When choosing a technology security solution…
Although some industries may be targeted more often than others for cyberattacks, every organisation across every major industry, from utilities and manufacturing to the public sector, must take necessary security precautions and make cybersecurity a top priority and investment, according to Forescout.
Steve Hunter, senior director for Asia Pacific and Japan, Forescout, said, “Making the best investment with a potentially limited security budget can be a daunting task for security and risk management (SRM) leaders.
Some of the reasons for this include the fact that no two
organisations are identical, which means that security mindset is also
different. Cyberthreats are also evolving at a remarkable pace, making it
difficult to ensure protection against the latest threats.”
In addition to evolving threats, the cyber landscape is also changing rapidly.
Traditional IT networks and infrastructure are becoming increasingly
intertwined and connected to operational technology (OT) networks and
infrastructure.
Consequently, devices typically limited to the IT
environment, if unsecure, can put entire OT networks at risk. Each device
expands the attack surface, giving bad actors more opportunities to access the
network.
To help businesses and organisations simplify the decision-making process and
also minimise the time to deployment, and ultimately a more secured network
environment, Forescout has assembled a list of seven key questions, based on key
research, that every SRM leader should ask before deciding which security
product is the best one for their organisation.
1. Is the solution vendor-agnostic? Too often, organisations
identify what they think will be a security silver bullet, only to discover
after purchase and implementation that the product is not compatible with other
products or applications on their network.
More than a poor
investment, those organisations also suffer the headache of frustrated end
users and wasted resources, and, their organisation is ultimately no more
secure than before the purchase was made. It is critical that products are
vetted to ensure they are compatible and vendor-agnostic.
2. Does the solution provide asset discovery to enable operational continuity
and system integrity? Asset discovery is a critical foundation for
effective defence, as well as ensuring reliable operations.
Often organisations, even those with good asset inventory and asset management practices, will fail to account for every device that’s on their network.
A good security solution will let organisations identify
and inventory every connected device on their network in real time, regardless
of device type.
3. Does the solution detect and alert on known common vulnerabilities and exposures
(CVEs)? Whitelisting and generic anomaly detection are common OT
security approaches. Whilst important, the best approach should include
well-mapped OT system CVE discovery for faster detection and to improve risk
management from Day 1.
In today’s cyber
terrain, early understanding of an organisation’s OT exposure can mean the
difference between headline news and swift remediation and mitigation.
4. Can the solution evolve from mirror mode to in-line security?
Active prevention may be a desired, long-term goal when it comes to monitoring
and detection, however many organisations lack either the security maturity or
necessary resources to enable such features as part of initial deployment.
However, as the
organisation matures, it’s important to have the option to switch from passive
detection to active prevention. Ensuring this feature is available up front
will also prevent the need for additional expenses down the road.
5. Does the solution provide IT support in addition to OT? This
question is especially important to ask when seeking to protect an OT
environment. Because OT attacks have historically started in the IT
environment, then stealthily oved laterally into the OT environment, it’s
important to detect IT-originated but OT-targeted attacks before they reach the
intended target.
In short, decision-makers should ensure the product is
effective in both IT and OT environments.
6. Does the solution support secure IT/OT alignment?
IT-OT convergence is on the rise; yet, the supporting infrastructure and
networks differ significantly and can’t be treated the same when it comes to
cyber defence.
In other words, the security best practices and
technologies that work in an IT environment cannot always be expected to
effective, if even possible, in an OT environment. It’s critical, then, that
decision-makers evaluate a product not only on its ability to protect both
environments, but also on its ability to integrate with other security
solutions, protocols, software and hardware.
7. Is the solution designed to live in an OT environment from a hardware or
operating environment perspective? Many solutions are designed
to function within the comfort of a temperature-regulated server room with a
backup power supply or generator; the type of facility typically provided in IT
environments.
OT environments, on the other hand, do not always afford such controlled environments and, as a result, can test the limits of many solutions.
It’s important to account for the environmental conditions
where the product will be used and ensure the solution can run in sites
requiring support for hazardous environment operations.