IT and OT departments - Edge sdn
16781
page-template,page-template-full_width,page-template-full_width-php,page,page-id-16781,bridge-core-2.0.9,ajax_fade,page_not_loaded,,qode_grid_1300,qode-theme-ver-24.0,qode-theme-bridge,qode_advanced_footer_responsive_768,qode_header_in_grid,wpb-js-composer js-comp-ver-6.4.1,vc_responsive
 

IT and OT departments

IT department plans and designs procedure

while OT guys are on the field to make it.

IT administrators are in charge of security in both IT and OT, but while in the IT domain the defence department can directly design, develop and prevent malicious conditions, in the OT field, things are quite different.

 

The whole OT crew is in charge of supervising and maintaining safety conditions in both physical and cyber environments, thus IT can only design and implement cyber security procedures but with the lack of direct control. Moreover, as things change rapidly in the OT, faults, unplanned assistance, and unexpected events can generate emergency conditions in which the rapid solution of the problem can have higher priority at the expense of preserving the minimum-security level planned.

Here it comes the most dangerous condition, it is mandatory to protect any relevant asset preventing malicious activities from and to the network to ensure business continuity, which is the primary goal of any factory. Fulfilled security condition and protection must be guaranteed in every working condition with a predefined security level.

 

To achieve this, it is important to understand the roles in cyber security that are quite straightforward in Industrial IoT; IT department should plan and design procedures while OT guys on the field should implement them.

Edge SDN nodes create a barrier that protects assets and prevents the spread of threats by controlling traffic and allowing OT operators to manage the security level and operations without any direct IT intervention or assistance.

Make an assessment

bring out your security plan and operative procedures

Assessment is the starting point. It is not mandatory to have a deep study of the network but is it important to start organizing your security plan. Indeed, OT domain accommodates plenty of vulnerabilities such as obsolete machines, old PCs with obsolete operating systems, PLCs, interventions of external maintainers or other personnel, and so on.

What are my relevant assets and services and what are my most vulnerably devices?

What is the minimum viable communication between my assets and services?

What are the main risks I am facing?

What are the main faults or alarms and what happen to OT operativity in emergency condition?

Edge SDN nodes can serve one or many machines or assets, depending on the level of host isolation and traffic segmentation you want to achieve.

Install Edge SDN nodes and create security profile

Thanks to an easy and intuitive interface it is straightforward to create working profiles where a predefined level of security is guaranteed. For any profile you can decide which applications, endpoints, ports and protocols are allowed and whether the IPS must be active, and which kind of traffic it should handle.

 

It is possible to create multiple profiles, each specifically tailored on particular operational conditions, such as:

  • Manual or automatic operations
  • Different type of maintenance services
  • Remote connections
  • Faults and alarms
  • Unforeseen events that isolate completely assets

 

Edge SDN nodes can serve one or many machines or assets, depending on the level of host isolation and traffic segmentation you want to achieve.

Let OT operators to manage it

The planning task of IT departments is done, now it is time to put the car on the road and let OT operators drive it.

 

During everyday activity, OT guys use tablet interface to switch from one profile to another. It is a piece of cake to change working profile, without any action or assistance by IT department. 

 

For example, if a maintenance activity needs to be done on a machine, just switch current profile to “maintenance” and the security level will be driven by the operation.

Supervise and control

At any time, Central Management Console gives a detailed overview of the system status with current and past activities.

 

  • Connected resources and last connection time for any application and service
  • Threats detected with a threat rating
  • Timetable with the changes of profiles and security levels
  • Current active applications and sessions for each asset

 

Central Management Console can be placed in cloud or in your own datacentres, white label is possible as well as offering Central Management Console as a service.

Benefit

Enhance the security and make your OT network and plant compliance with IEC 62443

Fewer IT service intervention and assistance in the OT field

OT guys can manage problems and alarms in total safety on their own

Protect your assets from zero-day vulnerabilities, by segmenting and isolating them

Ensure your customers that you work respecting the cyber security rules

Remote control and supervise plant security level and operations

Vulnerabilities are bounded in isolated assets and cannot be spread in other network portions

Warnings and alarms coming from nodes are first evaluated form self-learning AI to better cope with concrete risks

High-value data from your own network