Constrained devices without a browser and keyboard typically have a major disadvantage in the user experience of logging in. As more and more smaller and less capable devices move online, we shouldn’t be relying on outdated and insecure methods of connecting these devices to our accounts. Using OAuth can overcome these limitations, providing IoT and other similar devices with the ability to leverage MFA and SSO without adding complexity to the devices themselves. This session will provide an overview of all the different ways these types of devices can securely connect to accounts.
Securing critical infrastructures and OT environments against attackers, requires more than anywhere else to think like them, especially because OT still provides a garden full of low hanging fruits. Where, in traditional IT environments, patching, even if not always easy, is doable and it has become a main priority in IT security trainings to point out the importance of keeping up with patch levels. Unfortunately, patching in OT environments is much harder for many reasons, i.e. due to incompatible hardware or missing approval from asset owners.
In this session we will talk about OT Patch Management Best Practices like inventory management, definition of criticality levels and the prioritization of patch deployment.
As more organizations adopt OT and IoT devices more companies are providing solutions to manage new IoT devices and get control of legacy OT infrastructure. Unprecedented device discovery tools are now available, monitoring tools can now passively or actively monitor devices and intrusion detection capabilities are unprecedented. But it could mean a change to the core management structure in the company.