Visibility is Key to Security Monitoring for IT, OT, and Cloud

by | May 30, 2019 | Cloud Security | 0 comments

Visibility is Key to Security Monitoring for IT, OT, and Cloud

With the rapid pace and complexity of business transformation coupled with ever-increasing threat sophistication targeting hybrid environments, IT & Security teams are looking for trusted security partners who can help increase visibility, reduce complexity, and address critical talent shortages.

Large-scale breaches have impacted millions of people. The once-fringe subjects of ransomware, malware, denial of service attacks and phishing scams have captured public interest, impacted the bottom line, and earned the attention of leaders in public and private institutions around the globe. The increasing sophistication of threats has taken the risks of data and reputational loss to new heights – costing companies an estimated USD 1.5 trillion worldwide in 2018 alone.[1] At the same time, organizations’ computing environments are rapidly transforming to deliver business outcomes for modern consumers in the modern world. Network perimeters continue to erode to enable this transformation and include mobile devices, cloud applications and platforms, operational technologies (OT) such as sensors and controls, and industrial IoT devices (IIoT).

In order to produce these business outcomes while protecting critical assets, data, and reputation, IT & IT security teams need visibility across the enterprise stack. They require trusted cybersecurity partners who can help them reduce the complexity of managing cybersecurity programs in multi-technology environments while maximizing the value of their investments

Challenge the status-quo: every organization should assume breach

The question is not if or when security will be breached – it is how quickly you can identify and mitigate a threat that’s already inside your organization. Executive Boards are more involved and looking for reassurance that the business is resilient against the most current events. To deliver the expected results, threat detection, containment, and remediation must be rapid and effective, but currently, most threats go undetected for an average of 101 days. A deeper level of intelligence is needed – superior visibility into threats and adversaries, greater contextual relevance, and a dynamic understanding of an evolving threat landscape.

Detect Faster, respond efficiently

Traditional Managed Security Services Providers (MSSPs) solutions lack the advanced capabilities required to combat advanced adversaries. An effective approach to threat detection needs to provide visibility and be non-linear, imitating the ad-hoc way an attacker moves through an environment. This requires specific skill sets and capabilities that should be continuously updated to stay ahead of the curve and detect and respond more rapidly to attacks.  Such capabilities require a new way of monitoring and detection – a service that combines visibility, expert analysts, threat detection frameworks, and intelligence sharing.

Threat hunting approach

However good the technology and processes are, threats can still get through the net. The most advanced managed security requires dedicated teams of threat hunters – analysts with the mindset of a hacker who will investigate and research anomalous behavior, activity, and files to unearth unknown threats. With an international shortage of cybersecurity professionals close to 3 million worldwide,[2] companies will have difficulty recruiting the talent directly.

Don’t stop at traditional IT security monitoring. Regardless of the environment – cloud, IT, or OT – it needs visibility and appropriate protection

Attack vectors are expanding with digital transformations, making it harder to reduce risk and maintain accurate visibility across the enterprise. The number of new platforms and applications collecting, storing and mining data is on the rise. Critical infrastructure is becoming more reliant on the Internet and IT environments to operate effectively. This combination provides security teams with a complex mission, attackers with new targets, and regulators with a new scope.

  • Cloud platforms Visibility and Security monitoring

According to Gartner, 75 percent of businesses will use a multi-cloud or hybrid cloud model for their businesses by 2020. While migrating to the cloud can save time and money in the short term, cloud adoption presents unique challenges when it comes to long-term data visibility and security, particularly in hybrid environments. Businesses need a way of monitoring, detecting and responding to threats regardless of where their data is stored.

  • Visibility and Security Monitoring of Operational Technologies & Industrial Systems Controls

Operational Technology (OT) and Industrial Control Systems (ICS) networks represent a growing risk. Malicious activity is increasing, as evidenced by the growth in threat activity from ICS attack groups and the emergence of ICS-specific malware, such as Triton or Trisys. Prominent breaches in critical infrastructures, including water and energy utilities, have highlighted the need for better security. Nevertheless, many organizations still struggle to have the visibility needed to monitor their industrial environments effectively.

Protecting businesses against sophisticated cyber attacks is an ongoing process for IT & IT security teams. Given the complex business drivers, threat landscape, and IT talent shortage, most organizations are working with trusted cybersecurity partners who can bring the critical visibility, solutions, resources, and intelligence to minimize these risks.

  1. Is my data safe in the cloud? Or would it be safer on premise?

    Interview with Olivier Spielmann, Director of EMEA Managed Security Services, Kudelski Security

Information security relies on data confidentiality, integrity and availability. With proper security controls, all three aspects can be protected on-premise or in the cloud. Equally, all three can fail in the cloud or on-premise as well. Transition to the cloud means that solution responsibility is divided. Some parts are delegated to a third party while others remain the company’s responsibility (e.g. data accountability).

One key action is to adapt the security architecture design of your solution to the target environment (cloud vs on-premise) and support it with a solid contractual base. A cloud solution can’t be designed as an on-premise solution – it’s very different, for several reasons, e.g. data ubiquity and elasticity.

Today, data breaches of cloud environments are mainly due to human configuration errors, exposing unprotected data to the Internet.

The widest risk of cloud environment usage for storing company data can be addressed by:

  • Properly designing a secure cloud architecture that addresses confidentiality, availability and integrity aspects
  • Performing due diligence on the cloud provider
  • Putting in place a solid service contract

Whatever the stage of your cloud journey, Kudelski Security has services and solutions to support you – from cloud design, due diligence, security monitoring, to incident response in the cloud.

  1. Does it really make a difference whether I keep my data in Switzerland or in a foreign cloud?

No, as long as you don’t infringe the relevant regulations and you have a strong contract in place with your cloud provider. If you use cloud services to deliver business services, accountability remains your responsibility.

What does change when your data is stored in another country is the regulation enacted in case of a breach or to protect your data against a search. When storing the data at a cloud provider, the client should find out which governing laws apply and assess whether they are adequate.

  1. The cloud is becoming more hybrid and varied. How does one maintain the visibility needed for a secure environment?

The cloud is completely fuzzing the borders of data processing and storage. While appreciated for its flexibility, speed and ease of use, cloud services can become a freeway for voluntary or involuntary data exposure and vast amounts of confidential data have been exposed as a result.

Risks can be addressed by training cloud user teams, properly architecturing and configuring cloud professional environments and monitoring company clouds for configuration errors.

Alternatively, companies can use the capabilities of Managed Security Service providers, like Kudelski Security. We monitor risks and configuration 24/7 and have reduced threat detection time from the average of 78 days to a few hours, in many cases.

  1. What new challenges does the IIoT create for IT-security providers?

Protecting IIoT environments is not the same as protecting IT environments. Industrial systems are built differently yet are now exposed to similar threats through their connection to IT networks. Industrial systems present new threats that can’t be handled by standard IT security measures. For example, scanning an industrial system with a vulnerability scanner may shut it down, stopping the manufacturing process.

In addition, IT security skills and solutions aren’t adapted to IIoT environments. Vendors and service providers need to offer new solutions to cover these newly exposed environments of critical service providers, e.g. energy. Companies looking to protect their assets in an IIoT environment can get support from Kudelski Security’s Cyber Fusion Center, which offers advisory, threat monitoring, hunting and incident response around the clock.

  1. Who watches the watchmen: How do these cybersecurity partners keep themselves safe?

At Kudelski Security, clients regularly challenge us to demonstrate we’re applying robust security controls and appropriate security governance processes. Cybersecurity partners should always practice what they preach by applying defense-in-depth security controls, threat monitoring and hunting and incident response to their own environments.

This article was originally featured in Netzwoche and can be read by clicking here.

[1] Maguire, M. Dr. (2018) https://www.bromium.com/press-release/hyper-connected-web-of-profit-emerges-as-global-cybercriminal-revenues-hit-1-5-trillion-annually/.

[2] Cybersecurity Workforce Study (2018) https://www.isc2.org/Research/Workforce-Study#

Kudelski Security Team
Latest posts by Kudelski Security Team (see all)

Submit a Comment