bad actors get malware in place or how they lure employees to connect to malicious web sites. Solutions such as Cisco Secure Email will get you protected so you don’t have to pray for employees not to open malicious files or click on suspicious links in an email.
Enforce security at the DNS layer. Attacks are controlled via the internet. Cisco Umbrella analyzes DNS queries to block requests to malicious domains, suspicious files or direct IP connections from command-and-control callbacks. Fully delivered from the cloud, this SASE approach to OT security is ideal to protect distributed industrial assets.
Implement multi-factor authentication (MFA).Cybercriminal groups such as DarkSide rely on weak passwords to gain access to an organization’s network and critical systems. Solutions such as Cisco Duo enable Zero Trust access to applications and network entry points so stolen or compromised credentials won’t be a threat anymore.
Isolate your OT and IT networks. Building an industrial DMZ is the mandatory first step to prevent malicious activities from reaching industrial control systems. Cisco Secure Firewalls are critical to blocking malware intrusions, stopping the infection spread and can be configured with policies to only allow the communications that are really needed to run operations.
Implement a robust network segmentation. Enforcing ISA/IEC 62443 zones and conduits to isolate industrial zones from each other further solidifies your security posture. Industrial firewalls such as Cisco Secure Firewall ISA3000 physically prevent lateral movements between industrial network segments. Cisco Identity Services Engine (ISE) can also be used to implement micro-segmentation within the OT network leveraging Cisco Catalyst Industrial Ethernet
Inventory and monitor the industrial network. Gaining visibility on your industrial control systems is key to ensure all assets are protected. Cisco Cyber Vision automates the discovery process at scale so you can implement OT security best practices. It also monitors industrial communications to detect abnormal behaviors and raise alerts.
Investigate and manage security events across both IT and OT domains. Because IT and OT networks have converged, threat investigations and remediations must converge, too. Cisco SecureX empowers your security teams with a single console that aggregates threat intelligence and data from multiple security technologies—from Cisco and others–making investigation and remediation fast, simple and highly effective.
Test your defense and your recovery process, and train your teams. Don’t be caught by surprise. Have backups ready. Engage an IT and OT incident response team such as Cisco Talos to develop customized playbooks and test your defense through table-top exercises so that your security teams are ready when a crisis occurs.
This might sound like a daunting list, but everything doesn’t have to be deployed overnight. A global pre-integrated solution would make it much easier to deploy and operate while offering unmatched features. Security is a journey where new capabilities are added depending on your priorities and the events you fear the most. Cisco has designed a reference architecture that will help you phase your project. Read more about it here.
What about you? How mature is your organization’s OT Security practice? Take the test and see what you should do next! To learn more about how you can secure your IoT/OT infrastructure, visit our IoT Security page or contact us. To get the latest industry news on IoT Security delivered straight to your inbox, subscribe to the Cisco IoT Security Newsletter.
Vikram Sharma has 18 years hands on experience in building and operating industrial networks. He was responsible for Cisco’s manufacturing industrial networks and application across 100+ plants globally. He is a cryptographer by training and has led Cisco anti-counterfeiting initiatives in manufacturing and overseeing security operations for the plants.
This guest blog is part of a Channel Futures sponsorship.