Generic filters
Exact matches only
Home / Industrial Cybersecurity – Monitoring & Anomaly Detection
Cisco
InsightsDownload WhitepaperDownload eBook

Industrial Cybersecurity – Monitoring & Anomaly Detection

With operational environments increasingly digitalizing and connecting to the IT environment, industrial organizations are recognizing the need to protect operational technology (OT) and industrial IoT against cyberattacks. Deploying firewalls to build a demilitarized zone (DMZ) between industrial networks and the IT domain is the mandatory first step.

But as organizations connect more devices, enable more remote access, and build new applications, the airgap erodes and falls short of being sufficient. Security solutions designed for industrial networks typically monitor network traffic to gain visibility on assets, behaviors, malicious activities, and threats. The process of evaluating and testing these solutions initially tends to go well – after a successful proof of concept, industrial organizations begin to deploy at scale.

That’s where they begin to run into issues. Often, it’s cost-prohibitive for organizations to buy the number of security appliances they need to cover their entire operational environment. Or, the networking team doesn’t have the resources to deploy, maintain, and manage a fleet of security appliances.

The additional traffic created by these appliances would likely necessitate a separate network – which would also require the resources to deploy, maintain, and manage it. Fortunately, there is a better approach to securing the OT environment. This paper introduces three architectural approaches available today, as well as an alternative that provides the visibility and security OT and IT teams need at scale, without requiring additional resources.

Challenges in securing an IIoT network

A lack of visibility:

As industrial networks can be quite old, widely dispersed, and involve many contractors, operators often don’t have an accurate inventory of what’s on the network. Without this, they have limited ability to build a secure communications architecture.

A lack of control:

A lack of visibility also means operators are often unaware of which devices are communicating to each other or even of communications reaching industrial devices from the outside. You cannot control what you don’t know.

To learn more, download the Whitepaper