Defense in Depth: Top 5 Products (and Services) to Mitigate Cybersecurity Risks

If you have seen Shrek, you know that ogres are like onions. Not because they stink or make you cry—onions have layers. Ogres have layers. You get it. They both have layers! Just like ogres and onions, effective network security also requires layers of protection. And to help you defend your network in layers, check out the top five products and services to protect against cybersecurity threats.

1. Security Posture Survey

Before we recommend products to help with cybersecurity, we must first identify the current state of your network. What devices and applications are running on your network? What existing layers of defense are in place? Where are the gaps in your protection? By answering these questions, we can prioritize your Operations Technology (OT) network’s security risks and determine what additional layers of protection, policies and procedures you need to mitigate those risks.

2. ThinManager

Microsoft patching and endpoint protection are two of the most important practices for cybersecurity. With so many endpoints in a plant, what is the best way to patch them? Get rid of them and centralize! ThinManager makes patching more efficient by allowing the user to patch a centralized server system that is hosting several applications rather than patching each client individually. It also adds an extra layer of security by only providing the user with the content they need to operate and not the whole Windows desktop.

3. FactoryTalk AssetCentre

If your equipment control programs were compromised or altered, do you have them backed up and are you sure it is the latest version? FactoryTalk AssetCentre (FTAC) can help you quickly recover by providing automatic back up and revision control for your control devices including PLCs, drives, HMIs and other intelligent devices. Having a backup can improve your recovery time from days or weeks to a few hours depending on the number of devices affected. FTAC can further protect your network by limiting access to select people and making users go through AssetCentre to access and modify device settings.

4. Continuous Threat Detection

Manually monitoring activity on a network at all times is impossible, so there is software to do it for you. Claroty, an OT-specific threat detection software, monitors your OT network by building models and patterns of all traffic on your OT network. Once it establishes a pattern of your normal network activity, it can alert you of any abnormalities or vulnerabilities that might signal a cyber incident. Having threat detection software like Claroty is necessary to be able to respond to a cyber incident before it causes downtime or other production issues.

Rockwell Automation & Claroty: Comprehensive OT Cybersecurity

5. Industrial Demilitarized Zone (iDMZ)

The traditional enterprise/business network needs to communicate with the OT network more than ever. These two networks have different primary requirements in how they operate. The OT network prioritizes production time over security whereas the business network prioritizes security over all else. To meet these requirements, these two networks need to be logically separated. This is done using the iDMZ. This allows both networks to have specific security policies and allows only the proper traffic to communicate inside of the iDMZ and be relayed out to each network. Using two different set of credentials for each network adds another layer of security to prevent unauthorized access from either side.

If you are interested in any of these products or want help selecting products and services that fit your needs, contact our cybersecurity experts. Van Meter can help identify and implement the layers of protection that will make your cybersecurity as strong as possible.