Many industrial security professionals lack visibility into their organizations’ assets and processes. This includes Industrial Internet of Things (IIoT) devices as well as industrial organizations’ supply chains. Back in March 2021, Tripwire announced the results of a survey in which 99% of security professionals said that they had experienced challenges securing their organizations’ IoT and IIoT devices. Two-thirds of respondents said that they had struggled to discover and remediate vulnerabilities, while 60% had run into issues when managing their IoT device inventory. A majority (87%) of survey participants went on to state that they were worried about the supply chain risks introduced by IoT and IIoT devices.
This concern isn’t unfounded. Back in 2020, the number of attacks nearly doubled for industrial companies, reported BetaNews, while the volume of malware-related attacks grew 54% compared to 2019. It was several months later when BetaNews shared the results of another report in which researchers noted that industrial organizations constituted the second most-targeted sector in 2020. The research noted how an external attacker could penetrate the corporate network of 91% of industrial organizations, and it disclosed that penetration testers had successfully accessed the industrial control system (ICS) networks at 75% of those entities.
Things didn’t improve much in 2021. According to SecurityWeek, 80% of IT and OT security professionals in the United States, Europe, and APAC admitted that their organization had suffered a ransomware attack during that period. Half said that the incident had affected their ICS/OT environment, with nearly half clarifying that the impact had been significant.
Why Are Industrial Organizations Struggling with Visibility?
In April 2021, SecurityWeek wrote that security teams tend to lack visibility into their OT networks for several reasons. Provided below are a couple of them.
- Lack of standardization: Homogenous OT networks aren’t the norm. Typically, these environments consist of decades-old legacy systems that can’t receiving patches remotely along with more modern devices. Many systems in the former category use their proprietary communication protocols, which complicates asset discovery. What’s more, this network might be operating across several geographically dispersed locations.
- Lack of tolerance for downtime: Teams responsible for securing OT networks tend to prioritize availability in the CIA Triad. This is because many industrial organizations own and operate critical national infrastructure (CNI) systems that, if knocked offline, could threaten national security of or undermine public safety in the host country. In doing so, however, these organizations could fail to account for threats confronting the confidentiality and availability of their systems.
How Tripwire Can Help
Tripwire can help IT and OT security professionals gain visibility into their employers’ networks. It can do this through two of its solutions. They are Tripwire Log Center and Tripwire Industrial Visibility.
Tripwire Log Center
Tripwire Log Center provides customers with centralized log management functions including collection, analysis, and delivery. The solution integrates with organizations’ existing infrastructure to help teams to monitor, detect, and respond to threats in their environments. Organizations can therefore use Tripwire Log Center in support of their regulatory compliance obligations and/or to increase their aware of digital threats.
Tripwire Industrial Visibility
Powered by Claroty, Tripwire Industrial Visibility uses its coverage of OT protocols and scanning capabilities to yield insight into organizations’ OT environments. It focuses in on three dimensions of those networks. First, it attempts to illuminate every OT asset and its relevant attributes including model number, card slot, and other details. Second, it seeks to gain visibility into OT network sessions including their bandwidth and any changes that took place. Finally, it helps security teams to track OT operations so that they can visualize mission-critical processes.
Greater than the Sum of Its Parts
IT and OT security organizations can use Tripwire Log Center or Tripwire Industrial Visibility to gain visibility over their organizations’ systems and data. But they could derive even greater benefit if they use the two solutions together. For instance, teams have the option of correlating suspicious events from Tripwire Log Center with suspicious changes detected by Tripwire Industrial Visibility to accelerate and amplify their incident response efforts. They also have the option of using Tripwire Log Center to discover their ICS systems and other assets without affecting plant performance. From there, they can leverage that asset inventory to identify misconfigurations and other indicators that might be associated with insider, distributed denial-of-service (DDoS) attacks, and other issues.