In a blogpost titled The Strategy, Value and Risk of IT/OT Convergence, Kristian Steenstrup, distinguished VP analyst with Gartner, cited a special report, IT and Operational Technology Alignment, which focused on the strategy of integrating IT business systems with the operational technologies that are used to manage and automate equipment in a heavy industrial environment.
Steenstrup wrote that with IT and OT alignment, CIOs have a great opportunity to better enable decisions that optimize business processes and performance.
What he didn’t mention, however, is that as part of the alignment, the CIO will need to also figure out the security implications of such an alignment or as some call it today – a convergence.
Ten years on, as enterprises continue to push the envelope of digital transformation, they also embracing the Internet of Things or IoT. Many IoT devices are built from standalone technologies that tend to fragment processes and information across the enterprise value chain.
Today CIOs are revisiting the IT-OT convergence IoT continues to get immersed into the enterprise fabric, and in the process reveal its potential to impact the security of the enterprise.
Geoff Mattson was the ceo of MistNet prior to its acquisition by LogRhythm. In his new role as senior vice president of product at LogRhythm, he acknowledges that OT has, mostly, been left out of the security consideration.
“As more OT is being brought into more IT environments, it is being linked to more IT infrastructure –becoming a more desirable part of the attack surface."
He goes on to explain that there are specific attacks that are designed to jump from IT into OT environments, or to go from OT into IT environments.
“That is why it is important to have network detection and response as part of your security arsenal. Because OT devices generally do not have the type of server-based monitoring agents that can be installed in them to protect you from threats,” he continued.
“The only way to secure OT is to look at what they're doing on the network, look for things that are unusual, and look for things that are threatening.”
“The good news is that in OT environments, they tend to have very regular patterns. Using a solution like MistNet, where we are able to identify things that are unusual, is very effective. In OT environments if something is unusual and if it is not a cyber threat, then it is often a maintenance problem. It is something you are going to want to know about in any case,” he concluded.
Options for the CIO
What may well be the highlight of the PodChat is how the CIO should look at the OT-IT infrastructure.
Mattson says the work from home shift following the COVID-19 pandemic coupled with the greater use of digitised technologies and cloud, and the increased attack surface brought about with IoT, should give CIOs pause, evaluate their current solutions and consider what they need to do to supplement their arsenal.
“What they need to do is simplify their operations, make it easier for their teams to deal with threats. One way to do that is to use technologies that can provide broad coverage, using the same methodology, using a single screen over IT, OT and cloud,” he suggested.
Getting the most bang for your buck, or what security people call, getting the best vantage point from monitoring is important. He opined that this may well be why network-based detection response is having a renaissance, accelerating its growth in the industry.
“It provides a fast way for you to see a lot of what's going on in your enterprise, across a broad swath of your environment with a unified view, and with the ability to detect threats as they move across an environment as they try to migrate from one part of your environment to another.
“We think that looking at network monitoring is a good idea. Network monitoring that uses AI to simplify the job and simplify the responsibilities of your internal response team, because I have not met a security team and operational teams recently who said, you know, they just do not have enough work to do and they are bored and could have some more alerts to deal with."
“You need something that is sophisticated enough to be able to recognise threats for them, gather information for them, help them do their job, empower them to do their job, across a broad swath of your enterprise,” Mattson recommended.
Click on the PodChat player to listen to the full dialogue on IT-OT convergence.
- In 30-seconds what is LogRhythm?
- LogRhythm acquired MistNet, to advance what it calls its entry into the extended detection and response marketplace (or XDR). What is XDR, why do we need it, and is it meant to replace any existing threat detection system?
- How does the XDR solution or platform actually work?
- LogRhythm currently markets a solution it calls LogRhythm NextGen SIEM platform. Where will MistNet or CyberMist, the platform's name for the original product of MistNet, sit in this portfolio?
- Is the AI used in CyberMist already trained in almost all scenarios? Is there a training period to pick up the technology?
- How is CyberMist deployed? Does this installation introduce any latency in the way the network operates?
- Where do you see missing CyberMist being applied in a commercial or production environment?
- Cloud operators – Amazon AWS, Azure, Alibaba, IBM – have proprietary ways of operating. How do you bring CyberMist in there? Does it create any confusion, the amount of data you're collecting?
- One of the challenges we often hear is the integration of IT and OT. What are your thoughts on the prospects of providing a secure, integrated IT or OT environment?
- What's your recommendation for the CIO, as he tries to envision this integrated, secure OT-IT infrastructure? And how does he or she evaluate the value proposition of CyberMist in this environment?