When choosing a technology security solution…

No two organisations are identical.

Share and Comment


Although some industries may be targeted more often than others for cyberattacks, every organisation across every major industry, from utilities and manufacturing to the public sector, must take necessary security precautions and make cybersecurity a top priority and investment, according to Forescout.

Steve Hunter, senior director for Asia Pacific and Japan, Forescout, said, “Making the best investment with a potentially limited security budget can be a daunting task for security and risk management (SRM) leaders.

No two organisations are identical.

Some of the reasons for this include the fact that no two organisations are identical, which means that security mindset is also different. Cyberthreats are also evolving at a remarkable pace, making it difficult to ensure protection against the latest threats.”

In addition to evolving threats, the cyber landscape is also changing rapidly. Traditional IT networks and infrastructure are becoming increasingly intertwined and connected to operational technology (OT) networks and infrastructure.

Consequently, devices typically limited to the IT environment, if unsecure, can put entire OT networks at risk. Each device expands the attack surface, giving bad actors more opportunities to access the network.

To help businesses and organisations simplify the decision-making process and also minimise the time to deployment, and ultimately a more secured network environment, Forescout has assembled a list of seven key questions, based on key research, that every SRM leader should ask before deciding which security product is the best one for their organisation.

1. Is the solution vendor-agnostic?
Too often, organisations identify what they think will be a security silver bullet, only to discover after purchase and implementation that the product is not compatible with other products or applications on their network.

 More than a poor investment, those organisations also suffer the headache of frustrated end users and wasted resources, and, their organisation is ultimately no more secure than before the purchase was made. It is critical that products are vetted to ensure they are compatible and vendor-agnostic.

2. Does the solution provide asset discovery to enable operational continuity and system integrity?
Asset discovery is a critical foundation for effective defence, as well as ensuring reliable operations.

Often organisations, even those with good asset inventory and asset management practices, will fail to account for every device that’s on their network.

A good security solution will let organisations identify and inventory every connected device on their network in real time, regardless of device type.

3. Does the solution detect and alert on known common vulnerabilities and exposures (CVEs)?
Whitelisting and generic anomaly detection are common OT security approaches. Whilst important, the best approach should include well-mapped OT system CVE discovery for faster detection and to improve risk management from Day 1.

 In today’s cyber terrain, early understanding of an organisation’s OT exposure can mean the difference between headline news and swift remediation and mitigation.

4. Can the solution evolve from mirror mode to in-line security?
Active prevention may be a desired, long-term goal when it comes to monitoring and detection, however many organisations lack either the security maturity or necessary resources to enable such features as part of initial deployment.

 However, as the organisation matures, it’s important to have the option to switch from passive detection to active prevention. Ensuring this feature is available up front will also prevent the need for additional expenses down the road.

5. Does the solution provide IT support in addition to OT?
This question is especially important to ask when seeking to protect an OT environment. Because OT attacks have historically started in the IT environment, then stealthily oved laterally into the OT environment, it’s important to detect IT-originated but OT-targeted attacks before they reach the intended target.

In short, decision-makers should ensure the product is effective in both IT and OT environments.

6. Does the solution support secure IT/OT alignment
? IT-OT convergence is on the rise; yet, the supporting infrastructure and networks differ significantly and can’t be treated the same when it comes to cyber defence.

In other words, the security best practices and technologies that work in an IT environment cannot always be expected to effective, if even possible, in an OT environment. It’s critical, then, that decision-makers evaluate a product not only on its ability to protect both environments, but also on its ability to integrate with other security solutions, protocols, software and hardware.

7. Is the solution designed to live in an OT environment from a hardware or operating environment perspective?
Many solutions are designed to function within the comfort of a temperature-regulated server room with a backup power supply or generator; the type of facility typically provided in IT environments.

OT environments, on the other hand, do not always afford such controlled environments and, as a result, can test the limits of many solutions.

It’s important to account for the environmental conditions where the product will be used and ensure the solution can run in sites requiring support for hazardous environment operations.

Share this:

You must be logged in to post a comment Login