Which security/services are must haves for manufacturers who need to secure their IT/OT/ICS?
After looking at the applicable regulations to an organization, it is time to map needs to potential solutions. For local or remote access to ICS, organizations will need a strong IAM solution in place as well as PAM.
For remote access, VPN has been the go-to remote access solution for ICS. While VPNs typically provide strong encryption to prevent intercept of network traffic, they often provide authorized users with too much trust. So, as we move toward zero-trust security models, ZTNA is needed for both encryption of network traffic and provision of the minimum necessary trust for access to network resources.
While most ICS networks today are either isolated from the internet or only have limited connectivity, more and more of these solutions are embracing the benefits of cloud. So, in these cases, the components of SASE, including cloud security solutions combined with secure SD-WAN and ZTNA, can offer a comprehensive solution.
In any organization where critical infrastructure components are used or manufactured, even if they’re not connected to the internet, an XDR (Extended Detection and Response) solution that specifically addresses IT/OT/ICS threats should be used to differentiate between benign and genuine threats, detect anomalies, and enable real-time monitoring and response.
Although IT/OT/ICS may use different technologies than other IT or IoT systems managed by an organization, vulnerability management tools that address the specific IT/OT/ICS technologies in use should be used to ensure devices are up-to-date and provide situational awareness in case known vulnerabilities pose an imminent threat to manufacturing operations.
Then, since regulations are likely involved, auditing and compliance management is needed. There are several well-known security companies that aim to provide comprehensive (or as comprehensive as possible) IT/OT/ICS solutions including Tenable, Armis, Nozomi Networks and Claroty. While each of these have a lot of product overlap, each has their strength and weaknesses in their deployment models or areas of focus.
For instance, Tenable offers IT/OT/ICS vulnerability management solutions and they also offer industry-leading vulnerability management solutions for on-premise and cloud network infrastructure, so they stand to provide a more tightly-integrated vulnerability management solution vs competitors.
Nozomi Networks offers SaaS threat detection and response and threat intelligence which are specific to a growing list of ICS devices, and a centralized command center application that can be deployed in-cloud or on-premise. Neither of these two vendors offer XDR solutions, though – but they both offer extensive integration capabilities.