Event Recording

Navigating the OT World – Selecting a Solution to Suit

Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
So I'll just quickly go through this two main sections that I'd like to just go, go over. You can download these slides and look at them. I'm looking at the trends and the guidelines around a solution. Those are gonna be the important thing. So there's four trends. We're gonna be looking at the growth rate, cybersecurity re protection, this end of isolation and government regulation. In terms of the growth. This, there is, these are the sectors that I'm looking at in terms of OT, OT, sub sectors. And there's no one piece of research that I can point to, to tell you, this is the growth levels. This is a, my synopsis of a number of research documents and where we're going. Most, most researchers think that the OT OT environment for manufacturing is where the big growth's going to happen. In fact, there's just been released to McKinsey report on value based on value, and they show quite clearly that your in the, in the industry 4.0 environment, that the value of deploying those devices is just going through the roof.
So we're gonna see a lot happening in the next year, a couple of years in terms of manufacturing, that's getting quicker and better. So right now you don't have a speed control on your conveyor belt. In a few few months, you will, this is sort of change that's happening. Healthcare hospitals do not want you in hospital. When you are in hospital, they want you to hook, hook you up to machines. That means they don't need as many nurses and doctors. And, but really what they want is to send you home with a remote device. Okay. So big changes happening in healthcare, building management. If you managing a building, make sure you've got sensor all over it. You can see, see the rest. There there's four things that we've. And if you wanna read more about this, there's a document coming out that I've been working with John Tolbert on, in regard to, to this as a market compass coming out shortly, there's four things to do, protect, monitor, detect, and respond.
Make sure that you cover those four points. Obviously you can't do them. If you don't know what you've got. So we really interesting in the number of, of solutions, we looked at that do detection. They'll go out onto the network and detect what you've got to build your asset inventory for you in terms of this end of isolation. Okay. We're coming to the end of the time where we can say, well, it's the OT stuff over there. And it's looked after by an external vendor and we don't worry about it no longer. Okay. We need to make sure that we are integrating that into our, our environment, a common access control. We need a mechanism to make sure we've got access control to all the devices in our OT environment, edge computing, a term. That means a lot of things to a lot of different people, but basically there's two things you want out of an edge computing device.
You want to make sure that you control the communication between the production, the real time things that are happening on your network, because those have gotta happen. You can't interrupt them in order to get a bit of data out of them, but you need that bit of data out of them. So the edge device gives you the capability of pulling that out with inter out, interrupting the network. It also gives you some isolation in terms of access. You've got sort of a gateway that makes sure that the per, that nefarious people cannot access the, the devices themselves and unified governance. Let's let's stop having, well, one set of governance rules over here, and another set of governance rules over here. Let's, let's, let's bring the, the company, the organization together in terms of re controls. The, we are seeing that happen more and more, okay.
Even in Australia where I live, there's now critical infrastructure legislation. Germany leads the way the, the security act 2.0 that came online last year gives the BSI significant capabilities. So if you're a nominated actor in terms of critical infrastructure, you must report every two years to the BSI. What you're doing in monitoring. You've gotta retain your logs for 18 months. Now three months is no longer good enough. The BSI can come in and take over in the case of a, of, of a compromise and can disconnect you from the public internet. So there's lots of things to worry about there. You might say that's kind of draconian, but quite frankly, it's going to make companies do things properly. So provides actually a good model. If you've got an OT environment, even if you're not caught by the, by the legislation. Okay. These four things that I mentioned that we need to do, we've obviously gotta know what we've got.
We've gotta be able to look at the network and know what the devices have. Know what's plugged into the black back pain, know what we, we, we need to be managing. Okay. There's very good. Again, I was very impressed with what the software can do now, in terms of threat analysis, most of solutions now have a library of signatures for threats and will flash up with you. What the risk situation of a particular a system might be, then there's the real time monitoring. Okay. So as I said before, what we need to do is tie in our monitoring to the corporate solutions. We've already got us a security operations center sitting there. We've already got our event management happening. Let's pull our OT to the degree we can. Okay. Agree. There's some regulatory controls in some circumstances, but let's not leave it, you know, in the shadows, let's tie this into our corporate infrastructure and make sure that we log everything that we are doing for forensic issue analysis.
Okay. The detection capabilities on, on, I heard, I heard it was actually one of the sick events here. One of the sessions was saying how difficult it was to, to detect problems in an OT environment. It's not, it's incredibly simple on an OT environment. The same thing happens at the same time every day. All you gotta watch for is an anomaly. Okay? So you need the detection capabilities to say, ah, that must be some sort of interactive activity. We don't want interactive activity on our OT network. And you can, you can jump on it. AI tools here at the four here, there's a lot happening in that space. Being able to, to help us detect events, cuz obviously we don't want lots of false positives, false negatives event log. We've gotta do our event log analysis too. And, and make sure that we, we, we, we are looking at what needs to, to happen there.
Biggest issue is a response. In too many cases, we, we have not put together a, a proper disaster response plan. Okay. Is very crucial for an OT environment that you do that you might say, well, I don't know what could happen. Well, there are staff that do, just make sure you get them in the same room, ask them what can go wrong and then put a risk analysis together for that. And, and, and, and just basic impact and probability is all we need to look at and then decide what, what happens if this, this happens. If we don't do that, that means if we do get a compromise, then we've gotta jump in and figure out what it is we're gonna do. Then we've gotta go to management to get approval, to do what it is we want to do. You know, you gotta think about that before Mitra attack is a very good framework that you can use components of the Mitra attack are very C pertinent to an OT network.
So take a look at what that can do and use that as your, as the basis of where you, where, what of, how you're going to, to go forward in terms of what, how are we going to react, how we're gonna respond to things. It's a good idea to use the Purdue model, to decide where you're gonna start to do your monitoring. So typically it starts at level one, the device level, and you can't do much with them. These are just devices that are doing things like sensors and actuators, the, the logics of controllers and the human machine interface, the controller, the control level. You can start to manage the communication on what's happening from that point of view, and then any anomalies in terms of the network communication, you can start to, to jump on. This is the big area though. The oops, the process.
Let's just go back for a minute process area where we're actually, this is where the, the process control activity is gonna, is going to be sequenced. Level three is the plant. So all our sites in our plant come together there. And this is where the engineering systems that Phillip were talking about in terms of engaging the, the various updates that we might need to do in patching. That's all going to be determined at level three. So use the Purdue model to decide what you're gonna do when the project phases, you you'll need to take an approach here. That's going to scope everything, design develop, and then execute most important bit is the review at the end, always when you've done an OT project, do a review of it and see what you can learn from it. Last slide, in terms of the elements of an OT environment, we need to look at edge computing is, is, is right at the top.
There don't have anything that you can't get information from, or, or can't like the whole reason for doing this is for the business. So make sure the business gets the information they need and look at what sort of edge computing device you'd need. 5g is changing the whole, the whole way stuff happens in the OT environment. So IOT devices, a lot of them now have an embedded comms capability that allows you to plug into a 5g network, look at what can happen there, cuz there's some significant stuff you can do in the 5g core. So if you're running a private 5g network, you'll need an expert that understands what you can happen. What, what what's happening there, deception technology may be appropriate, may be not appropriate, but I've been convinced that there's a good business case for deception technology that will allow you to identify nefarious activities very easily.
And last, last one, the resource complaint, we don't have time to talk about this, but it's become increasingly obvious that we don't have enough people that understand this staff to do what we need to do. So within your organization, you might need to use a community of practice approach. So Google community of practice, and as a management approach there, that looks at how we can take people from various functions in our organization and put them into a purpose focused entity. That's going to get something done. So that might be views to get over over that. Now I think we are out of time, but so anyone, I mean, actually it's just lunch next and there's always a line. So there's, we might as well sit here and, and ask the questions that we, and are there any quick questions I can, I can quickly look at or com or comments even.

Stay Connected

KuppingerCole on social media

Related Videos

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

Webinar Recording

A Winning Strategy for Consumer Identity & Access Management

Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00