland Technology recently spoke with James Cabe, Senior Channel Architect at CyberX about this topic. 

 

How is OT/IoT security different from IT security?

IT and OT are very different worlds with very different responsibilities. Fundamentally, IT secures data and manages the flow of digital information. An intentional or unintentional cyber threat could result in the loss of intellectual property, corporate financials, and employee or customer information – and the ripple effect can be costly, ranging from $200K to $4M per incident.

In contrast, OT and ICS deal with machines and execute control processes that are used to operate and/or automate industrial processes. A cyber threat could have devastating physical consequences to critical infrastructure and services, employees, human life and safety, and the environment. 

How do we translate OT “Safety” into Cyber Security?

In my opinion, OT engineers have a completely different “language” and you may find yourself translating what is meant by “security.”  One of the biggest misunderstandings we see between IT and OT is the tendency of CIS/CISOs to view OT through the lens of standards, regulations, or best practices, and focus on IT security practices that do not translate into ICS. This can lead to friction, sometimes a chasm between IT and OT that is needless and unhelpful. OT environments and OT systems must be viewed as processes and people with their own requirements. Great lengths need to be taken to learn and gain an understanding of their language, the mission of the industrial environment, and the different systems, risks, and cyber threats they face.

Visibility and Asset Management has to be the cornerstone of modern OT security architecture and digital transformation. How do we get out beyond addressing cybersecurity and addressing process-centric and protocol operational issues?

To begin with, malware is not a factor in this world like it is in the IT world. OT system protocols do not really allow for the corruption. Fabric security is definitely a requirement, but operational intelligence is equally important in order to know what risks are associated with the industrial control system. As digital transformation and Industry 4.0 unlock new levels of productivity and efficiency, they are also driving the deployment of new IIoT devices and increased connectivity between IT and OT networks. Because these devices don’t support agents — and are often unmanaged, unpatched or misconfigured — they can easily be compromised by adversaries. As a result, boards and management teams are increasingly concerned about the expanding attack surface and risk of costly downtime, safety incidents, and theft of sensitive intellectual property.

Assisted by the Garland Visibility Architecture Platform, CyberX provides full visibility into your IoT devices and their risk posture without requiring agents or impacting network performance. 

>> Download now: Learn why SPAN Ports should not be used in industrial security solutions [Whitepaper]

How do visibility products such as Garland Technology solutions augment the CyberX Solution?

Deployment of the Garland Technology TAP ensures 100% of the ICS traffic is delivered to the CyberX platform. CyberX is able to analyze the traffic in order to protect complex logistical enterprises by detecting cyber threats in specific localized vulnerabilities. The solution eliminates dropped packets from oversubscribed and low prioritization SPAN ports, ensuring optimal CyberX platform performance and operation for ICS network security. This multi-layered strategy addresses complex challenges across Internet connection sharing vulnerabilities. By providing complete network visibility and access to process and leverage data, IT and OT teams can drive better decisions for scalable production and increased efficiency to unify security monitoring and governance across your enterprise.

How has the CyberX platform been designed to meet the OT world?

CyberX was founded by nation-state defenders for critical infrastructure. They understood from the beginning that OT was a different attack surface with different requirements that didn’t fit easily or neatly in the IT security framework. To understand the actual payload of the infrastructure and applications that the platform needed to protect required deep packet inspection. CyberX is IoT/OT-aware with embedded knowledge of IoT and ICS protocols, devices, vulnerabilities, and behaviors. Machine learning and patented M2M behavioral analytics are used in CyberX’s five detection engines. These engines do not stop at anomaly and malware detection, but also go further into understanding the operations, protocols, and policies in ICS environments. The engines were pre-trained to make them an “Expert System,” not just a tool that accepts baselines alone. That means the platform can start delivering value within 5-10 minutes of deployment. That truly sets the CyberX platform apart and our partners like Garland Technology assist us to make that deployment and speed to business value even quicker.   

What makes the CyberX platform better and different?

CyberX provides the most widely-deployed industrial cybersecurity platform to continuously reduce IIoT and ICS risk. The CyberX platform delivers continuous ICS threat monitoring and asset discovery, combining a deeply embedded understanding of industrial protocols, devices, and applications with ICS-specific behavioral anomaly detection, threat intelligence, risk analytics, and automated threat modeling. The fact is, CyberX is the only company that addresses all four requirements of Gartner’s Adaptive Security Architecture.  In addition, CyberX can be deployed with either a virtual machine or an  appliance-based system that can be deployed and start providing business value in less than an hour t. Another benefit our customers enjoy is the ability to expose attack vectors, correlate an attack timeline to lower MTTR of an incident.

What is the impact of not having complete wire visibility?

The escalating attack frequency, combined with an increasingly sophisticated threat landscape, highlights the need to make critical IC systems more resilient to cyber threats. Arguably the most important aspect for securing your Industrial environment is network visibility. Putting expensive security and monitoring appliances in place and investing in employee training won’t help defend  the network if the network isn’t designed with visibility in mind. Like traditional network security, packets are delivered to out-of-band solutions by either Network TAPs or SPAN, which can then be coupled with Network packet brokers (NPBs) to aggregate and groom packet data for out-of-band solutions.

When critical infrastructures are involved, companies can’t afford blindspots, drop packets, traffic bottlenecks, or suffer network downtime. Deploying network TAPs throughout the Industrial framework ensures uptime and eliminates the packet delivery issues that SPAN/Mirror ports sometimes introduce. 

Cybercriminals are constantly searching for vulnerabilities and IoT devices open up a whole new world to hackers and cyber thieves. What are some of the emerging trends you are seeing in OT/IoT security?

Emergence is a tough topic to handle, especially in security, because it is the unknown-unknowns that provide the scariest scenarios for many companies and CISOs. Sadly this should be the last of their focus. It is the known-unknowns and known-knowns that companies usually find themselves embroiled in. Ransomware and highly automated malware frameworks have started to incorporate ICS attacks by enumerating OT specific protocols and software and then shutting them down. This is a stage 1 style attack that we saw at the beginning of worms. Malware like Slammer Worm and I.Love.You.The virus did just that for organizations. We saw that recently with some automotive manufacturers. So sadly, this is just the beginning. There are plenty of attacks that can do these things without malware at all. Three simple scripting languages can enable a fully “Live off the Land” attack to ICS environments. This can be extremely hard to defend against. It is time to create a new type of Defense in Depth -- one that incorporates enforcement, adaptation, and behavior-based detection rather than simply cobbling defenses together.


Looking to add visibility to your industrial environment, but not sure where to start?  Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.

Full Duplex Capture in Industrial Network Security Garland Technology

Topics: Industrial Ethernet

Written by James Cabe

Born in Oakridge, Tenn. – "The Secret City" – James Cabe spent the early years of his career in Cambridge, Mass., working for BBN Planet (Autonomous System 1 on the internet). After being sold to the carrier GTE and spun off during the making of Verizon, James set course for New York and private network consulting and data security for legal firms, commodities trading networks, and large global retail. In 2003, James moved to Houston, Texas, and began a career in oil and gas. The large independent E&P company formed an internal international consultancy to handle companies outside the scope of typical American IT operations. Operations in deep water and internationally made up the better part of the next decade. James continued his career for Fortinet as a subject matter expert and security evangelist for security architecture, encryption, authentication, and next-generation security. Most recently James accepted a position at CyberX as a Senior Channel Architect with responsibility for all of the channel technical programs and enablement in the Americas and with the Global Software Integrators.

Sign up for blog updates