It’s no secret that IoT, BYOD and mobile access have made endpoints one of the most concerning network security gaps. 2017 marks the beginning of a surge in the number of organizations that are incorporating IoT devices into operations technology such as, lights, HVAC, cameras and security sensors, as well as designing highly automated Smart Buildings. As these devices continue to saturate the market, organizations are struggling to balance the productivity gains these devices deliver, against the security risks. There is no place where this risk is more pronounced than in organizations that are part of a nation’s critical infrastructure.
What is critical infrastructure?
When some people think of critical infrastructure, they think of government agencies, public transportation, water, power and similar basic services that keep society functioning in a normal manner. While these are all part of a nation’s critical infrastructure, the US government recognizes 16 segments of critical infrastructure, many of which are also in the private sector and extend into services such as health care, IT, financial organizations and manufacturing. The line between private and public critical infrastructure has blurred, there are private solar companies selling to large electric companies and private transportation companies that not only deliver critical supplies, but also are critical to commerce and the economy. Due to the importance of these industries, many are highly regulated and face a number of different regulations, along with increased pressure to improve security or face regulatory fines. But even for these industries that work with critical infrastructure and are not regulated, these companies should still bear responsibility for securing the network and infrastructure.
Critical infrastructure attacks are increasing
In the past two years, 68% of critical infrastructure organizations have experienced a security incident.[i] A few of the major breaches include:
As the network perimeter has evolved to accommodate IoT, BYOD and other mobile devices, it is no longer possible to contain these devices behind an impenetrable wall. With IoT devices that range from network printers to IoT security cameras, sensors and more, these connected devices are now entering critical infrastructure organizations and increasing the attack surface (read a case study on an IoT-enabled critical infrastructure Smart Building).
There is also a rise in organizations looking to secure Supervisory Control and Data Acquisition (SCADA) systems. While SCADA technology has been around for many years, it was not developed with an eye for security. The same can also be said for Programmable Logic Controllers (PLC), which are also being incorporated into the network and, like SCADA technology, lack appropriate security. Historically SCADA, and similar systems, were not a target. SC Media explains:
“Very few people were even aware of the existence of SCADA, let alone any vulnerability in its code. Security was through obscurity. Beyond that, access to the pieces of hardware that used SCADA was difficult if not impossible…The attack surface, (ie the exposure to a potential attacker) and therefore the likelihood of an attack was historically very small. So what has changed? Over the last ten years knowledge of SCADA has become more widespread. One can even find examples of SCADA attacks on YouTube. Furthermore it has become ever more pervasive in our everyday lives.” – SC Media, Why companies using SCADA systems need to wake up to the increased threat of cyber-attacks
Many organizations, and especially critical infrastructure organizations, should be implementing compensating security controls to secure SCADA after the lessons learned through the Ukrainian power grid attack. With SCADA systems connected to the internet and cloud in many critical infrastructure facilities, including large utility, transportation and traffic systems, as well as operational technology for many organizations, such as fire suppression and HVAC systems, the risks have increased significantly. This has spurred many critical infrastructure organizations to look at network access control with automated threat response to immediately contain infected endpoints, as well as micro segmentation to limit the lateral spread of malware. As the amorphous network edges now extend out to each endpoint, critical infrastructure organizations need an endpoint visibility, control and response solution.
The value behind endpoint visibility, control and response
Visibility: Since it is impossible to protect the network from a threat you cannot see, visibility is a crucial first step in securing endpoint devices. Visibility also simplifies centralized management and ensures that if a device is compromised, it can be located quickly, even if the device is in a remote location. In addition, a complete visibility solution will record every action taken by every device, and deliver it along with any alerts, to provide contextual information that speeds time to remediation. Furthermore, it satisfies most regulatory requirements for comprehensive activity logs and aids in forensic research and network planning. Many organizations receive alerts of suspicious activities on a specific IP address, then spend hours trying to manually track down the suspect device and search for manually. Critical infrastructure organizations cannot risk this dwell time – it is crucial to deploy a solution that provides comprehensive visibility to immediately pinpoint a suspect device.
Control: Critical infrastructure organizations require granular control of endpoint access policies and permissions. The ability to customize individual levels of access is crucial for many regulatory requirements, as well as a safety precaution that can limit access to an organization’s most sensitive data and devices. Some organizations employ microsegmentation right to the network edge, creating numerous VLANS that limit cross-talk and secure the network from the spread of lateral or east/west virus attacks. One financial organization that has thousands of devices and numerous IoT-enabled devices has implemented this type of solution. Among other strategies, it locks down its wired network so only company devices can connect, and requires every device to authenticate every time it connects to the network to provide a very strong security posture. Read the case study for more information.
Automated response: Reducing dwell time can reduce the impact of most threats. By implementing a real-time automated threat response solution, organizations can reduce dwell time from months to seconds. The best automated threat response solutions continuously monitor endpoints and automatically isolate any endpoint that does not comply with minimum network security standards, falls out of compliance while connected to the network, or begins to behave in a suspicious way. Once isolated, the best solutions can triage and deliver the alert, along with all the contextual information, to an analyst. This speeds time-to-resolution and reduces the burden on strained IT resources.
One of the largest energy solutions providers recently implemented an endpoint visibility, control and response solution, saying:
“In our highly regulated industry, network security is not only critical from a vulnerability exposure perspective, but also from a regulatory standpoint,” said Michael Seymour, vice president of information technology of Pike Electric. “As one of the world’s largest energy solutions providers, the new release of Network Sentry will provide an enhanced security posture across our locations with singular control of each and every endpoint, regardless of location, allow us to control access and permissions, and automate our ability to respond to threats.”
The budget crunch
With growing IT budgets, every organization is looking for ways to implement superior solutions that maximize already strained IT budgets. Companies and organizations should look for a solution that offers endpoint visibility, control and response as part of its security automation and orchestration solution. Security automation and orchestration simplifies and centralizes management of multiple security solutions. Using an integration wizard, some solutions enable organizations to integrate with any other security solutions – providing investment protection and eliminating forklift upgrades. Critical infrastructure organizations can select numerous best-of-breed security technologies, and a good security automation and orchestration solution will gather the information from numerous devices to increase the fidelity of alerts, simplify response by triaging the alerts, and then provide all alerts, along with the appropriate context, into one management dashboard.
For more information on how endpoint visibility, control and response can help secure your critical infrastructure environment, call us at 603-228-5300 or take advantage of our limited-time offer of a free network endpoint inventory assessment that can help your organization understand how many endpoints are connected to your network and what risks these endpoints represent.
*We value your privacy and use a variety of security measures to protect your personal information.
Our email is permission-based and we will only send you relevant information.