Is Defense in Depth Still Relevant for OT?

Evolution, Not Revolution

Over the last 10 years there has been increasing awareness across all industrial sectors, that cyber criminals are looking for additional victims. Companies have worked with their IT groups and their OEM vendors to implement basic security controls such as perimeter firewalls, anti-virus and systems patching. But is this enough? The answer is typically no, as threats evolve, you need to do more.

Considering this type of mounting sophistication and the kind of industries that rely on such networks, OT targets are continually rising as an interest among cybercriminals. In a survey of 3,500 security experts, more than 75% relayed that they “believe their OT security risk level is high or severe for the company’s overall risk profile,” according to Security Week.

In fact, Gartner analysts estimate that only 5% of the market is at the mature stage of their OT security program.

Minimizing Risk with Defense in Depth

So, with the complexity of today’s cybersecurity landscape, including both IT and OT concerns, how do we go about implementing solutions? A leading answer to this question comes in the form of defense in depth. As Matthew Warner, CTO and co-founder at Blumira, explains, “Focusing on defense-in-depth and detection of threats, consistent with ransomware playbooks at each layer from on-premises to cloud, will help significantly reduce ransomware risk.”

In addition to critical elements like visibility, which allows you to see and understand where vulnerabilities may exist, defense in depth is a strategy that ensures that you have layers of security put in place to shield those vulnerabilities at every level. Therefore, if one guard is broken down, there are others still standing. While each tool used may have its own purpose, the overall goal is to have a suite of measures that act in tandem with each other.

In an article for CSO, Josh Fruhlinger points out that it is helpful to understand this approach in three categories – administrative controls, physical controls and technical controls. The administrative focus makes sure that the whole organization is on board with the plan to secure operations. Physical controls “prevent attackers from gaining real-world access to your data and computer systems,” as written by Fruhlinger. Meanwhile, technical controls build barriers around the hardware and software.

By applying this data and defense driven cybersecurity tactic, organizations are better prepared to take on a well-rounded, relevant and aligned course of action to cybersecurity.

Least Invasive Approaches For OT

If you have the basic controls in place and you conduct a cyber assessment or gap analysis, the assessment frequently recommends that you develop a network segmentation strategy to reduce your attack surface as a place to start. Often referred to as the “Purdue” model framework, it provides physical separation of the layers in your network. This requires re-architecting and frequently updating some level of hardware either switch gear or deploying additional firewall across segments.

Network Intrusion Detection(IDS) has also become increasingly popular over the last several years as well. The biggest benefit of this technology is that it allows the security team(typically connected to IT) visibility into what are the actual assets in the OT world. Most of these systems also provide a level of deep packet inspection and a library of threat indicators that will trigger an alert if a threat is detected.

Software Defined Networking(SDN) is a more modern approach to hardening the attack surface. By creating policies as to what devices can communicate to each other, and by what protocol, it reduces the risk of an adversary manipulating and taking control of your network.

The list continues on with vulnerability management/patching, endpoint whitelisting, endpoint monitoring, data encryption and configuration change management as all strategies to enhance your defense in depth program.

Sources:

Learn about the ultimate solution to protect infrastructure networks, Net-Optix.

Share

You Might Also Like...

Subscribe to Our
Newsletter

Subscribe now to receive expert insights, latest cybersecurity news, and practical tips to protect your business from evolving threats.