IT administrators are in charge of security in both IT and OT, but while in the IT domain the defence department can directly design, develop and prevent malicious conditions, in the OT field, things are quite different.
The whole OT crew is in charge of supervising and maintaining safety conditions in both physical and cyber environments, thus IT can only design and implement cyber security procedures but with the lack of direct control. Moreover, as things change rapidly in the OT, faults, unplanned assistance, and unexpected events can generate emergency conditions in which the rapid solution of the problem can have higher priority at the expense of preserving the minimum-security level planned.
Here it comes the most dangerous condition, it is mandatory to protect any relevant asset preventing malicious activities from and to the network to ensure business continuity, which is the primary goal of any factory. Fulfilled security condition and protection must be guaranteed in every working condition with a predefined security level.
To achieve this, it is important to understand the roles in cyber security that are quite straightforward in Industrial IoT; IT department should plan and design procedures while OT guys on the field should implement them.
Edge SDN nodes create a barrier that protects assets and prevents the spread of threats by controlling traffic and allowing OT operators to manage the security level and operations without any direct IT intervention or assistance.
Assessment is the starting point. It is not mandatory to have a deep study of the network but is it important to start organizing your security plan. Indeed, OT domain accommodates plenty of vulnerabilities such as obsolete machines, old PCs with obsolete operating systems, PLCs, interventions of external maintainers or other personnel, and so on.
What are my relevant assets and services and what are my most vulnerably devices?
What is the minimum viable communication between my assets and services?
What are the main risks I am facing?
What are the main faults or alarms and what happen to OT operativity in emergency condition?
Edge SDN nodes can serve one or many machines or assets, depending on the level of host isolation and traffic segmentation you want to achieve.
Thanks to an easy and intuitive interface it is straightforward to create working profiles where a predefined level of security is guaranteed. For any profile you can decide which applications, endpoints, ports and protocols are allowed and whether the IPS must be active, and which kind of traffic it should handle.
It is possible to create multiple profiles, each specifically tailored on particular operational conditions, such as:
Edge SDN nodes can serve one or many machines or assets, depending on the level of host isolation and traffic segmentation you want to achieve.
The planning task of IT departments is done, now it is time to put the car on the road and let OT operators drive it.
During everyday activity, OT guys use tablet interface to switch from one profile to another. It is a piece of cake to change working profile, without any action or assistance by IT department.
For example, if a maintenance activity needs to be done on a machine, just switch current profile to “maintenance” and the security level will be driven by the operation.
At any time, Central Management Console gives a detailed overview of the system status with current and past activities.
Central Management Console can be placed in cloud or in your own datacentres, white label is possible as well as offering Central Management Console as a service.
Enhance the security and make your OT network and plant compliance with IEC 62443
Fewer IT service intervention and assistance in the OT field
OT guys can manage problems and alarms in total safety on their own
Protect your assets from zero-day vulnerabilities, by segmenting and isolating them
Ensure your customers that you work respecting the cyber security rules
Remote control and supervise plant security level and operations
Vulnerabilities are bounded in isolated assets and cannot be spread in other network portions
Warnings and alarms coming from nodes are first evaluated form self-learning AI to better cope with concrete risks
High-value data from your own network