As the industrial sectors become more cyber-aware, OT visibility has become an important force towards protecting critical infrastructure. Yet, as OT Security progresses, the expansion of Industrial Internet of Things (IIoT) adds new challenges to maintaining pace with OT visibility. What once was a Whack-a-Mole game between security and its adversaries, now seems to be the same game between security and IIoT hyper-connectivity.
OT Visibility
OT visibility is advancing by providing broader reach, offering deeper coverage into the protocols and the types of devices that are entering the market. This provides a more holistic and complete picture. These improvements help to address edge devices coming into play. The other area of improvement is around medical devices. There has always been some visibility into medical devices, but we're seeing the market mature and continue to grow. While this is tangential to the industrial space, the level of complexity of some of these devices puts them on par with much industrial equipment.
The proliferation of more and more devices connecting more and more things on the network is not slowing down. In many cases, this can create serious problems. For example, using Simple Network Management Protocol (SNMP) is very familiar in the industrial space, however this activity was done with the understanding of risks unique to an OT environment. Problems emerged when IT-styled technologies started scanning in ways that, while common to IT environments, would overwhelm an OT network, causing critical devices to lock up, interrupting the process, and often requiring that a power cycle be done to return the system to service.
The development of safe active sensors was a response to addressing these problems. In the past, using active sensors was controversial because it would broadcast its query across the entire network. One way Tripwire has overcome this problem in Tripwire Industrial Visibility (TIV) is by enabling the distribution of the sensor away from the main TIV central location, pushing the active sensor out to the remote site where the scanning takes place. That adds better visibility at a reduced cost to precious bandwidth. The protocol specific active scanning pushed down to the sites makes it more approachable and manageable while practicing safe aspects of active queries. The business value of safe active monitoring is that it’s now more accessible to a broader audience.
Tripwire Industrial Edge has also taken a leap forward with token-based authentication. The Edge product is already easy to use, and the addition of token-based authentication keeps the security aspect extremely high, preventing credential exposure, while being user-friendly.
Why Being Vendor Agnostic is Important
Above all, Tripwire’s true versatility is realized in its dedication to remaining vendor agnostic. Too often, vendors build solutions that lock you in to their products, with no options for the other products in your environment. However, by latching onto a single solution, global visibility is lost. A vendor agnostic solution adds a level of overall approachability to the product, adding flexibility, such as the ability to add additional devices. When we speak of the increasing IIoT devices, it is important to also make those available to the end-user.
The constant addition of IIoT devices presents challenges that can create extreme anxiety. However, with the new developments in Tripwire’s TIV product, that Whack-A-Mole feeling becomes one of excitement as TIV discovers and monitors those devices. The expanded capabilities, and the continued commitment to remaining vendor agnostic is what sets Tripwire apart as an industry leader in the corporate space, as well as the industrial security space.
