Every year new technologies are being introduced into the IT business environment to improve it for the better. On the other hand, threats as well have been improving the ways to disrupt businesses and finding ways to exploit security vulnerabilities to steal or ransom your data. Attackers in recent years have focused their efforts on previously less guarded entry points such as remote endpoints. However, Operational Technology (OT) is an entry point which most businesses tend to forget, are unsure of how they can secure it, or even think IT security covers it. OT security is something businesses need to be aware of as the threats coming from it grow every year.
OT targeted threats started coming into big news in 2010 when an Iranian nuclear power plant experienced major loses due to an attack. It was then considered a common way state-sponsored threat actors would deal blows to enemies of their state. It would then be looked in a different light in 2017 when WannaCry caused havoc to many businesses. This showed threat actors that companies were willing to pay large sums of money for data that they could easily encrypt by exploiting security vulnerabilities within their systems.
As of 2020 and 2021, customized and targeted attacks have now become the norm and something to be wary of. All these attacks, be it to the remote endpoints or OT, stem from the exploitation of excessive trust. This is why in recent years, the push for Zero Trust security has been everywhere.
Zero Trust approach for OT can improve defenses, streamline security oversight, minimize time taken during maintenance. This is done through policies which help neutralize the activities that attackers and malware can do if they are able to get into the business network.
Below are the steps that Trend Micro txOne takes to ensure that Zero Trust is implemented into a business’ OT:
Scan inbound devices
Modern OT cyberattacks usually start with an infected endpoint or USB brought into the worksite by an employee. Once connected to the network, the attackers are able to access the OT device which has little to no security. By setting up a checkpoint for rapid, installation-free device scans you can mitigate these threats. This also be the process of newly arrived assets being prepared for onboarding to mitigate threats from compromised devices prior to shipping.
Activate endpoint defenses
Traditional antivirus software can bog down assets, leading to crashes or delays. By using operations-friendly, “OT-native” lockdown software can help secure legacy endpoints through a trust list that only allows applications critical to operations. Modernized endpoints on the other hand, can save on resources by cross referencing a library of trusted Industrial Control System (ICS) applications and licenses. This to allow the OT security to communicate with the next generation firewalls to know what files and applications it can skip and give priority to.
Zero out network trust
Having IT security doesn’t mean that you have OT security. The OT network and devices have their own protocol and processes that are separate from your business IT. However, OT still needs a connection to your business IT for necessary data collection and updates. Attackers aim for this window to get your attack the network. To increase the difficulty for attackers, Zero Trust OT security limits the access of entry points within the OT network with specific traffic rules. The traffic rules are based on the functions and communication needs in order for them to do their work. It also has the added benefit of separating them into segments that make it easier for IT teams to monitor and secure.
To learn more about OT security solutions like txOne, you can send us your inquiries at firstname.lastname@example.org!