Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
Traditionally, operational technology (OT) networks were architected almost entirely separate from information technology (IT) networks. As digital transformation efforts within organizations began to include the OT network infrastructure, these networks shifted to a more interconnected architecture, enabling cyber threats to reach beyond the traditional IT assets. Now cybersecurity teams are tasked to secure and manage networks that traverse their entire organization, requiring operational visibility to cover a wider variety of OT and IT devices on their networks.
This challenge impacts teams working to bridge the gap between legacy control system equipment and modern IT the most. Legacy ICS/OT networks were designed primarily with reliability in mind, not necessarily transferring data to a monitoring destination. So a common situation industrial teams are faced with when adding a security or asset inventory solution to a legacy system, is where to access the packets.
Most companies are deploying modern security systems like threat detection and asset visibility despite not having the budget to upgrade their entire infrastructure to update to new security frameworks and standards.
In part 1 of our 3 part ICS Village blog and video series on gaining visibility into your critical infrastructure, including aggregating distributed networks and deploying proof of concept solutions, we are going to review how to overcome legacy equipment challenges.
For organizations looking to improve visibility into level one and level two PERA model (Purdue Enterprise Reference Architecture), there are two options to access packet visibility – SPAN/mirror ports on a switch or a network TAP. When attempting to integrate security solutions within legacy environments that are 7, 10, or even 15 years old, challenges include unmanaged switches that do not have SPAN ports available, outdated cabling media, and unmodifiable infrastructure configurations.
Unmodifiable infrastructure configurations? This is a typical response we hear that is related to the networking infrastructure. Often, the switchgear does not have enough system resources to enable SPAN, or the OEM / system integrator prevents the organization from making any changes due to potential safety or reliability concerns.
In these situations, adding plug-and-play network TAPs and traffic aggregation allows the legacy infrastructure to remain in the original configuration to continue safe and reliable operations while providing the packet visibility needed to manage and secure assets without making device modifications.
The diagram below visually represents a basic legacy OT architecture scenario with either unmanaged switches (no SPAN option) or managed switches that lack the resources to support SPAN capabilities. By deploying network TAPs designed to support 10M/100M/1G between the two network segments, security solutions can now receive the data necessary for adequate asset inventory, vulnerability management, and threat detection in a single application, making cybersecurity secure teams more effective.
For new asset visibility, threat detection, vulnerability management, and response platform installations – as you can see on the image below from the Dragos Platform, no assets or communication paths are mapped. From a PERA model perspective, the sensor components of the solution are deployed at level three while another sensor is sitting down at level two. Consistent with the legacy infrastructure challenges, there is no option for gaining visibility into the network or the systems that are communicating inside that zone.
After deploying network TAPs between the two network segments, it replicates all traffic out of a single port, securely delivering it to the security sensor. As you can see in the image below, we can now see asset and communication details thanks to the network TAPs providing packet visibility, allowing teams to achieve complete asset visibility without modifying the switch configurations.
The improved asset and communication visibility means OT teams can now compare total asset counts, IP addresses, communication mappings, and more, helping to build a trusted baseline of what ports and protocols the systems use to communicate over the network infrastructure. The next step in their journey will be to analyze any notifications from the security solution for potential threats.
Having this level of visibility is an essential step for legacy networks. It helps an organization move from having minimal visibility, using static diagrams that catalog what assets exist and how they are supposed to communicate, and simply trusting what the OEM or system integrator has implemented. To now having a checks and balances system in place with the capability to obtain visibility from those different legacy network devices, understand communication paths, establish a trusted baseline, and set up notifications if changes occur outside of standard operating parameters, procedures, or time windows.
Next (2 of 3) in the blog and video series, we will review how to aggregate traffic in a distributed network and deploy network TAP solutions in a proof of concept to compare multiple security solutions simultaneously.
Tom is the Co-Founder of ICS Village. ICS Village offers an interactive learning experience for different components of industrial control system security. Explore your areas of interest and learn from experts about the many systems and components that need to be secured.