In our previous blog, What Makes OT Asset Inventory More Complicated than IT, we discussed how the complexity and sensitivity of OT environments make it very difficult for corporate IT and cybersecurity managers to obtain a complete, real-time inventory of OT assets and why it is critical to have such an inventory.
First and foremost, asset inventory provides visibility, so you know what you have, where it is, and what it does. While an accurate asset inventory is critical to any cybersecurity program, it is just the beginning. The question remains, “What do I do with the asset information? How do I leverage it to secure both corporate and industrial operations?”
The answer lies in risk.
Everyone Understands Risk
Most people in an industrial enterprise understand risk, at least within their area of expertise. The challenge becomes translating or aligning these definitions of risk to other company areas and up to the boardroom.
Engineers, for example, typically view cyber risk as a critical factor in ensuring the safe operation of industrial systems. In the context of cyber risk, engineers consider the potential consequences of cyber-attacks on industrial control systems and the risks posed by the increasing interconnectivity of these systems with digital networks.
They recognize that cyber threats can cause physical harm to equipment, endanger human lives, lead to financial losses, and cause irreparable damage to long-lead-time equipment.
This is an engineering worldview; others will look at risk differently. To minimize the overall risk to the organization, it is imperative to establish a common baseline and consensus regarding risk. A comprehensive inventory that includes assets from IT, OT, and IIoT across the organization is often the best place to start.
To achieve end-to-end cybersecurity across the enterprise, OT and IT teams should collaborate to identify, evaluate, and reduce risks. To that end, asset discovery must be broadened to encompass OT devices – ideally 100 percent of devices. A complete and accurate inventory of IT-OT assets puts everyone on the same page and provides much-needed transparency to corporate IT and cybersecurity managers.
Often due to budget-vs-price constraints, many corporate IT teams have settled for 60 percent or 70 percent OT asset visibility because that’s all they can afford. The undiscovered OT assets are generally at the edge of the industrial network or at ‘less critical’ sites where it’s too expensive to deploy ‘heavy’ and pricey collector agents. However, an inventory database missing 40 percent of the OT assets creates an inherent 40 percent risk exposure that can torpedo even the best cybersecurity program.
Sometimes, vendors offer lighter and lower-cost collector agents with fewer features and limited capabilities so enterprises can deploy them more widely. But then the solution quality and efficacy are lessened, and discovery still doesn’t cover 100 percent of OT assets. To assess risk, industrial enterprises need more information, not less. Organizations should focus on cost-effective solutions and architectures to establish a comprehensive IT/OT asset inventory.
OT Asset Intelligence
In addition to fundamental asset discovery, the OT asset inventory should provide a security perspective on each device by mapping its vulnerabilities, location, criticality, patchability, who is responsible for servicing the asset, etc. This kind of asset intelligence enables IT and cybersecurity teams to assess OT vulnerabilities in terms of absolute risk, relative risk, and the criticality of the risk to the organization. Armed with asset intelligence, IT and SOC teams can build more effective cyber security programs and prioritize their workload according to the many risks the organization may face.
Gain Complete Visibility and Control over Your OT
Explore DemoSpanning Silos
OT asset inventory (or the lack thereof) isn’t just a tool or technology hurdle to overcome. Industrial enterprises will readily agree that it’s also a challenge that stems from traditionally working in separate IT and OT silos. In this regard, an end-to-end asset inventory/intelligence tool can help unite OT and IT teams around the valuable risk information they need.
Consider the SOC team that is threat-hunting. They need to have end-to-end visibility to look at all the risks. SOC analysts can’t stop halfway through the hunt because they cannot step into the OT space or gather information from OT systems. An end-to-end IT/OT/IoT asset inventory is a tool that can provide much-needed transparency and bring different teams around the table to discuss how to break down these barriers and enable better asset management, risk management, and cybersecurity across the entire industrial enterprise.
Malicious actors don’t stop at the border. The Cyber Kill Chain, developed by Lockheed Martin, explains how attackers move through networks to identify and exploit vulnerabilities. The Cyber Kill Chain outlines a series of steps that trace the stages of a cyberattack, from the initial survey to the exfiltration of data. This model helps us understand and combat ransomware, security breaches, and Advanced Persistent Attacks (APTs).
The ‘Industrial’ Cyber Kill Chain emphasizes the need for a coordinated cybersecurity approach that considers both IT and OT environments – bad actors don’t care if you delineate between OT and IT! For example, during the reconnaissance, attackers attempt to gather information about the target system and identify vulnerabilities that can be exploited – this can involve IT or OT systems, or both, depending on their desired outcome.
Additionally, lateral movement within a network is an increasingly common technique used by attackers targeting industrial enterprises to gain access to other systems and information. This stage of an attack involves moving from one system or asset to another within a network to gain access; it can happen in either direction, from IT to OT or OT to IT. Identifying lateral movement is vital to stopping complex incidents and APTs in their tracks.
IT/OT Convergence and System Interdependence
The dividing line between IT and OT systems, processes, and people is becoming increasingly blurred due to the increasing connectivity requirements and need for data analytics from industrial environments. These systems’ increased connectivity and criticality create more significant challenges for their adaptability, resilience, safety, and security. Even industrial companies that don’t use the term ‘IT/OT Convergence’ need to understand the inherent risks across both domains.
The common goal must be securing the entire company, and the path forward involves finding common ground; this is the only approach for successful IT/OT convergence. This approach ensures the enterprise remains competitive, safe, and efficient in an increasingly connected and insecure world. A lack of trust, understanding, and/or collaboration between the OT and IT departments can devastate an organization’s security posture. The key to connecting these two worlds is to keep your eyes on the prize – minimizing risk to the organization.
With the intensification of IT/OT Convergence, it is vital to start with the people on both sides of the fence, build trust around the common goal, and ensure it is simple. To understand and measure the inherent cyber risk across the entire industrial enterprise, the risk must be understood in terms of business risk, not technology. IT and OT personnel need to understand each other’s distinct worldviews, build trust as a team, and work together to reduce the organization’s cyber risk from end to end.
One Source of Truth for Both IT and OT
A combined IT/OT asset inventory can help bring everyone in the organization together around a unified view of the network and, eventually, risk. By utilizing a unified asset inventory, both IT and OT personnel would be able to:
- Identify vulnerabilities: By creating an inventory of all IT/OT assets, it becomes easier to identify any potential vulnerabilities in the system and prioritize areas that need to be secured, patched, or updated, thus minimizing the risk of exploitation by attackers, particularly in terms of lateral movement.
- Assess risk: With a comprehensive inventory, assessing the risk level associated with each asset becomes easier. This can help organizations prioritize which assets to secure first based on their context and the potential impact on the business.
- Manage access: By knowing what assets exist, it becomes easier to manage access to them, thus helping to prevent unauthorized access and reducing the risk of data breaches, cyber-attacks, and other security incidents.
- Monitor activity: An IT/OT asset inventory can also be used to monitor activity on each asset, helping organizations to detect any unusual behavior that may indicate a security incident is underway.
With the intensification of IT/OT Convergence, it is vital to start with the people on both sides of the fence, build trust around the common goal, and ensure it is simple. To understand and measure the inherent cyber risk across the entire industrial enterprise, the risk must be understood in terms of business risk, not technology. IT and OT personnel need to understand each other’s distinct worldviews, build trust as a team, and work together to reduce the organization’s cyber risk from end to end.
Let Existing Tools Leverage IT-OT Asset Intelligence
Asset intelligence can also be integrated into cybersecurity technologies and processes to make them more effective. For example, getting end-to-end asset intelligence into a Splunk database where IT and OT tools can access it. Another example could involve integrating IT-OT-IoT asset inventory with Secure Remote Access (SRA) solutions innovating new ways to facilitate and secure remote access to devices in closed OT environments. The SRA solution needs to know where OT devices are located, what they do, etc.
As mentioned earlier, one of the most valuable integrations of end-to-end asset intelligence could be with service desk systems. The asset inventory may initially provide relevant OT information, context, or insight on the trouble ticket. A deeper integration (additional fields) could enable a ticket to be triggered and tracked by the asset inventory – further automating the process. Instead of pulling inventory information, the integration could be bi-directional, allowing the service desk to refresh the inventory’s risk register when the ticket (change order) has been completed. The possibilities to reduce risk and improve processes are many. And it all starts with end-to-end asset inventory and asset intelligence.
Lansweeper OT – Asset Intelligence
Lansweeper OT is a platform designed to discover inventory in OT environments, including ICS/OT devices (PLC, RTU, DCS), IT (HMI, engineering workstations, PCs), and IIoT (IP cameras, smart buildings systems, etc.) within the production environment.
Lansweeper has provided a highly successful tool for small and medium-sized enterprises to conduct IT hardware and software asset inventory for many years. Recently, Lansweeper extended this expertise to the OT domain.
Lansweeper OT is uniquely positioned to help corporate IT, and cybersecurity managers build a bridge to the ‘other side’ – the OT side of the enterprise. There is no need to settle for 60 percent or 70 percent asset visibility or to compromise your cybersecurity program due to insufficient OT asset intelligence.
Lansweeper OT understands that OT/ICS environments are different, use proprietary protocols, and require an OT-sensitive asset discovery and management approach. We leveraged our experience to provide unified IT/OT/IoT asset visibility and management in an easy way for IT professionals to use and understand.
