Nothing is constant except change. This has been especially true in the last few years.
New technological innovation has enabled new business models, the way we live has changed the way we consume services, and the pandemic has changed everything else.
Since 2019, we have seen changes like:
- An increase in automation in everything from banking to car rentals.
- The demand for renewable energy has increased hugely.
- An increase in the need for technology-driven medicine and integration.
- More efficient manufacturing processes.
- The connection of ICS to existing IT networks
However, we have also seen:
- The average cost of a breach in healthcare is at an all-time high of $4.35 million in 2022.
- Ransomware gangs are trying to prevent service delivery to drive up ransom payments.
- Every branch of critical infrastructure is now a major target.
CISOs must balance these factors while building cyber resilience, and there are several aspects that influence their resulting plan. These boil down to the potential that a certain system will be attacked versus the impact of that system being attacked.
Industry 4.0: IT/OT convergence
There are two major changes driving the convergence of technology known as Industry 4.0:
- The integration of technology into more business processes.
- The integration of control systems into existing enterprise resource management (ERP) platforms.
While these changes optimize business processes, they also create new cybersecurity challenges as operational technology (OT) and information technology (IT) become more integrated.
Security teams often protect OT systems by implementing a security structure called the Purdue Model, illustrated below. This multi-layer model identifies functions within the OT environment and separates them either physically or via a demilitarized zone (DMZ) using firewalls.
Purdue Model diagram by Dale Peterson.
Starting at level 5 and gradually working down, security teams are including these layers as part of their organization's IT function. This is driving the need to converge IT and OT security and implement a different type of security.
IT/OT convergence requires new cybersecurity strategies
Many international regulators and standards bodies are publishing guidelines and frameworks on deploying security across hybrid IT/OT environments. It is likely that along with many other guides and frameworks most will be based on recommendations issued by the U.S. National Institute of Standards and Technology (NIST).
- Preserving the confidentiality of data.
- Maintaining service while under attack.
The ways these cyberattacks move through the network allow them to evade traditional detection and remediation methods. Consequently, too many critical infrastructure networks are being crippled and forced to shut down completely.
Challenges to securing the converged infrastructure
Without visibility across the combined environment, security teams struggle to understand the connectivity between devices and the potential cybersecurity threats. This makes putting the appropriate security policies in place on the network nearly impossible.
Most plans to combat cyberattacks, especially ransomware, include several steps:
- Identify the highest-risk assets, both IT and OT.
- Identify services running on the network.
- Map all connections between devices on the network.
- Map the vulnerabilities to understand the exposure of each asset.
Traditionally, the tools for carrying out this process in IT and OT environments have been separate and disconnected. This made seeing and securing these environments challenging, if not impossible.
Illumio and Armis have teamed up to deliver a combined solution that addresses this challenge across the converged infrastructure.
Illumio + Armis: Unprecedented protection for IT, OT and IoT
The integration of Illumio and Armis technology provides unprecedented protection for IT, OT, and IoT applications, data, and devices.
With Illumio and Armis, you can:
- Discover, categorize, and map all IoT, OT, and IT systems and communications in a single view, regardless of location: in the cloud, data centers, hospital networks, or remote locations with providers on laptops.
- Identify and ringfence high-value systems to protect them from the spread of breaches. Zero Trust Segmentation means only verified communications will be allowed, preventing the movement of any malware.
- Build an automated incident response system to apply extra restrictions should an attack be detected.
By integrating Armis with Illumio, it is now possible to see the flow of communications among your entire estate of operational systems, IT systems, and applications — all in a single, interactive map.
Illumio uses compute workload metadata and flow information to map communications between workloads. Using your existing naming structure, you can apply simple labels to each workload to display the entire infrastructure. These IT systems could be traditional Linux and Windows systems, AIX, IBM Z Series, containers, and cloud platforms.
You can import the combined contextual data of Illumio-labeled systems and Armis systems into Illumio’s application dependency map to display it in a single view.
Then, you can identify and prioritize vulnerabilities, imported from industry-leading scanners, that indicate points of higher risk within the infrastructure and put appropriate measures in place.
For example, with only a few simple clicks on the map, your team can implement Zero Trust Segmentation policies to protect IT systems and OT devices. All the devices and systems within a function can be compartmentalized to isolate them from potential threats in other areas of the infrastructure.
Improve availability with Illumio + Armis
Illumio's mapping and Zero Trust Segmentation capabilities powered by Armis gives organizations the comprehensive visibility and control needed to reduce risk and increase cyber resilience.
When a breach occurs, the Illumio and Armis integrated solution can help you quickly identify and contain its spread, avoiding a major shutdown of critical systems.
Learn more about about the joint solution between Illumio and Armis.