Total visibility.

Focused Protection.™

The Evolving IT–OT Landscape

In order to achieve operational efficiencies, OT environments have become increasingly connected to both corporate IT networks and the public internet. Supply chain optimization, process optimization, central­ized management and globalized production are some of the key and inevitable drivers for connecting OT; but change has both exposed once–isolated environments to external threats and opened new attack vectors to traditional IT.

With the potential for exposure and the criticality of services at stake, it’s no wonder OT networks have become such an attractive target to adversaries.

OT environments have typically focused on managing operational risk to maximize availability and reliability. As such, the objectives of IT teams in charge of cyber risk management have not aligned with those of engineers overseeing OT systems and devices. Additionally, many of the technologies on which IT security relies, such as active vulnerability scanners, can’t be deployed within the OT network. There are also impedi­ments to patching, and often infrastructure that is not known or cataloged.

Skybox integrations with leading OT security platforms give organizations with ICS and SCADA systems a way to gain crucial visibility across the hybrid IT–OT environment to:

• Understand reachability between networks and network zones

• Contextualize risk and effectively plan remediation

• Proactively reduce risk to safeguard the organization without sacrificing uptime

HYBRID IT-OT

Business Brief

NETWORKS WITH SKYBOX SECURITY

SECURING

2

Securing Hybrid IT-OT Environments | Business Brief

Challenges in OT Security

Legacy Technology

OT is rife with legacy technology, sometimes decades–old. In comparison, IT generations are much shorter, making it hard for inherent OT defenses to keep pace with the ever–evolving security and threat landscape. And, due to the need for continuous uptime of OT infrastructure, it’s not always operationally possible to maintain the environment’s security in the same was as traditional IT networks.

Outdated Systems

The age of many OT systems means that it’s common for portions of the technology to be running on outdated operating systems — sometimes with no updates available — leaving them vulnerable. Additionally, IT assets within the OT network often run outdated systems with known vulnerabilities that may not have the vendor support to fix them (e.g., Windows XP).

Convergence With IT

As OT connects with the corporate network and the internet, issues such as malware, IT vulnerabilities and malicious insiders all need to be consid­ered. In addition, as OT systems become smarter and more IT–enabled, OT engineers are tasked with adding IT knowledge and security expertise to their already full and distinct workloads. Conversely, IT teams aren’t typically well–versed in OT systems, concerns and protocols.

Organizational Challenges

Because IT and OT each have different teams, technologies, processes and objectives, it is difficult to create and maintain security architectures that meet the needs of both groups. This security management dis­connect creates “cracks” through which attackers can covertly slip into an organization.

Limited Visibility and Insight

Finally, propriety protocols in OT make it difficult, if not impossible, for IT solutions to map the attack surface. IT security solutions, for the most part, have not been adapted to work in OT environments. For example, active scanning of the OT network is generally prohibited, leaving these areas in the dark in terms of vulnerability identification, risk awareness and proactive threat protection.

Historically, OT networks have been exclusive to critical infrastructure and manufacturing organizations.

But with the advent of smart buildings, more orga­nizations are finding them­selves connecting OT and corporate networks, with limited insight to the risks they share.

SKYBOX OT SECURITY INTEGRATIONS

3

Securing Hybrid IT-OT Environments | Business Brief

Azure Test

VPN Partner

Partner

Los Angeles

London

OT

App DMZ DB App

Internet

PRIVATE CLOUD

Finance

AWSCustomers

AWSProduction

AWS

Microsoft Azure

Azure Production

Development

ON PREMISES

VPN

AWSDevelopment

OPERATIONALTECHNOLOGY

VMware NSX

PUBLIC CLOUD

Azure Production Azure Test

VPNVPN IPS

VPN Partner

Partner

Los Angeles

VMware NSXVMware NSX

London

OT

AWS

Microsoft Azure

AWSCustomers

AWSProduction

AWSDevelopment

AWSDevelopment

App DMZ DB App

Internet

ON PREMISES

PRIVATE CLOUD

Development Finance

OPERATIONALTECHNOLOGY

PUBLIC CLOUDPUBLIC CLOUD

Web Server

FIG 1: A representation of the Skybox model encompassing on­prem, public and private cloud and OT environments — their topology, security controls and assets

The Skybox Solution

Skybox for OT™ gives organizations with hybrid IT–OT environments the comprehensive visibility they need to ensure security and compliance standards are met throughout their networks and that risks are systemati­cally reduced and operations run smoothly.

Skybox provides the broadest set of out–of–the–box integrations with enterprise technology. It passively collects information from your net­working and security solutions to centralize data and establish a single source of truth. Combined with data collected from OT security manage­ment systems, Skybox builds this data into a model of your hybrid envi­ronment, giving comprehensive and in­depth visibility to your traditional IT, cloud and OT networks.

Visibility, contextual intelligence and analytics–driven automation lets you see and understand where your biggest risks lie and streamlines processes to eliminate risks or quickly respond to attacks.

A Unified IT-OT Network Security Solution

• Highlight an organization’s full attack surface, including vulnerabilities in both the OT and IT network to determine potential attack path exposures

• Analyze network paths end to end — between and within IT and OT networks — to improve access and configuration compliance and secure firewall change management

• Provide visibility of significant risks (e.g., zero–day vulnerabilities based on the PLC firmware version, or a critical pivot point such as an OPC workstation that has a WannaCry vulnerability)

4

Securing Hybrid IT-OT Environments | Business Brief

About Skybox Security

Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 130 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intel­ligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world’s largest organizations.

www.skyboxsecurity.com | info@skyboxsecurity.com | +1 408 441 8060

Copyright © 2019 Skybox Security, Inc. All rights reserved. Skybox is a trademark of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. 04262019

WHERE TO START

To learn more about how Skybox can assist with securing your hybrid IT–OT environment, download our whitepaper or visit our website.

• Identify key compliance issues (e.g., a dual–homing engineering station with interfaces to both the OT and IT networks that has created a bypass, or that a new communication path exists from a PLC to an unknown host, or a violation of Critical Control #10 of the NERC CIP standard has occurred)

• Enable cross–organizational processes such as proactive defense planning, automated compliance reporting, vulnerability management, incident response, security monitoring, exposure analysis and more

Key Business Benefits

• Gain comprehensive visibility of your organizations attack surface in a single view

• Decrease security risks in mission­critical OT networks and limit the potential for downtime or damage

• Confirm effective controls without disruption to maintain continuous compliance and steadfast security

• Improve collaboration and alignment between security and OT teams

• Simplify and reduce costs of operational processes