Improve and integrate your OT security strategy - Edge sdn
16862
page-template,page-template-full_width,page-template-full_width-php,page,page-id-16862,bridge-core-2.0.9,ajax_fade,page_not_loaded,,qode_grid_1400,qode-theme-ver-24.0,qode-theme-bridge,qode_advanced_footer_responsive_768,qode_header_in_grid,wpb-js-composer js-comp-ver-6.4.1,vc_responsive
 

Improve and integrate your OT security strategy

Home > Improve and integrate your OT security strategy

Edge SDN Platform con be integrated
in any security strategy

Improve and complete the protection of the network

If you already have a line of defence in your OT network, you can easily enhance it by selectively adding Edge SDN network nodes. This results in an improved level of security and automation; thanks to the advanced functionalities of Edge SDN nodes, you have bullets to defence both core and border network:

Complete host isolation and traffic micro segmentation to prevent stray or unauthorized communication, preventing threats escalation

A pervasive Intrusion Detection System with a Self-learning AI integrated in network nodes, to deep inspect network activities

Automatization of security by letting operators to change on the field the level of desired cyber security, taking away the responsibility for managing OT security from the IT department

These functionalities are also mandatory requirements in cyber security industry guideline such as IEC 62443 or NIST 800–82 and fundamental bricks to build your defence wall.

Let’s find out how Edge SDN platform can enhance and complete any security strategy to better cope with the high level of risk companies have to face today.

Using Network Sensors

Network sensors or IPS have, as their main purpose, threats detection in particular network points such as core switches. The defencing principle is quite straightforward, once a threat is active in the network sooner or later it will start to send traffic trying to discover and attack other targets, at this point network sensor or IPS can identify it reporting anomaly activities.

 

A security strategy based only on sensors has strength but also have some weaknesses.

It is devoted to threats detection and not prevention, once a threat tries to branch out it could be detected

Generally, a limited number of sensors are deployed in a portion of the network, and with a limited view on other devices, thus a lot of traffic is not analysed

Some malicious traffic can be mixed up with regular one

Less effective with encrypted or encapsulated data

Network sensors as well as any other detecting techniques are excellent tools to detect threats on OT network but once they are already walked in.

 

Advantages of integrating Edge SDN nodes

 

Edge SDN host isolation and traffic micro segmentation functions are the perfect complement of network sensors. Edge SDN node significantly reduce the network visibility of each asset decreasing accordingly the risk that a threat can be spread across the network.

Network sensors are therefore relegated to a simple analysis of allowed data exchange between known peers or to control stay traffic from unknown peers. This hugely increases the security of the network.

 

Network sensors strategy coupled with Edge SDN nodes enhance prevention capabilities to stop threats branching out and protecting assets and machines with a fine grain.

Using network border IPS or Firewall

A classic strategy of prevention and network defence is placing firewall or IPS at the border. Indeed, many different LANs with different purposes can be found both in IT and OT networks, this makes it necessary to protect the traffic crossing of different portions of the network.

 

However, this strategy has some limitations:

  • It can only block or inspect packets crossing the border. Thus, having no control on internal network traffic, which means that it cannot have any security effect on those assets that exchange data without crossing the border. Security configurations between assets in the same network portions are unfeasible
  • It can be difficult to plan and foresee security configuration rules for each asset in each network portion
  • A wide range of unknown resources may connect periodically to the OT network, such as maintainers’ PCs, electricians’ equipment, and so on. In this case, heavily and time-consuming management activities could be required in order to properly protect those assets.

 

This results in a network strategy that can leave threats enough room to spread around.

Advantages of integrating Edge SDN nodes

Internal network can be segmented, controlled and completely automated thanks to the security features of Edge SDN platform. It is easy to create security profiles to confine data exchange between existing peers or assets that unpredictably can join the network and deep inspect packets for selected assets.

 

This gives a complete control to OT operators to make any asset, new or existing, safe and controlled.

Implementation of network segmentation with VLAN

It is a good security practice to segment network with different LANs or VLANs to separate data traffic. Usually, OT networks are segmented putting together similar assets with the same objective or risk level, trying to create LANs as much consistent as possible. However, using only network segregation can result in a weak security strategy, in fact to prevent threats escalation it is mandatory to check and control vulnerable assets within LANs.

  • LAN and VLAN management can be a nightmare, especially if unknown resources or assets can periodically connect to the network
  • There are significant security differences between tagged and untagged VLANs, without being aware you may have flaws or weakness around. Moreover, physical protection on switch ports may be necessary

 

Sometimes it can be difficult to create consistent local area network with similar assets, thus ending into heterogeneous assets inside the same network, without any knowledge about the real actual topology

Advantages of integrating Edge SDN nodes

Edge SDN node is a security Software Defined Network switch enhanced with an Intrusion Detection System based on a Self-learning AI algorithm. This is the key to control and inspect data traffic where threats can jump in. It is enough to use few SDN nodes in each local network as a local protection system where isolation, segmentation, prevention, and automation are fundamental bricks of the defence wall.

 

Network segmentation is consequently enhanced by a sophisticated security function to detect and prevent any threat or vulnerability.

 

Alone or coupled with other cyber security products, such as network sensors, assessment platforms or just traditional network segregation and firewalling techniques, Edge SDN Platform is an effective solution to protect the edge of the network.