Securing Industrial IoT: the missing piece to the puzzle

First published by Cisco.com - June 23, 2021

This blog was first written by Fabien Maisl, Cisco Senior Marketing Manager, IoT Security.

When industrial organizations connect their operational environment to the network as part of their IoT initiatives, their technology landscape grows. However, much like a puzzle, organizations often find there’s a missing piece that’s preventing anyone from seeing the full picture of this new landscape. Without that missing piece, the entire landscape is at risk.

Security Operations Centers (SOCs) and IT security teams use technology platforms to gain visibility into the IT environment, monitor traffic, and respond to malicious behaviors. Unfortunately, those platforms don’t provide the same capabilities for the operational technology (OT) environment. The solutions don’t understand OT protocols, and therefore can’t provide the critical visibility needed to understand what devices are on the network, the messages being sent, and whether or not those communications are malicious.

Security teams are thus missing information that is critical for building OT security policies. For example, because of the interdependency of the OT environment, quarantining an infected device can cause an entire production process to come to a halt. Security teams need visibility of industrial assets and industrial processes, and this information must feed into IT security tools so that security experts and platforms can understand the OT environment, identify suspicious activity, and take the proper measures to investigate and remediate qualified threats—without breaking the production process.

All of this is possible with Cisco Cyber Vision. Designed to help industrial organizations gain visibility of their industrial assets and processes to detect threats and anomalies and extend IT security to the OT domain, the 3.1 release further extends integration with the rest of the Cisco portfolio and offers an entirely updated anomaly detection engine to spot abnormal process behaviors that could be the early signs of attacks to industrial control systems. Cyber Vision 3.1 was released at the end of May and includes:

  • New Cyber Vision edge integrations — The Cyber Vision Sensor software can now run within select Cisco network equipment (Cisco IR1101 Integrated Services Router Rugged, Cisco Catalyst IE3400 Rugged Series, and Cisco Catalyst 9300, 9400, and 9500 Series Switches), eliminating the need for dedicated appliances and SPAN collection networks to monitor industrial networks. Network managers will appreciate the unique simplicity and the lower costs of this edge architecture when looking to deploy OT security at scale.
  • New Cyber Vision security integrations — The Cyber Vision Center now integrates with Cisco Threat Response, in addition to existing integrations with Cisco ISE, Stealthwatch, FMC, and DNA-C. The new integration with CTR makes it very simple to investigate assets or any observable identified in Cyber Vision by leveraging intelligence gathered by other Cisco Security products.
  • Updated anomaly detection engine — Cisco Cyber Vision now includes Talos subscription rule sets to detect intrusions and malicious traffic based on the latest signatures developed by Cisco Talos Intelligence Group. It also offers an updated anomaly detection engine that lets users baseline normal behaviors of the industrial networks to trigger alert on deviations. Numerous baselines can be created to monitor specific parts of the network or specific types of behaviors making it a very powerful solution to detect process anomalies and track remote accesses or custom attacks.

Cisco Cyber Vision is the missing piece to the puzzle that brings the OT environment into focus. It leverages the existing industrial network to collect security information and apply threat detection techniques that are relevant to industrial operations. Comprehensive integrations with legacy security tools makes all this data available for IT teams to build converged security operations.

Cisco Cyber Vision not only delivers the visibility security teams need to protect and secure the OT landscape, it does so in a way that reduces the cost and complexity traditionally associated with monitoring a connected environment. Learn more about Cisco Cyber Vision.