Tales from the Trenches: When Low-Risk is Actually High-Concern

Since 2004, RedSeal has been instrumental in empowering our clients to comprehensively visualize and fortify their intricate networks. While our customers initially grasped the importance of understanding their network architecture, connections, and identifying potential risks, there’s often an enlightening “aha” moment when the true significance becomes unmistakable. These narratives, cherished within the confines of RedSeal, vividly exemplify the practical value of our platform beyond mere theory. In the words of our dedicated field team, who collaborates directly with our clients, this blog series aims to unveil the instances where the theoretical transforms into tangible reality. 

Today’s post is brought to you by Chris Morgan, Client Engagement Director 

 

In the realm of cybersecurity, where threats and vulnerabilities lurk aplenty, RedSeal stands as a beacon of innovation. Pioneers in network security analytics, RedSeal delivers actionable insights, enabling customers to close defensive gaps across their entire network. 

While reviewing a large medical provider’s network, we discovered several high- and medium-severity vulnerabilities within the network. However, it was the low-risk vulnerability we found to be of highest concern.  

Delving deeper into our investigation, we unearthed a situation of seismic proportions. Amidst the chaos of the COVID-19 era, the client’s IT team had inadvertently granted unrestricted access to a seemingly mundane printer. However, unbeknownst to them, and visible now only because of RedSeal, this printer served as direct access to more than 14,000 hosts within the client’s expansive network, opening access that could enable bad actors to directly invade much of the network. RedSeal’s comprehensive approach, merging risk and access, empowers genuine prioritization for clients. 

With a fresh eye toward restricting access, we worked with the medical provider to remediate the exposure immediately, tightening access controls for printers and implementing access logs, securing them for the future.  

At RedSeal, we’re committed to helping you fortify your digital infrastructure, for good. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure. 

Reach out to RedSeal or schedule a demo today.

 

Tales from the Trenches: My network hasn’t changed!

Since 2004, RedSeal has been instrumental in empowering our clients to comprehensively visualize and fortify their intricate networks. While our customers initially grasped the importance of understanding their network architecture, connections, and identifying potential risks, there’s often an enlightening “aha” moment when the true significance becomes unmistakable. These narratives, cherished within the confines of RedSeal, vividly exemplify the practical value of our platform beyond mere theory. In the words of our dedicated field team, who collaborates directly with our clients, this blog series aims to unveil the instances where the theoretical transforms into tangible reality.

Today’s post is brought to you by John Bays, Senior Security Solutions Consultant, Federal

MY NETWORK HASN’T CHANGED

Imagine navigating the landscape of a government entity, where a dedicated administrator went about their daily routine, firmly believing that a single login to the server was all it took to keep things ticking. Little did they know, a significant issue had quietly brewed beneath the surface – the network had remained unchanged for a considerable six-month stretch.

Approaching the situation with curiosity, I gently posed some questions.

  • How might they have overlooked the network’s lack of growth?
  • What led them to believe that everything was running smoothly without addressing potential issues?

This unfolding scenario morphed into a journey of understanding, aiming to uncover misconceptions and illuminate the broader responsibilities at hand.

Misunderstanding a role’s responsibility happens. At RedSeal, we know this and help ensure misunderstandings are laid to rest. Taking a supportive approach, I guided them through various aspects of the platform, emphasizing the value of active involvement. As the pieces fell into place, a realization dawned on this client – our exploration revealed numerous devices being added and removed from the network. This revelation painted a richer picture, demonstrating that their role was more intricate than they had initially perceived.

This experience turned out to be a valuable lesson for all involved, highlighting the importance of staying engaged and adapting to the ever-changing dynamics of the network environment. It wasn’t about fault-finding; rather, it underscored the need for continuous learning and awareness in the evolving tech landscape. After all, even the most dedicated administrators can benefit from a broader perspective on their responsibilities.

At RedSeal, we’re committed to helping you fortify your digital infrastructure, for good. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure.

Reach out to RedSeal or schedule a demo today.

Keeping an Eye on IPv6 in Your Hybrid Network

IPv6 has its advantages

With the proliferation of connected devices, organizations everywhere are making the transition to Internet Protocol version 6 (IPv6). Beyond having astronomically more usable addresses than its IPv4 predecessor (2128 vs. 232), IPv6 has several other advantages, including:

  • Easier administration: IPv6 simplifies address configuration through Stateless Address Autoconfiguration (SLAAC) and DHCPv6 (Dynamic Host Configuration Protocol for IPv6). This reduces the likelihood of misconfigurations and makes it easier for organizations to manage their networks securely.
  • Improved routing efficiency: IPv6 eliminates the need for Network Address Translation (NAT), a practice used in IPv4 to conserve address space. NAT can introduce complexities and potential security vulnerabilities. With IPv6, devices can have globally routable addresses without the need for NAT.
  • Enhanced security: IPv6 incorporates security features that were not present in IPv4. For example, IPsec (Internet Protocol Security) is mandatory in IPv6, providing a framework for securing communication at the IP layer. IPsec can be used to encrypt and authenticate data, ensuring the confidentiality and integrity of network communications.

Overall, IPv6 tackles the many limitations and challenges of IPv4 while providing a scalable, efficient, and secure foundation for the future growth of the internet and the proliferation of internet-connected devices.

But the transition can be tricky

While the goal is to eliminate the use of IPv4 entirely, many corporations and governments are expected to maintain dual-stack networks—using both IPv4 and IPv6—for the foreseeable future. The U.S. Office of Management and Budget (OMB) has mandated that 80% of IP-enabled assets on federal networks must be operating in IPv6-only environments by the end of its 2025 fiscal year. Meanwhile, IPv6 has been growing unchecked in corporate networks for years, right alongside IPv4.

For too long, organizations have been able to put off the IPv6 transition as a challenge for tomorrow, but the pressure is now on. Cloud adoption is driving up IPv6 use, and unexpected IPv6 pathways are rife with risk. In the worst cases, firewall bypasses can spring up due to unintentional differences between old IPv4 and new IPv6 fabric. Ultimately, IPv6 adoption means bigger networks and more connections—and risks—to manage. Who’s keeping an eye on IPv6 in your network?

IPv6 intelligence for your evolving network

Wherever your organization may be on its journey to an IPv6-only network, you need the ability to answer fundamental questions about IPv6 in your network, and RedSeal can help:

  • What percentage of my total network assets are in IPv6-only environments?
  • Is this subnet truly IPv6-only?
  • What does this IPv6-only subnet look like?
  • Which specific devices need to be upgraded to IPv6?
  • How are IPv6 subnets connected to other parts of my network?
  • Has the introduction of IPv6 created security gaps in my network?

RedSeal delivers the visibility and network context you need to understand where and how IPv6 is being used in your network and what impact it has on your security and compliance initiatives.

Contact us for more details

For more information about how RedSeal can help you minimize risk and maximize resilience in your IPv6 and dual-stack networks, download our IPv6 datasheet and then schedule a demo with one of our cyber-savvy product experts today.

 

Additional IPv6 resources:

Strengthening the Fortress: Best Practices for Incident Response

As the digital age continues to see rapid change, cyber threat looms over businesses, organizations, and individuals even more than before. And, as technology advances, so do the capabilities of cybercriminals. With today’s digital environment, more than ever before, crafting a robust cybersecurity incident response plan isn’t a recommendation—it’s a critical necessity.

What does this mean? It’s a matter of when—not if—a network is compromised. Companies can no longer assume that security frameworks offer invincibility from evolving cyberattack trends. Instead, businesses need a strong incident response program designed to help them quickly react—and in the worst-case scenario come out stronger on the other side.

Designing a sophisticated incident response framework

A cybersecurity incident response plan establishes a structured framework for teams to adhere to when facing a cyber incident or attack. As defined by Gartner, a cyber incident response plan is “formulated by an enterprise to respond to potentially catastrophic, computer-related incidents, such as viruses or hacker attacks.” Gartner research extends to projections for 2026, suggesting that organizations invest at least 20% of security funds in resilience and flexible programs to halve their recovery time.

In crafting a cybersecurity incident response plan tailored to the specific needs of your organization, key considerations and common components include:

1. Defining objectives and scope. Objectives could include, but aren’t limited to:

  • Impact minimization
  • Business continuity
  • Protecting sensitive information
  • Regulatory compliance
  • Identifying and understanding threats
  • Outline for timely recovery
  • Response efforts
  • Future improvements for cybersecurity posture
  • Post-incident analysis

2. Establishing an Incident Response Team (IRT). Assemble a dedicated team responsible for executing the response plan. The team should be comprised of members of the organization from IT, security, legal, communications, and any other relevant business teams. Roles and responsibilities should be clearly identified to ensure a coordinated and timely response.

3. Developing an incident classification system with procedures. A system for classifying incidents based on severity and impact can help guide the response process and help the IRT prioritize actions. We recommend creating a detailed response playbook with step-by-step guidance for various incidences can help a team contain and recover from the incident effectively and efficiently. Playbook should include communication procedures to ensure employees and appropriate external stakeholders are notified.

4. Implementing incident detection and reporting. Employing an effective detection and reporting system is critical for early identification and response to a cybersecurity incident. Examples include, but are not limited to:

  • Endpoint protection
  • Firewall and network monitoring
  • Email security systems
  • Security and awareness training for employees

5. Conducting regular training and simulation. Training for the incident response team should be set up regularly through simulations and exercises. Each month, RedSeal hosts a Cyber Threat Hunting Workshop. Through our workshop, you will use the RedSeal platform and threat hunt within a pre-built virtual network model. You’ll assess the network’s overall cybersecurity posture while refining your skills in risk and vulnerability assessment, cyber hunting, and incident response. At the completion of the session, you will have learned how to:

  • Identify potential attack vectors that bad actors could use to exploit existing vulnerabilities
  • Optimize resources by leveraging risk-based vulnerability prioritization
  • Easily identify devices on the network that pose the most risk to your enterprise—those with network access and exploitable vulnerabilities
  • Quickly visualize where bad actors can pivot following system compromise and traverse a network
  • Coordinate with other teams to minimize the impact of an event while enhancing your organization’s digital resilience
  • Use network context to develop mitigation strategies and implement your run-book plays

Preventing unauthorized access into, out of, or within a network requires understanding how that network is built– a difficult, tedious, and time-consuming task.

6. Post-incident analysis. Outline and conduct a comprehensive post-incident analysis to understand the root causes of the breach and to identify areas in need of improvement. Lessons should be documented, and the incident response plan should be updated accordingly.

Designing a robust incident response plan is just the tip of the iceberg.

The most important aspect of incident response could be what comes next—evaluation and improvement. Cybersecurity resilience requires constant monitoring and evolution. Regular updates and adaptions to the plan are imperative to effectively address the ever-evolving landscape of cyber threats. The journey to securing your network for good is an ongoing process, demanding an unwavering commitment to visibility, refinement, and optimization. At RedSeal, we’re committed to helping you fortify your digital infrastructure, for good. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure.

 

Interested in learning more?

Download our in-depth look into incident response planning today!

Reach out to RedSeal or schedule a demo today.

Cyber Trends to Watch for in 2024: Navigating the Evolving Landscape

As technology continues to advance at a rapid pace, the cyber landscape is undergoing unprecedented transformations. As we step into 2024, it’s crucial to stay ahead of the curve and be aware of emerging cyber trends.

Keep an eye on these notable trends unfolding in the cybersecurity landscape:

1. AI-Powered Cyber Attacks

Artificial Intelligence (AI) is no longer just a tool for cybersecurity; it’s also becoming a weapon in the hands of cybercriminals. In 2024, we can expect a surge in AI-powered cyber attacks. Attackers are leveraging machine learning algorithms to automate and enhance their attack strategies, making it more challenging for traditional security measures to detect and prevent these threats. Automating attack path analysis and malware analysis with AI are a couple of ways to combat attackers using AI.

According to Springfield FBI, Cybercrime costs businesses more than $10 billion in the U.S. last year, a figure that could reach $10.5 trillion, globally by 2025, according to Cybersecurity Ventures. They also estimate ransomware alone will cost its victims around $265 billion annually by 2031—an astonishing 815 times more than the $325 million that organizations spent on ransomware in 2015.

The average cost of a data breach reached an all-time high of $4.45 million in 2023, according to IBM—a 15.3% increase over the cost in 2020. Knowing what assets you need to protect and important steps you can take to identify and mitigate them is crucial.

2. Quantum Computing Threats

While quantum computing promises revolutionary advancements, it also poses a significant threat to current encryption standards. In 2024, as quantum computing technologies mature, the risk of cryptographic vulnerabilities increases. The primary goal of a cryptographic system is to ensure the confidentiality, integrity, and authenticity of data. Cryptographic techniques are widely used in various applications, including secure communication over the internet, data storage, authentication, and digital signatures. Cryptographic systems play a crucial role in ensuring the security of digital communication and information in various domains, including online banking, e-commerce, secure messaging, and data protection.

The White House and the Homeland Security Department have made clear that in the wrong hands, a powerful quantum computer could disrupt everything from secure communications to the underpinnings of our financial system.

Organizations must start preparing for quantum-resistant encryption methods to safeguard their sensitive information.

3. Ransomware 2.0: Double Extortion

Persistent and evolving, ransomware attacks continue to pose a significant threat. In 2024, we anticipate the rise of “Ransomware 2.0,” which involves double extortion tactics. In addition to encrypting data, attackers are increasingly stealing sensitive information before locking it down. This dual-threat approach puts added pressure on victims to pay the ransom, as the exposure of sensitive data adds a new dimension to the consequences of non-compliance. Prioritizing vulnerabilities and automating compliance checks can improve the efficiency of your security team.

4. IoT Security Challenges

The Internet of Things (IoT) is expanding rapidly, connecting more devices than ever before. Research expert for the consumer electronics industry, Lionel Sujay Vailshery of Statista, estimates that more than 15 billion devices are on the Internet of Things, outnumbering non-IoT devices with 2 of 3 on IoT. However, this increased connectivity comes with heightened security risks. In 2024, we anticipate a surge in IoT-related cyber attacks as attackers exploit vulnerabilities in poorly secured devices. Strengthening IoT security protocols, such as through device authentication and authorization, securing communication channels, keeping firmware and software up to date, and security testing and vulnerability management, will be crucial to prevent widespread breaches. Knowing what is attached and who can get to it will help protect you in the future.

5. Supply Chain Attacks

Supply chain attacks are not new, but they are becoming increasingly more sophisticated, with cybercriminals targeting the networks of suppliers and service providers to compromise the security of the ultimate target.

In a supply chain attack, an attacker might target a cybersecurity vendor and add malware to their software, which is then sent out in a system update to that vendor’s clients. When the clients download the update, believing it to be from a trusted source, the malware grants attackers access to those clients’ systems and information. This is essentially how the SolarWinds attack unfolded in 2020, targeting 18,000 customers.

As organizations continue to rely on a complex web of third-party vendors, securing the entire supply chain becomes paramount in 2024.

6. Regulatory Developments

Governments and regulatory bodies are increasingly recognizing the importance of cybersecurity. We’ve already seen change in New York’s requirements for reporting breaches by company size and in 2024, we anticipate the introduction of more stringent regulations and compliance requirements. Organizations will need to stay abreast of these changes to ensure they meet the evolving standards and avoid legal and financial repercussions.

The cyber landscape is poised for continued evolution. By adopting proactive cybersecurity measures and embracing innovative solutions, we can collectively navigate the challenges and threats that lie ahead.

At RedSeal, we’re committed to fortifying your digital infrastructure. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure.

Reach out to RedSeal or schedule a demo today.

Guardians of Trust: Safeguarding Customer Data

As the year ends and holiday shopping hits an all-time high, the security of customer information is critical. With each item added to the cart, customers place their trust in stores, entrusting them with personal and financial details. Any breach of this trust can result in severe consequences for both the customers and the business. To ensure airtight security and to build lasting trust, retailers must implement robust measures to safeguard customer information.  

A few reminders as we head into holiday shopping:

Implement Secure Sockets Layer (SSL) Encryption

SSL encryption is the bedrock of secure online communication. Ensure that your website uses HTTPS, which encrypts the data transmitted between the user’s browser and your server. This prevents hackers from intercepting sensitive information during transmission. 

Regularly Update Software and Systems and Back Up Customer Data 

Outdated software is a vulnerable target for cyber threats. Regularly update your website’s content management system, plugins, and any other software to patch potential security vulnerabilities.  

In the event of a security breach or data loss, having up-to-date backups is crucial. Regularly back up customer data and ensure that the backup system itself is secure. 

Use Strong Authentication Measures 

Enforce strong password policies for both staff and customers. Require the use of complex passwords and consider implementing two-factor authentication (2FA) to add an extra layer of security. According to the National Cyber Security Centre, 23.2 million breach victim accounts used 123456 as their password – making it the most commonly used password worldwide.  

Payment Card Industry Data Security Standard (PCI DSS) Compliance 

If your online store processes credit card transactions, adhere to PCI DSS standards. This includes secure card storage, regular system scans, and compliance with the Payment Card Industry’s stringent security requirements. 

Employee Training on Security Best Practices

Human error is a common factor in security breaches. Researchers from Stanford University found that approximately 88 percent of all data breaches are caused by an employee mistake. Train your staff on security best practices, such as recognizing phishing attempts and the importance of data protection.  

According to a follow up survey from Stanford, the percentage of employees who admit to falling for phishing scams at work decreases with age, and younger employees are 5x more likely to click on phishing emails than older employees. The survey found however, older respondents were more susceptible to smishing attacks (SMS phishing), compared to the younger employees.

Have you ever received a text from your company CEO asking you to purchase gift cards? Don’t fall for it. Your executive leaders will never send such a request, especially via text.  

Creating a security-conscious culture among employees across each generation is crucial. 

Regular Security Audits and Penetration Testing 

Conduct regular security audits and penetration tests to identify and address potential vulnerabilities in your systems. This proactive approach helps you stay ahead of potential threats and ensure continuous improvement in your security measures. 

Monitor for Suspicious Activities 

Implement real-time monitoring tools to detect and respond to suspicious activities. Unusual patterns or multiple failed login attempts could be indicators of a security threat. 

Incident Response Plan 

Develop a comprehensive incident response plan outlining the steps to be taken in the event of a security breach. This includes communication strategies, notifying affected parties, and working towards a swift resolution. 

As custodians of customer information, responsibility extends beyond checking the box on compliance requirements. Businesses must commit to fostering an environment where customers feel confident their information is secure. By implementing these robust security measures, online stores can fortify their defenses and protect the sensitive information entrusted to them by customers.  

At RedSeal, we’re committed to fortifying your digital infrastructure. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure.

Reach out to RedSeal or schedule a demo today.

Strengthened Cybersecurity Regulations in New York: What It Means for Businesses

In an ever-evolving digital landscape, cybersecurity remains a paramount concern for both individuals and businesses alike. New York’s Department of Financial Services (DFS) has recently taken a significant step forward in addressing these concerns by issuing updated and strengthened cybersecurity regulations. These new regulations build upon the foundation laid out in 2017 and introduce several key changes to enhance cybersecurity measures and safeguard sensitive data. As leaders in network exposure analytics, we’re here to shed light on the implications of these regulations, what they mean for businesses of all sizes, and how to prioritize security by reducing vulnerability. 

Three tiers for different companies 

One of the notable changes in these updated regulations is the introduction of a tiered approach for companies. These tiers classify companies based on their size, with specific requirements tailored to size and cybersecurity capabilities. Companies with fewer than 20 employees and less than $5 million in gross annual revenue over the last three years will be subject to fewer cybersecurity requirements. This more nuanced approach acknowledges that smaller companies may have different cybersecurity capabilities and resources compared to larger enterprises. 

Enhanced governance and access control 

The new regulations place significant emphasis on governance and access control. Companies will now be required to implement enhanced governance measures to ensure the protection of sensitive data. Additionally, there are new controls in place to prevent unauthorized access to systems and mitigate the spread of cyberattacks. This is a crucial step in fortifying the first line of defense against potential breaches. 

Regular risk assessments and incident response 

Risk assessment is a fundamental component of any robust cybersecurity strategy. The updated regulations mandate more regular risk and vulnerability assessments, reflecting the ever-changing nature of cyber threats. Moreover, companies must strengthen their incident response, business continuity, and disaster recovery planning. This ensures that businesses are prepared to handle and recover from cyber incidents efficiently, minimizing the potential impact on operations and data integrity. 

Ransomware reporting 

Ransomware attacks have become a growing concern for organizations worldwide. Regulations issued in New York now require companies to report ransomware payments. This change is in line with the broader effort to increase transparency and help law enforcement agencies track and combat ransomware threats effectively. 

Investment in training and awareness 

One of the most critical aspects of cybersecurity is human behavior. To strengthen this front, the regulations direct companies to invest in at least annual training and cybersecurity awareness programs. These programs should anticipate social engineering attacks, which often target employees as the weakest link in a company’s cybersecurity defenses. 

Looking ahead 

New York’s updated cybersecurity regulations raise the bar for cyber resilience. By providing a tiered approach that recognizes the diversity of businesses, enhancing governance and access controls, emphasizing regular risk assessments, and promoting cybersecurity awareness, these regulations aim to protect businesses and individuals from the ever-present threat of cyberattacks. 

While these regulations mark a significant step forward in bolstering cybersecurity, businesses must also stay proactive in adapting to emerging threats. Being proactive with vulnerability prioritization is essential for any organization to effectively manage and mitigate cybersecurity risks. 

Cybersecurity is an ongoing process, and compliance with regulations is just the beginning. Will other states follow New York’s lead? RedSeal will watch and report should any additional states update cybersecurity regulations. 

RedSeal recommends organizations transition from defensive to proactive security.  Businesses should continually assess their security posture, stay informed about the latest threats, and invest in comprehensive cybersecurity solutions to ensure they remain protected in an increasingly digital world.  

Reach out today for more information on how RedSeal can support your business with proactive vulnerability prioritization. 

 

Risk Prioritization: Improving Network Vulnerability Security Management

Staying proactive with vulnerability prioritization is essential for any organization to effectively manage and mitigate cybersecurity risks.

Here are some key steps and strategies to help you prioritize vulnerabilities proactively: 

  • Identify assets that have not been scanned by a vulnerability management tracking tool.
  • Identify the network devices and specific access rules preventing scanner access.
  • Prioritize network vulnerabilities for remediation or mitigation based on risk — risk-based vulnerability is calculated in the context of your network, business, and vulnerability management best practices.
  • Visualize all reachable assets for optimal scanner placement.
  • Efficiently triage and plan mitigation of unpatchable vulnerabilities through containment or isolation.

With RedSeal’s platform, add value to each phase of a network vulnerability management program: discovery, assessment, triage, and vulnerability remediation and mitigation.

  • Discover assets: Generate scanner target lists and identify assets that have not been scanned.
  • Perform cyber vulnerability risk assessment: Identify network devices and configuration rules preventing scanner access. Visualize all reachable assets for optimal scanner placement.
  • Triage findings: Perform risk-based vulnerability prioritization based on your network context, taking into account severity, asset value, as well as upstream and downstream access.
  • Remediate and mitigate vulnerability issues: Identify precise access paths and devices to update in order to isolate and contain vulnerable assets that can’t be patched.

RedSeal integrates with industry-leading vulnerability scanners and overlays their input onto your network model. By identifying gaps in your coverage and prioritizing all findings based on accessibility as well as asset value and vulnerability severity, we help to maximize your vulnerability management investment.

Learn more or schedule a demo today!

Independent Assessment: TAG Infosphere

Using RedSeal for Cybersecurity and Compliance

A recent study by independent industry analysts at TAG Infosphere concluded that the exposure analytics capabilities of the RedSeal platform— specifically, network modeling, attack path analysis, risk prioritization, and compliance management— are well-suited to reduce risk and strengthen the security posture of complex hybrid networks.

Click here to download the full report and schedule a demo today.

 

 

 

 

Expert Insights: Building a World-Class OT Cybersecurity Program

In an age where manufacturing companies are increasingly reliant on digital technologies and interconnected systems, the importance of robust cybersecurity programs cannot be overstated. While attending Manusec in Chicago this week, RedSeal participated on a panel of cybersecurity experts to discuss the key features, measurement of success, and proactive steps that can lead to a more mature OT (Operational Technology) cybersecurity posture for manufacturing companies. This blog provides insights and recommendations from CISOs and practitioners from Revlon, AdvanSix, Primient, Fortinet, and our own Sean Finn, Senior Global Solution Architect for RedSeal.

Key features of a world-class OT cybersecurity program

The panelists brought decades of experience encompassing a wide range of manufacturing and related vendor experience and the discussion centered around three main themes, all complemented by a set of organizational considerations:

  • Visibility
  • Automation
  • Metrics

Visibility

The importance of having an accurate understanding of the current network environment.

The panel unanimously agreed – visibility, visibility, visibility – is the most critical first step to securing the network. The quality of an organization’s “situational awareness” is a critical element towards both maximizing the availability of OT systems and minimizing the operational frictions related to incident response and change management.

Legacy Element Management Systems may not be designed to provide visibility of all the different things that are on the network. The importance of having a holistic view of their extended OT environment was identified in both proactive and reactive contexts.

The increasingly common direct connectivity between Information Technology (IT) and Operational Technology (OT) environments increases the importance of understanding the full scope of available access – both inbound and outbound.

Automation

Automation and integrations are key components for improving both visibility and operational efficiency.  

  • Proactive assessment and automated detection: Implement proactive assessment measures to detect and prevent segmentation violations, enhancing the overall security posture.
  • Automated validation: Protecting legacy technologies and ensuring control over IT-OT access portals are essential. Automated validation of security segmentation helps in protecting critical systems and data.
  • Leveraging system integration and automation: Continue to invest in system integration and automation to streamline security processes and responses.

Metrics

Measuring and monitoring OT success and the importance of a cybersecurity framework for context. 

One result of the ongoing advancement of technology is that almost anything within an OT environment can be measured.

While there are multiple “cybersecurity frameworks,” the panel was in strong agreement that it is important to leverage a cybersecurity framework to ensure that you have a cohesive view of your environment.  By doing so, organizations will be better-informed regarding cybersecurity investments and resource allocation.

It also helps organizations prioritize and focus on the most critical cybersecurity threats and vulnerabilities.

The National Institute of Standards and Technology (NIST) cybersecurity framework was most commonly identified by practioners in the panel.

Cybersecurity metric audiences and modes 

Different metrics may be different for very different roles. Some metrics are valuable for internal awareness and operational considerations, which are separate from the metrics and “KPIs” that are consumed externally, as part of  “evidencing effectiveness northbound.”

There are also different contexts for measurements and monitoring:

  • Proactive metrics/monitoring: This includes maintaining operational hygiene and continuously assessing the state of proactive analytics systems. Why would a hack want to get in? What is at risk and why does it matter to the organization? 
  • Reactive metrics/monitoring: Incident detection, response, and resolution times are crucial reactive metrics. Organizations should also regularly assess the state of reactive analytics systems. 
  • Reflective analysis: After incidents occur, conducting incident post-mortems, including low-priority incidents, can help identify systemic gaps and process optimization opportunities. This reflective analysis is crucial for learning from past mistakes and improving security. 

 Organizational Considerations 

  1. Cybersecurity risk decisions should be owned by people responsible, and accountable for cybersecurity.
  2. Collaboration with IT: OT and IT can no longer operate in isolation. Building a strong working relationship between these two departments is crucial. Cybersecurity decisions should align with broader business goals, and IT and OT teams must collaborate effectively to ensure security.
  3. Employee training and awareness: Invest in ongoing employee training and awareness programs to ensure that every member of the organization understands their role in maintaining cybersecurity.

Establishing a world-class OT cybersecurity program for manufacturing companies is an evolving process that requires collaboration, automation, proactive measures, and continuous improvement. By focusing on visibility, collaboration, and a commitment to learning from incidents, organizations can build a strong foundation for cybersecurity in an increasingly interconnected world.

Contact RedSeal today to discuss your organizational needs and discover how RedSeal can provide unparalleled visibility into your OT / IT environments.