Earlier this year Cyolo launched our enhanced Partner Program. One of the big reasons we decided to expand the program was so we could provide more complete support for our partners in the OT sphere.
As digital transformation has accelerated in recent years, information technology (IT) systems and operational technology (OT) networks are increasingly interfacing if not fully converging. Rising interactions between IT and OT has led to many benefits, but if proper security measures are not in place, then criticaindustrial systems can be left vulnerable to highly destructive cyberattacks. This danger was quantified in IBM Security 2023 X-Force Threat Intelligence Index, which identified manufacturing as the most targeted industry for the second consecutive year.
The Cyolo zero-trust access platform can be deployed in all environments and will bring improved security to all organizations. However, companies facing the greatest challenges – a category that most certainly includes those operating OT systems and critical infrastructure – will see the greatest impact with Cyolo. At the same time, partners have an enormous amount to gain by working with Cyolo in the OT space.
So, what exactly does it take to secure OT and industrial control systems (ICS) environments? The SANS Institute has outlined five critical components of effective ICS/OT security. Let’s explore each of the components and how Cyolo can contribute to each.
How Cyolo Enforces the Five ICS Cybersecurity Critical Controls
ICS incident response: Cyolo is not an incident response tool; however, it includes several features that will provide crucial during the incident response process and, in particular, when performing a post-incident investigation. Chief among these features are session logging and recording.
Defensible architecture: According to SANS, “an effective ICS defensible architecture supports visibility, log collection, asset identification, segmentation, industrial demilitarised zones and process-communication enforcement.” The Cyolo solution includes all of these capabilities and can contribute to the creation of a defensible architecture in several important ways. For instance, Cyolo extends access controls across all areas of an organization and provides auditing and logging functionality. These logs can be aggregated to a central location, where event correlation can be performed to detect any anomalies or deviations in user behavior or environment analytics. Cyolo also facilitates the segmentation and directional flow of networks and infrastructure so that users can only access the resources they are entitled to at that moment in time.
ICS network visibility monitoring: While not engaging directly in network visibility monitoring (deep packet inspection), Cyolo does thorough functional alignment to standards such as NIST 800-207, perform continuous validation of sessions and access to operational environments and resources. Cyolo also acts as a conduit that can perform actionable control of resources (people, process and technology) from data collected and analyzed through monitoring tools and functions.
Remote access security: Remote access security is where Cyolo shines. The most commonly used secure remote access (SRA) tools today still align with the outdated perimeter security model. This security approach may have worked reasonably well before OT environments began opening to IT connections and the internet, but in our current reality it is far from sufficient. At long last, Cyolo brings the zero-trust security model to the world of OT. Unlike other ZTNA solutions, which are designed for the cloud and do not work offline or even on-premises, Cyolo is purpose-built to solve the security and access challenges facing OT and ICS environments. These include the need to enable technicians and other third-party contractors to securely connect from anywhere to critical infrastructure that may be located in far-flung and difficult-to-access locations. In addition, Cyolo can add multi-factor authentication (MFA) functionality to legacy systems that do not natively support strong authentication.
Risk-based vulnerability management: Cyolo is not a vulnerability management tool but nonetheless helps companies enforce this control. Cyolo disables services and communications paths to resources that, if compromised by a vulnerability, could lead to a loss of command/control. This is done through Cyolo’s granular access to resources, policy control enforcement (to ensure that users are restricted to specific functions while within the environment) and session management functions. Cyolo can also be leveraged through automation or operator intervention to perform changes to the platform based on vulnerabilities assessed through the management program.
Organizations like SANS are making important progress defining the specific security needs of OT environments. Still, requirements for IT/OT convergence are growing, and many significant challenges remain. These include the preponderance of difficult-to-secure legacy technology and the fact that most existing secure access solutions were built for the IT world and simply cannot meet OT/ICS needs.
With its unique trustless architecture and ability to bring secure zero-trust access to all environments, Cyolo is perfectly positioned to help OT organizations solve their toughest security and access challenges. And now, Cyolo is also enabling its partners to better support their own OT customers by extending secure access to all users, while ensuring uninterrupted productivity and safety.
Learn more about the Cyolo Connected partner program here.
