Since the discovery of the Stuxnet worm, Operational Technology has been gaining attention from security providers, as the number and type of attacks continue to grow. With the integration of cloud services into a number of functionalities, the security side of OT is encountering rapid expansion of the terrain they have to protect.
At Fortinet Accelerate, Edgard Capdevielle, president and CEO of Nozomi Networks Inc., met with Lisa Martin (@Luccazara) and Peter Burris (@plburris), co-hosts of theCUBE, SiliconANGLE Media’s mobile live streaming studio, to discuss OT security, IT practices and how the two are coming together. (*Disclosure below.)
Smoothing the convergence
As Capdevielle explained, “A lot of customers in our space are going through what’s called ‘IT-OT convergence,’” as the traditionally serial OT networks are now being converged with IT technology and operations, leading to an influx of “the traditional IT attacks.”
“Those traditional IT attacks are particularly harmful when it comes to industrial, critical infrastructure, and they require a special technology that understands those protocols to be able to detect anomalies and whitelist or blacklist certain activities,” Capdevielle noted.
With the wide range of activities and operations covered by industrial IoT, and the networking involved in each field, the common errors of IT, which tend to have minor impacts like slowing e-mail transmission or cancelling a print job, become much more serious in the OT realm.
Capdevielle laid out the three categories Nozomi uses to group anomalies: damage and malfunctions, human error, and cyber. And with that last grouping, the challenges are building every day for OT security.
“Not only are nation-states attacking each other … but now you have traditional security use cases [of] your malicious insider, your compromised insiders, doing industrial cyber-attacks.” He continued on to explain how Nozomi connects with Fortinet Inc. in handling those attacks, including making widespread alerts, to “become part of the security information environment,” but also by using Nozomi FortiGates to “become active in the network.”
As Capdevielle noted, Nosimi’s product has to be passive for ease of deployment across the range of industrial networks and their particular standards. But its tools also provide users with the ability to set special configurations to receive commands from Fortinet and Nozomi, allowing them to automatically quarantine infected nodes as soon as they’re recognized.
“The way the journey works for us, is we provide, as soon as we show up, an immediate amount of visibility. These networks don’t have the same toolsets from a visibility and asset management perspective that IT networks have, so the first value added is visibility,” he said.
And in Capdevielle’s estimation, while critical infrastructure has been somewhat undervalued in past years, with the continued developments on so many fronts, he feels that “this year’s going to be the year where ICS [industrial control systems] security is going to be … a lot more relevant for a lot more people.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE and theCUBE’s coverage of Fortinet Accelerate 2017. (*Disclosure: Fortinet Inc. and other companies sponsor some Accelerate 2017 segments on SiliconANGLE Media’s theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)