If you already have a line of defence in your OT network, you can easily enhance it by selectively adding Edge SDN network nodes. This results in an improved level of security and automation; thanks to the advanced functionalities of Edge SDN nodes, you have bullets to defence both core and border network:
Complete host isolation and traffic micro segmentation to prevent stray or unauthorized communication, preventing threats escalation
A pervasive Intrusion Detection System with a Self-learning AI integrated in network nodes, to deep inspect network activities
Automatization of security by letting operators to change on the field the level of desired cyber security, taking away the responsibility for managing OT security from the IT department
These functionalities are also mandatory requirements in cyber security industry guideline such as IEC 62443 or NIST 800–82 and fundamental bricks to build your defence wall.
Let’s find out how Edge SDN platform can enhance and complete any security strategy to better cope with the high level of risk companies have to face today.
Network sensors or IPS have, as their main purpose, threats detection in particular network points such as core switches. The defencing principle is quite straightforward, once a threat is active in the network sooner or later it will start to send traffic trying to discover and attack other targets, at this point network sensor or IPS can identify it reporting anomaly activities.
A security strategy based only on sensors has strength but also have some weaknesses.
It is devoted to threats detection and not prevention, once a threat tries to branch out it could be detected
Generally, a limited number of sensors are deployed in a portion of the network, and with a limited view on other devices, thus a lot of traffic is not analysed
Some malicious traffic can be mixed up with regular one
Less effective with encrypted or encapsulated data
Network sensors as well as any other detecting techniques are excellent tools to detect threats on OT network but once they are already walked in.
Advantages of integrating Edge SDN nodes
Edge SDN host isolation and traffic micro segmentation functions are the perfect complement of network sensors. Edge SDN node significantly reduce the network visibility of each asset decreasing accordingly the risk that a threat can be spread across the network.
Network sensors are therefore relegated to a simple analysis of allowed data exchange between known peers or to control stay traffic from unknown peers. This hugely increases the security of the network.
Network sensors strategy coupled with Edge SDN nodes enhance prevention capabilities to stop threats branching out and protecting assets and machines with a fine grain.
A classic strategy of prevention and network defence is placing firewall or IPS at the border. Indeed, many different LANs with different purposes can be found both in IT and OT networks, this makes it necessary to protect the traffic crossing of different portions of the network.
However, this strategy has some limitations:
This results in a network strategy that can leave threats enough room to spread around.
Internal network can be segmented, controlled and completely automated thanks to the security features of Edge SDN platform. It is easy to create security profiles to confine data exchange between existing peers or assets that unpredictably can join the network and deep inspect packets for selected assets.
This gives a complete control to OT operators to make any asset, new or existing, safe and controlled.
It is a good security practice to segment network with different LANs or VLANs to separate data traffic. Usually, OT networks are segmented putting together similar assets with the same objective or risk level, trying to create LANs as much consistent as possible. However, using only network segregation can result in a weak security strategy, in fact to prevent threats escalation it is mandatory to check and control vulnerable assets within LANs.
Sometimes it can be difficult to create consistent local area network with similar assets, thus ending into heterogeneous assets inside the same network, without any knowledge about the real actual topology
Edge SDN node is a security Software Defined Network switch enhanced with an Intrusion Detection System based on a Self-learning AI algorithm. This is the key to control and inspect data traffic where threats can jump in. It is enough to use few SDN nodes in each local network as a local protection system where isolation, segmentation, prevention, and automation are fundamental bricks of the defence wall.
Network segmentation is consequently enhanced by a sophisticated security function to detect and prevent any threat or vulnerability.
Alone or coupled with other cyber security products, such as network sensors, assessment platforms or just traditional network segregation and firewalling techniques, Edge SDN Platform is an effective solution to protect the edge of the network.