Best Practices Against Today’s Emerging Threats
Strengthening cyber defenses in OT and IoT environments requires a multi-pronged approach that often includes complementary technologies, well-defined monitoring and processes, and the necessary security hygiene. Too often, overstretched security teams allow human error to compromise even the most advanced defenses with weak passwords, misconfigured networks and devices, or social engineering. Many ransomware attacks begin with a naïve user clicking on a malicious email link in an otherwise well-defended network.
Network segmentation is another fundamental part of a cyber defense strategy designed to prevent the spread of malware to critical applications and OT processes. Several technologies are useful for segmenting networks, such as VLANs and firewalls based on environment and policy requirements. In OT networks, the Purdue model is a way to create network areas that align with process elements and system function. However, too often we encounter organizations with completely flat networks (minimal segmentation), where easily compromised systems with critical applications and processes are little or not isolated.
We make suggestions to increase network segmentation in the OT/IoT Security report, up to a Zero Trust model. Also known as micro-segmentation, Zero Trust implies that all network connectivity between individual endpoints is denied except for explicitly authorized connections. When migrating to a Zero Trust model, it is important to monitor traffic patterns. This allows you to understand how legitimate traffic flows through the organization before specifying explicitly allowed connections to avoid disruptions.
We further discuss the importance of traffic monitoring to detect potential security threats, breaches, and other anomalies in network flows and OT processes. Finally, we cover attack surface reduction and what can actually be achieved with reasonable effort.