Avatar

IoT discussions have moved from counting the number of connected devices to use cases and value creation for each industry. Organizations in transportation, public sector, energy and manufacturing industries are looking to translate IoT edge data into meaningful information and derive business value. Across Cisco’s 70,000 IoT enterprise end customers, we see an acceleration of digitization projects that are connecting operational assets to a converged Ethernet and IP network – and IT is playing a critical role. While estimates on the number of connected devices might vary, there is agreement that cybersecurity is the #1 customer concern to execute IoT projects.

To make the digital enterprise a reality, IIoT projects in operational settings need to overcome three key challenges:

  • Lack of an up-to-date asset inventory with baseline of normal communication patterns to detect security and configuration anomalies
  • Flat, unmanaged plant networks allow unfettered propagation of cybersecurity threats, risking system downtime, increasing risks to people, and the industrial processes
  • While data is king, it is trapped in heterogeneous environments with industry-specific protocols that are foreign to IT and security tool sets

To enable customer success, Cisco has developed the Multi-Domain architecture to link visibility, automation, and policy from branch, data center, campus, and operational environments. Cisco IoT is announcing two key innovations that empower both IT and OT teams, furthering the Multi-Domain architecture:

  • Comprehensive IIoT security architecture and the release of Cisco Cyber Vision
  • Cisco Edge Intelligence, radically simplifies IoT Edge to multi-cloud data delivery and control for connected assets

Comprehensive IIoT cybersecurity architecture and Cisco Cyber Vision for OT visibility

Cisco is announcing a comprehensive Industrial IoT cybersecurity architecture to enable IT and OT to protect their operational environments with four key capabilities – Identification, policy definition, enforcement of the policy, and monitor ongoing operation of the entire system. Cisco Cyber Vision is the first software-based IIoT security solution embedded in the Cisco industrial networking portfolio. All operational traffic flows through the network, and Cisco is uniquely positioned to provide visibility for security and context for operations.

Cyber Vision passively analyzes traffic with deep protocol knowledge for discrete, process, and utilities industries, allowing IT and OT to secure while maintaining production integrity for operational environments.

Cisco Cyber Vision starts by discovering assets and decoding industry specific process flows using passive Deep Packet Inspection (DPI) technology. Using a combination of OT-specific rules and threat intelligence from Cisco Talos, it provides real-time anomaly detection and monitoring. The information gathered by Cisco Cyber Vision is critical to segmentation policies in Cisco Identity Services Engine (ISE) and DNA Center and removing the potential for unfettered propagation of threats across operational environments – something that has been a highly manual effort and does not keep up with changing requirements.

Cisco Cyber Vision is integrated with Cisco’s IT security portfolio, bringing detailed information on OT assets and industrial threat detection to Cisco NGFW firewalls, Identity Services Engine for access control and segmentation, and network traffic analysis using Stealthwatch to provide the necessary context to IT security teams. Cisco Cyber Vision also integrates with leading SIEM platforms, such as IBM QRadar and Splunk, so you can collect all OT events in your IT SOC and build a unified IT-OT security program.

Cisco Edge Intelligence delivers data where it can be actioned 

Cisco Edge Intelligence is a new IoT software offering that extracts, transforms and delivers connected asset data from IoT edge to multi-cloud destinations with granular data control. Like Cisco Cyber Vision, it is a software service deployed on Cisco’s IIoT networking portfolio for easy, out-of-the box deployments.

Current approaches require custom software and integrations of multiple vendor technologies that are complex to deploy and manage. Current offerings are further challenged with no easy way to control what data is delivered to specific applications running in multi-cloud environments.

Cisco Edge Intelligence enables organizations to regain IoT edge data ownership and control by:

  • Out-of-box service on Cisco’s IIoT networking portfolio with simplified user experience and scaled centralized deployment
  • Developer-friendly tools to create intelligent data logic for IoT edge execution, after seamless data extraction from varieties of data sources
  • Ability to govern the flow of IoT data at granular levels before data leaves the operational environments
  • We offer pre-integration with leading IoT platforms and applications to easily share data from IoT edge to multi-cloud destinations with a click of a button.We are excited to demonstrate this ability with Microsoft’s Azure IoT Service, to accelerate IoT projects for our customers.

One of our joint early field customers, voestalpine, is benefiting from this integration as they digitize their operations to improve production plan and operational efficiencies.

“At voestalpine, we face challenges to consistently and securely extract data from these machines and deliver the right data to our analytics applications in multi-cloud destinations. To address these challenges, we are validating Cisco’s next generation edge data software, Cisco Edge Intelligence. It is tightly integrated with Cisco’s edge infrastructure. The unified management and security help our IT and OT teams to work seamlessly. The flexibility for data transformation using multiple options make our solution scalable and future proof,” Stefan Pöchtrager Strategic IT-Management, Ing. voestalpine AG.

New and enhanced Cisco Validated Designs

Cisco Validated Designs (CVDs) are just that – engineered, tested and proven designs that integrate Cisco and third-party products to deliver use cases for key industries. We unveiled new and enhanced CVDs for oil and gas, manufacturing, utilities.

  • New CVDs for oil & gas, discrete manufacturing, and utilities to help connect, secure and operationalize key use cases
  • Extended Enterprise CVD incorporates SD-WAN capabilities to deliver security and scale with 10,000 devices across the far reaches of the business

To bring it all together, Cisco IoT has released a steady stream of innovation and attained market leadership for industrial networking. The latest innovations are:

  • Comprehensive IIoT security architecture and Cyber Vision provides the industrial asset visibility and communication baselines
  • Edge Intelligence to extract, transform and govern the flow of business data.

I am excited about the continuing innovations to accelerate IIoT success for our 70,000 global IoT customers.

Cisco Cyber Vision is available today! More information can be found at http://www.cisco.com/go/cybervision.

 



Authors

Vikas Butaney

Senior Vice President and General Manager, Cisco SD-WAN, Multicloud, and Industrial IoT