Use the Netify comparison tool to find out which SD WAN & Cybersecurity solutions match your Manufacturing business needs.
Regulations and frameworks are specific to where in the world your manufacturing organization is operating, Netify can recommend where to obtain legal advice and check local regulatory requirements before making a decision on vendors and solutions.
Additionally, depending on the type of product a company manufactures, your business could potentially be subject to additional regulations which mandate specific product security controls.
For example, in the United States, manufacturers may be subject to regulations from North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) Standards and the U.S. Nuclear Regulatory Commission’s Regulatory Guide 5.71 when producing energy, or using manufacturing equipment subject to these regulations, or when manufacturing products subject to these regulations. Additionally, one of the most prevalent examples of regulatory requirements for specific product security controls is the Food and Drug Administration (FDA) security requirements for medical devices. Most of the content of the U.S. regulations at least partially overlap with the National Institute of Standards and Technology’s recommendations in the industry specific “NISTIR 8183 Revision 1, Cybersecurity Framework Version 1.1 Manufacturing Profile”, so there is some opportunity for compliance mapping.
In the European Union, organizations have to work within the European Network and Information Security Agency’s Network and Information Security (ENISA NIS) Directives and in the United Kingdom the Centre for Protection of National Infrastructure (CPNI) offers advice and plans as well as resources to help ensure the safety of critical infrastructure. While both the NIS Directives and CPNI requirements were originally meant for critical infrastructure organizations like utility companies, they have quickly become both relevant and, at least partially required, for manufacturers as more and more are using ICS for plant automation.
After looking at the applicable regulations to an organization, it is time to map needs to potential solutions. For local or remote access to ICS, organizations will need a strong IAM solution in place as well as PAM.
For remote access, VPN has been the go-to remote access solution for ICS. While VPNs typically provide strong encryption to prevent intercept of network traffic, they often provide authorized users with too much trust. So, as we move toward zero-trust security models, ZTNA is needed for both encryption of network traffic and provision of the minimum necessary trust for access to network resources.
While most ICS networks today are either isolated from the internet or only have limited connectivity, more and more of these solutions are embracing the benefits of cloud. So, in these cases, the components of SASE, including cloud security solutions combined with secure SD-WAN and ZTNA, can offer a comprehensive solution.
In any organization where critical infrastructure components are used or manufactured, even if they’re not connected to the internet, an XDR (Extended Detection and Response) solution that specifically addresses IT/OT/ICS threats should be used to differentiate between benign and genuine threats, detect anomalies, and enable real-time monitoring and response.
Although IT/OT/ICS may use different technologies than other IT or IoT systems managed by an organization, vulnerability management tools that address the specific IT/OT/ICS technologies in use should be used to ensure devices are up-to-date and provide situational awareness in case known vulnerabilities pose an imminent threat to manufacturing operations.
Then, since regulations are likely involved, auditing and compliance management is needed. There are several well-known security companies that aim to provide comprehensive (or as comprehensive as possible) IT/OT/ICS solutions including Tenable, Armis, Nozomi Networks and Claroty. While each of these have a lot of product overlap, each has their strength and weaknesses in their deployment models or areas of focus.
For instance, Tenable offers IT/OT/ICS vulnerability management solutions and they also offer industry-leading vulnerability management solutions for on-premise and cloud network infrastructure, so they stand to provide a more tightly-integrated vulnerability management solution vs competitors.
Nozomi Networks offers SaaS threat detection and response and threat intelligence which are specific to a growing list of ICS devices, and a centralized command center application that can be deployed in-cloud or on-premise. Neither of these two vendors offer XDR solutions, though – but they both offer extensive integration capabilities.
As with all organizations in any industry operating in today’s digital landscape, the threat of data breaches and cyber attacks is increasing every year. More and more organizations are having to enhance and upgrade their security solutions, both physical and digital, as they continue to converge as technology evolves.
Some legacy technologies, like VoIP for example, can be relatively easily adapted to modern networking technologies and modern security solutions. Other technologies, like Operational Technology (OT) and Industrial Control Systems (ICS) used in critical infrastructure, energy and manufacturing, are not evolving as quickly or adapting as easily, making them difficult to protect with the same security technologies that protect most other networked systems.
There are many reasons for this ranging from architectures which aren’t easy to change to regulations that haven’t caught up with modern technology. Therefore, there are many emerging cybersecurity solutions that are aimed at meeting the unique challenges of ICS and manufacturing environments.
While traditional cybersecurity controls like PAM (Privileged Access Management), MFA (Multi-factor Authentication), monitoring and intrusion detection can be implemented for ICS, their regulatory considerations as well as unique risk factors since ICS compromise could lead to real-world risk to life of property. Thankfully, we’re beginning to see new resources, tools, and guidance for securing IT/OT and ICS in manufacturing environments. One of the most useful resources available to manufacturing organizations regarding IT/OT security is the MITRE ATT&CK Framework for ICS. The framework provides a matrix that tries to cover the entire lifecycle of an attack or breach and then map the lifecycle stages to their tactics, and in turn, their mitigations, as well as ways to test these areas in any given organization.
In summary, while we’re beginning to see some really useful resources for organizations who need to implement or enhance ICS security, there is still a lot to consider: there are various regulations regionally, there are many national resources with recommendations or standards for ICS security and there are emerging frameworks like the MITRE ATT&CK Framework for ICS which are aimed at comprehensive security covering all areas and offering a guide to organizations looking to enhance and upgrade their ICS security.
Requirement: SD-WAN
It is important to understand what type of connectivity is used throughout the organization in order to align the organization with the best possible solution for that type of network environment.
Requirement: Endpoint protection
Endpoint protection is important for all network connected devices. When considering a solution for a manufacturing organization, it is essential to consider the types of devices an organization uses and the types supported by the solution(s) in question. If traditional devices are used, a good EDR solution may be enough. Conversely, if an organization has ICS or OT systems, they should consider security solutions that are specifically designed to protect ICS or OT systems.
Requirement: Regulatory compliance reporting and monitoring
No matter where an organization operates, it is increasingly likely that they will be subject to regulations that dictate what types of security measures must be implemented. Ensure that the compliance reporting and tracking solution is suitable for the regulations affecting the organization.
Requirement: Comprehensive and integrated solution or managed services
When an organization is required to secure many different types of devices, processes, people and systems, the organization must consider the solution that works best for both their business operations and their desired security posture. In other words, ensure the solution the organization chooses is completely comprehensive or potentially includes managed services that can scale up so that no unnecessary additional labor is required with the implementation of the new solution(s). That being said, when looking at managed services providers to support environments with IT/OT/ICS, it’s especially important to ensure that potential providers are able to meet the specific needs of your organizations.
Requirement: ZTNA
Remote access to any part of an organization poses a great security risk as that is frequently the first point of access to an organization. The consequences of cybersecurity breaches in ICS have recently been in the news. When considering a solution be sure to verify and validate that you’re able to implement ZTNA and maintain strong IAM whenever remote access is required.
Requirement: SIEM, managed SIEM, or SIEM integration Security
Information and Event Management solutions are very common in the manufacturing industry, especially because industrial automation equipment both generates and consumes huge amounts of data. They are a very important part of any security solution, but proper management and tuning is critical as many SIEMs won’t have out-of-the-box workflows or alerting for IT/OT/ICS. It is key for an organization to ensure that their SIEM is performing as required and that it will work well with any new solutions that are implemented as integrating data sourced from existing IT/OT/ICS.
Requirement: Security audits
Whether we like them or not, audits are an essential component to any security program. These audits verify proper operation of security controls in place and points out possible weak spots in the security solutions being used. It also keeps teams responsible for the organization’s security thinking about the eventual tests that will be performed to verify their work and statements made. When it comes to ICS used by manufacturing organizations, consider ICS-specific security solutions like Tenable.ot, Nozomi, etc. to automate the audit process while ensuring that audits are tailored specifically to these types of systems.
Requirement: Automated threat detection
In any organization that is interested in leveraging technology as a human force multiplier, they need to have automated detection of anomalous behavior, devices or traffic. With the amount of devices and vast amounts of data organizations generate today, especially those with automated manufacturing plants, it is just implausible to manually detect threats. In the same manner, it is impossible for any solution to recognize every time of threat – especially when it comes to ICS which may operate using legacy or proprietary protocols that aren’t well-studied. Therefore, it is imperative that the solution leverages some understanding of normal ICS operation and uses technology to detect anomalies or even predict possible threats that have not been seen before.
Requirement: XDR and/or MDR combined with process and procedure
Any organization, even with their favorite solutions fully implemented, will certainly face both false and real threats. In a manufacturing environment, proper handling of false-alarms is crucial to avoid plant stoppages (which cost time and money), while quickly responding to real threats is just as important to avoid data breaches or equipment failure that can cause loss of life or property.
Requirement: Asset management
One of the most important and first things an organization needs to do (there’s a reason why the Center for Internet Security consistently lists IT asset management at the top of their list of Critical Controls) is determine the best way to track all of the devices and assets the organization has, and to ensure that the inventory is kept up-to-date (and preferably automated). There are many solutions that incorporate or integrate with systems for tracking and monitoring assets as required, but these solutions may not be able to automatically discover or manage unique properties of an ICS device. Therefore, an asset management system which is specific to IT/OT/ICS may be necessary.
Netify will arrange either a 1 hour demo session of Gartner rated vendors, niche players and startups with walkthroughs of features and benefits or opt for our vendor briefing session to learn more about high level capability.
Netify has created the ultimate manufacturing sector SASE cybersecurity and SD WAN IT decision makers checklist. Learn about the key areas you must consider when evaluating vendors and managed service providers.
Netify assessments are free to use, answer 10 questions to begin finding your perfect SD WAN or Cybersecurity solution.
Try the beta version of our SD WAN and connectivity pricing calculator. Currently supporting Versa SD WAN and SASE Cybersecurity in our initial release.