This blog was first written by Fabien Maisl, Cisco Senior Marketing Manager, IoT Security.
When industrial organizations connect their operational environment to the network as part of their IoT initiatives, their technology landscape grows. However, much like a puzzle, organizations often find there’s a missing piece that’s preventing anyone from seeing the full picture of this new landscape. Without that missing piece, the entire landscape is at risk.
Security Operations Centers (SOCs) and IT security teams use technology platforms to gain visibility into the IT environment, monitor traffic, and respond to malicious behaviors. Unfortunately, those platforms don’t provide the same capabilities for the operational technology (OT) environment. The solutions don’t understand OT protocols, and therefore can’t provide the critical visibility needed to understand what devices are on the network, the messages being sent, and whether or not those communications are malicious.
Security teams are thus missing information that is critical for building OT security policies. For example, because of the interdependency of the OT environment, quarantining an infected device can cause an entire production process to come to a halt. Security teams need visibility of industrial assets and industrial processes, and this information must feed into IT security tools so that security experts and platforms can understand the OT environment, identify suspicious activity, and take the proper measures to investigate and remediate qualified threats—without breaking the production process.
All of this is possible with Cisco Cyber Vision. Designed to help industrial organizations gain visibility of their industrial assets and processes to detect threats and anomalies and extend IT security to the OT domain, the 3.1 release further extends integration with the rest of the Cisco portfolio and offers an entirely updated anomaly detection engine to spot abnormal process behaviors that could be the early signs of attacks to industrial control systems. Cyber Vision 3.1 was released at the end of May and includes:
Cisco Cyber Vision is the missing piece to the puzzle that brings the OT environment into focus. It leverages the existing industrial network to collect security information and apply threat detection techniques that are relevant to industrial operations. Comprehensive integrations with legacy security tools makes all this data available for IT teams to build converged security operations.
Cisco Cyber Vision not only delivers the visibility security teams need to protect and secure the OT landscape, it does so in a way that reduces the cost and complexity traditionally associated with monitoring a connected environment. Learn more about Cisco Cyber Vision.