Nozomi Networks and Skybox Security have responded to this challenge by offering a converged network risk profile tool as a single solution for IT/OT cyber visibility. The response exemplifies the collaborative efforts of government and private organizations that collect, transmit, deploy, and respond to cyber threats in real time to minimize their impact. This partnership and other collective efforts strengthen companies to protect their most valuable connected and converged assets effectively.
The value proposition of network convergence
There is a fundamental need to collect and centralize real-time data across a company’s IT and OT network assets. This dataset includes information such as raw material availability, production capabilities, throughput, inventory management, and real-time reports on the status of the distribution network. The information should be available in real time and correlated with many corporate systems, including operational, functional, and regional sources. This is not the time for solutions that require extensive normalization and processing of data by third-party tools across multiple network sources.
Limitations of a single IT or OT solution
One of the consequences of IT/OT convergence is the growth of an attack sequence that point solutions can never adequately address. An example of an inadequate single-purpose solution would be deploying antivirus software in the IT domain, assuming it protects an unsegmented OT network.
While virus protection software prevents some attacks, cybercriminals can often bypass software agents and gain access to protected resources. Once inside an IT network, a cybercriminal can move through privileged escalation to breach critical storage, operational, and OT systems. This behavior is at the heart of many cyberattacks recently reported in the news.
Pivotal attacks can result in the loss of customer data, control of subsystems and other control apparatus, and the long-term risk of an undetected malicious presence. This attack type also requires a coordinated system that reports operational intelligence in real time in the environment in which it occurs. Without a rapid response, a cybersecurity event, such as a ransomware scheme, can lead directly to financial loss and unwanted press disclosure. It can also cause unintended disruption of a highly complex solution spanning processes from obtaining raw materials to delivering a product ready for market inventory.
Reducing network convergence risks
As discussed, convergence is driven by a set of value propositions that can be undermined by weak security policies. Many of the key drivers of digital transformation are manifested across industries. Cybersecurity has become part of a mix of issues requiring a response on behalf of asset owners. Therefore, it is important to insist on achieving the necessary goals that contribute to the convergence of the network. Cybersecurity solutions should support these goals, not extend their impact.
Nozomi Networks and Skybox Security have teamed up to bring a single window to the OT and IT asset visibility market and a lifecycle approach to mitigate vulnerabilities that are most likely to cause risks and breaches. A multi-stakeholder risk assessment methodology complements CVSS severity level data with data on asset exploitability, impact, and importance. Risk assessment can be tailored to an organization’s unique risk position, enabling organizations to prioritize vulnerability mitigation more effectively.
Visibility is essential to fighting network attackers. Tools like an aggregated dashboard with visibility into OT/IT assets can significantly improve a company’s security profile. Such a solution also eliminates the need for external correlation of data collected from independent systems.
The management platform combines infrastructure context with threat intelligence, providing unprecedented visibility into the expanding attack surface spanning IT, hybrid cloud, and OT environments. This enables enterprise networks and security teams to comply with corporate and regulatory policies, securely automate changes, reduce misconfigurations, improve cyber hygiene, and prioritize remediation of the riskiest vulnerabilities.
