GigaOm Radar for Industrial IoT Securityv1.0

How to Protect Operational Technology from Cyber Risks

Table of Contents

  1. Summary
  2. Market Categories and Deployment Types
  3. Key Criteria Comparison
  4. GigaOm Radar
  5. Vendor Insights
  6. Analyst’s Take

1. Summary

The convergence of operational technology (OT) and information technology (IT) brings benefits and risks. Industrial plants and systems are designed for long service life. The retrofitting of so-called brownfield plants harbors major security risks in the digital transformation. Networking these legacy facilities with many new devices, sensors, measuring stations, manufacturing robots, and plants with predominantly proprietary programs and protocols is difficult to secure and poses a variety of new threats to existing assets. As data is processed increasingly on-premises or cloud environments, perimeters are blurring. Previously negligible vulnerabilities now can be exploited for an attack.

Industries such as manufacturing, logistics, energy and utilities, automotive, healthcare, and agriculture become highly vulnerable to cyberattacks—and an attractive target for cybercriminals. Outages or production downtimes caused by compromised software, data, or communication channels cause major economic and material damage. Attacks on critical infrastructure (such as energy/water supply, transportation, healthcare, and telecommunications) threaten public safety.

The number of open ports in industrial internet of things (IIoT) environments is alarming. So is the use of outdated firmware and code libraries, with no limitations on access rights or insufficient authentication using shared and default passwords. Therefore, visibility is the most important tool in the fight for effective security. You can only protect what you know about. Security solutions should be implemented as an additional, preferably transparent, layer.

A now-common approach is to prohibit everything first and allow exceptions based on a combination of rule sets, predefined roles, certain device characteristics, and other guidelines. The network’s behavior is monitored and re-evaluated constantly to detect changes in the behavior of people, hosts, machines, or network devices at an early stage. This concept makes it more difficult for attackers to exploit unknown vulnerabilities for so-called zero-day attacks. Furthermore, with next-generation firewall technology, it becomes possible to apply a more granular zero trust approach (including layer 7), which further limits network access to just the industrial protocols and applications needed for business use. It also protects against internal perpetrators and helps to avoid too many open ports. The prerequisite to applying comprehensive network security is the initial inventory of all users, devices, applications, processes, and services, as well as their privileges and the documentation of all access options and accounts for users, administrators, and external parties. After the initial recording, the inventory becomes part of security management as an ongoing process.

Compatibility with existing solutions is important, not just for reasons of investment protection. IIoT security solution providers must cover not only the IT part of the network but also OT devices, protocols, and services. While OT already has its own monitoring and security information and event management (SIEM) applications, integration into the cybersecurity landscape of the IT part, with its firewalls and multiple security orchestration, automation, and response (SOAR) solutions, must also be ensured. Furthermore, IIoT security solutions should be able to verify compliance with standards in both IP and industrial networks. For details, please see the report “Key Criteria for Evaluating Industrial IoT (IIoT) Security Solutions.”

In conclusion, we find that full protection of complex and often hybrid industrial IoT landscapes cannot be achieved with a single product. It requires a comprehensive portfolio and multilayered approaches in security solutions. The greatest possible protection can be guaranteed only with both vendor and technology redundancy. Nevertheless, in this report, our main focus is on maximum possible transparency and threat detection in IIoT environments.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.