Cyber attacks to industrial organizations and critical infrastructures are now making headlines regularly. As Talos pointed out in a recent research blog, we’ve entered a new world of critical infrastructure security where threat actors are structured businesses.
Nevertheless, few industrial organizations have implemented comprehensive security programs to protect their operational technologies (OT) and even fewer have deployed at scale. At the same time, the pandemic is highlighting how digital transformation can help industries be more agile and transform their infrastructure to operate in the new normal. But for this to happen, industrial networks must have a strong security foundation.
For all these reasons, we’re seeing heightened demand from industrial organizations all over the world for a new generation of OT security solutions. They all include a mix of similar requirements:
- Easy to deploy throughout the industrial network, without added costs or complexity to the existing infrastructure
- Provide comprehensive visibility into OT devices so security policies can be built for the industrial network
- Help teams focus on immediate threats so they can prioritize actions and quickly improve the organization’s security posture even if they are not experts in OT or cybersecurity
- Scale to massive deployments so that the entire organization can be protected properly
- Integrate seamlessly with existing IT security tools so that a converged IT/OT security strategy can be implemented.
With the release of Cyber Vision 4.0, Cisco is offering a unique OT security solution that addresses these requirements, that will be made available in July 2021.
Easy deployment in any industrial network
Cyber Vision has always leveraged a unique edge architecture where the OT security solution is embedded in network equipment. This eliminates the need for sourcing, deploying, and managing dedicated security appliances or investing in costly out-of-band collection networks, enabling any industrial organization to easily deploy OT security.
This architecture also provides unmatched visibility as passive discovery is achieved at every layer of the network and active discovery requests are not blocked by NAT or firewall boundaries. Cyber Vision 4.0 leverages this massive quantity of data to offer a simplified yet more detailed view of industrial devices, such as rack slot configurations or precise representation of devices with multiple IP or MAC addresses. IT and OT teams now have an even more precise view of what they are defending and can better work together to build more accurate security policies.
Guidance into urgent security decisions
Cyber Vision 4.0 goes beyond identifying devices. It automatically gives them a risk score to highlight important insights and help prioritize actions. Cyber Vision calculates risks for each device, as well as for data presets so that you can assess the security posture of a specific industrial site, production line or vendor to drive the organization’s security compliance.
More than just highlighting risks, Cyber Vision provides guidance on what can be done to proactively lessen them. OT personnel with limited cybersecurity skills, or security experts with no OT expertise can now build effective improvement plans.
Extending IT security to OT… at scale
Cyber Vision’s unique edge architecture enables easy and affordable deployment of OT security features at scale. But the massive amount of data generated must be managed in an efficient manner so that it enriches IT security tools without flooding security analysts or introducing performance issues.
As industries accelerate their digitization programs and keep introducing new IoT devices, scalability becomes an issue for OT security solutions. Cyber Vision 4.0 comes with updated foundations to ingest and retain even more data to support the largest deployments. The Cyber Vision Center and Global Center can now also be installed on Amazon Web Services (AWS) to simplify deployment and scalability of the platform. Setting-up the Cyber Vision Global Center on AWS is a great way to obtain an aggregated view of your industrial sites at a group level.
Cyber Vision 4.0 is building on existing pre-integration with the Cisco Secure portfolio to enable a converged IT/OT security strategy and extend Zero Trust Security to industrial operations. A new app for the Splunk OT add-on allows security analysts to monitor OT security events and build compliance reports in Splunk. Within Cyber Vision, they can now promote events into Cisco SecureX for further investigation leveraging enrichment from other security tools. Cyber Vision 4.0 enables a fully integrated investigation workflow, starting with any SIEM platform, and leveraging your existing IT security tools.
How mature is your organization’s OT Security practice?
Then see what you can do with new advances in cyber security!
To get the latest industry news on IoT Security delivered straight to your inbox, subscribe to the Cisco IoT Security Newsletter.