Representative End User Clients
Representative Automation Clients
Representative Software Clients
Summary
Industrial/OT cybersecurity has never been more important and challenging. Critical infrastructure has become a prime target for cybercriminals and unfriendly state actors. At the same time, digital transformation is creating more vulnerabilities and attack pathways.
These developments are undermining the effectiveness of conventional OT security programs. Security perimeters are 
becoming porous, and more threats are emerging from new devices and workers within systems.
While many industrial facilities have invested in basic cybersecurity defenses, most were designed for a less challenging threat environment. Today, OT security needs solutions and policies in place that can block more sophisticated malware, as well as ensure more stringent control of who and what gains access to critical assets. This ARC report discusses the challenges of today’s OT cyberthreat environment and what’s needed to strengthen existing defenses.
ARC discussed these issues with executives of OPSWAT, a leading supplier of solutions that block advanced threats before they can impact the operation of critical infrastructure. An overview of their comprehensive security platform is included to show how one leading cybersecurity company is offering solutions to strengthen existing systems and help critical infrastructure operators keep their facilities safe and secure.
Today’s Threats Demand Better Industrial Cybersecurity
ARC’s Industrial/OT Cybersecurity Maturity Model is a useful tool for understanding the status of industrial cybersecurity programs. This model provides a roadmap for implementing the security technologies, cybersecurity management solutions, and human resources needed to support the NIST cybersecurity framework recommendations. The colors in the model distinguish the basic passive defensive measures needed to protect systems against conventional hackers, from the active defense capabilities needed for today’s sophisticated attacks.
A key benefit of the ARC model is how it highlights the need to address security in a stepwise manner, maintaining alignment of people, processes, and technology capabilities at each step. Security technologies must be maintained to be effective and security teams need the right tools to effectively perform these tasks. Likewise, cybersecurity professionals are only effective when they have good visibility of risks and the ability to rapidly isolate and remediate threats. The real effectiveness of a cybersecurity program, or its maturity, is determined by the weakest element.
As the figure shows, most industrial OT cybersecurity programs are significantly less mature than those for IT. IT security programs include passive and active defenses, and they have teams of cybersecurity professionals with advanced cybersecurity management solutions to help them maintain security posture and manage attacks. 
Sophisticated attackers may compromise these systems, but rapid detection, isolation, and remediation enable security teams to minimize the impact. Typical OT cybersecurity programs only have passive defenses and lack the people and security tools to maintain them.
The current state of OT cybersecurity is placing many facilities at risk of serious cyber incidents. And these risks are growing rapidly, with attackers becoming more sophisticated, companies deploying unmanageable IoT devices, and connections with external resources proliferating. Closing the maturity gaps between OT and IT cybersecurity programs is an urgent issue that every facility needs to address.
Improving Security Is Like Eating an Elephant
No industrial company can afford the risks of operating with weak OT cyber defenses. A single incident can jeopardize worker safety, product quality, regulatory compliance, and operational continuity. Every facility needs to ensure that their OT cybersecurity programs can mitigate the risks of sophisticated targeted attacks, ransomware, and poorly secured digital transformation programs.
While IT grade security should be the goal for every OT cybersecurity improvement program, achieving this state will take time. No one can eat an elephant in one bite, and no one can address all OT cyber challenges in a single, big bang effort. Experience also shows that advanced, active defense solutions are no replacement for poor passive defenses. This approach only increases security risks, as overworked security teams waste time on erroneous system alerts.
Real cyber risk reduction requires a program of sequential, bite-sized improvements that address specific security gaps while maintaining alignment of people, processes, and technology capabilities. This should start with efforts to ensure that the likelihood of compromises and the potential impact of any compromise are minimized. Once this goal is achieved, focus should shift to reducing the time security teams need to maintain security hygiene. This will free up security resources to implement advance defenses and the confidence in security alerts to effectively manage new threats.
OPSWAT Helps Companies Strengthen OT Defenses
OPSWAT is a global provider of cybersecurity solutions that protect organizations from cyber threats and ensure regulatory compliance. Since 2002, OPSWAT has been helping enterprises identify, detect, and remediate advanced security threats from data and network-connected devices. In recent years, the company has augmented these capabilities with OT-specific network security solutions that enforce stronger security within facilities.
ARC’s discussions with company executives revealed OPSWAT’s deep understanding of the challenges OT security teams face. ARC was also impressed with the comprehensive suite of security solutions and services the company offers to address OT security challenges.
The OPSWAT platform gives industrial companies a single source for solutions to protect IT and OT systems. The products in this portfolio focus on eliminating malware and zero-day attacks before they can impact operations. They achieve this by treating every file, every device, every remote user, and every network message as a threat that must be addressed.
The following sections discuss the various product families within the OPSWAT Platform, with particular emphasis on those designed to improve security of OT systems.
MetaDefender
OPSWAT’s MetaDefender solutions represent an advanced approach to managing content-based malware threats. They prevent malware entering systems through use of Content Disarm and Reconstruction (CDR) technology, which is more thorough and effective than approaches that use conventional malware detection. CDR assumes that all files are malicious and includes the functionality to sanitize and rebuild each file ensuring full usability of safe content. MetaDefender uses over 30 anti-malware engines, more than 30 supported data sanitization file types, and over 300 technology partners, for data sanitization, vulnerability detection, multi-scanning, device compliance, and cloud access control. This approach has been proven to be highly effective in preventing known and unknown threats, including zero-day attacks and threats that use malware evasion technology.
OPSWAT’s platform for IT and OT includes a variety of MetaDefender products that industrial organizations can use to protect all the information transfer pathways into critical systems. These products address content that may be transferred through connections with external systems, removable media, and portable devices that may be connected to systems. MetaDefender Kiosk sits outside of an organization’s critical network and scans portable media for threats before it has the chance to interface with any other device on the network. Available in multiple form-factors, it’s designed to provide protection against removable media threats wherever the organization needs it most.
MetaDefender Vault provides further protection by ensuring that information that has been verified remains trustworthy.
The company reports that MetaDefender is used by over 1,200 organizations worldwide, including critical infrastructure, government agencies, and financial institutions, to enable secure information transfers into and out of their operations, and to prevent cybersecurity threats.
MetaAccess
OPSWAT’s MetaAccess solutions prevent risky devices from accessing IT and OT systems and cloud applications. These products perform extensive security and compliance checks as well as remediation before allowing devices to connect to local networks. This reduces the risks of remote worker devices compromising systems.
MetaAccess OT is OPSWAT’s solution for managing the significant risks arising in OT systems with the explosion of remote users and the proliferation of VPN connections. This product provides one centralized platform for secure remote access for all remote users whether they are company employees, OEMs, or other third-party service providers.
MetaAccess OT connections are made through a fully encrypted, outbound-only TLS service registration tunnel that eliminates expansion of a facility’s attack surface. This approach gives infrastructure operators full control of remote access sessions regarding what assets each user sees and what activities they can perform. All sessions can be continuously monitored and terminated at will, as well as recorded for compliance purposes. MetaAccess OT can be deployed in the cloud or on-prem, with seamless integration to active directories and protection of passwords.
Network Security
OPSWAT provides two types of solutions to help organizations harden their OT networks. OPSWAT NetWall solutions provide a high security means of exchanging data with external systems. OPSWAT OTFuse provides device level intrusion protection.
OPSWAT offers several versions of its NetWall security gateway technology. NetWall USG is a unidirectional security gateway that allows OT systems to send data to external systems without creating new pathways for external attackers. NetWall BSG extends NetWall USG capabilities to support exchanges that require handshaking. This solution performs real-time replication of the data and uses a bilateral mechanism to handle data responses without compromising the security and integrity of the OT network. NetWall Optical Diode provides a hardware-enforced unidirectional transfer of real-time OT data over a reliable, high speed, low latency optical link that physically ensures that there is no return path for attackers to exploit. NetWall Threat Prevention Platforms offer the added benefit of integrated OPSWAT MD Core, providing a secure and reliable solution for transferring files across network security boundaries.
OPSWAT OTFuse is an industrial firewall that sits in front of industrial endpoints to protect mission-critical assets like PLCs, VFDs, DCS, as well as other network connected devices. It parses industrial protocol messages and enforces normal operations within plants. It includes automatic learning of normal operations and protects industrial assets from unauthorized configuration changes, device resets, device reads, logic updates, and invalid message values. OPSWAT offers several versions of OTFuse that support different numbers of devices and a version built specifically for GE iFix products and Cimplicity networks.
Neuralyzer
Neuralyzer is OPSWAT’s offering to help operators understand and manage their OT cyber risks. It provides visibility into assets, vulnerabilities, and behaviors that are unusual or contrary to established security policies. It also provides support for regulatory compliance.
Neuralyzer uses passive and active scanning techniques to develop asset inventories and network flow maps that can be displayed in a variety of useful, OT-relevant formats. This includes an asset inventory list with drill down to complete device details, a network centric map showing connectivity patterns across all system assets, and a real time Purdue model network map that can help users spot abnormal or unauthorized connections across different levels and zones.
Neuralyzer continuously monitors ICS networks and triggers alerts on detection of potential threats, vulnerabilities, supply chain violations or non-compliant issues in devices and network connectivity. Security policies are either inherited from predefined configurations, self-learning, or manually created, altogether creating a comprehensive detection mechanism for potential threats or operational mistakes.
Neuralyzer strengthens security by providing security professionals and control engineers with prompt, concise, and contextual alert notifications of any security policy violation or network anomaly before they become serious cyberattacks.
OPSWAT OT Services
OPSWAT SOC provides users with a dedicated security operations center of experts that can optimize OPSWAT solutions for discovery, monitoring, alerting, and blocking attacks. This team of security experts can also provide constant monitoring, and response to incoming, ongoing, and upcoming threats to OT and IT environments.
Conclusion
No industrial company can afford the risks of operating with weak OT cyber defenses. A single incident can jeopardize worker safety, product quality, regulatory compliance, and operational continuity.
While IT grade security should be the goal for every OT cybersecurity improvement program, achieving this state will take time. Experience also shows that advanced, active defense solutions are no replacement for poor passive defenses. It only increases security risks, as overworked security teams waste time on erroneous system alerts.
Real cyber risk reduction requires a program of sequential, bite-sized improvements that address specific security gaps and maintains alignment of people, processes, and technology capabilities. This should start with efforts to ensure that the likelihood of compromises and the potential impact of any compromise are minimized. Once this goal is achieved, focus should shift to reducing the time security teams need to maintain security hygiene. This will free up security resources to implement advance defenses and the confidence in security alerts to effectively manage new threats.
This report provided ARC’s recommendations for what critical infrastructure operators need to do to ensure that their OT cybersecurity programs ensure safe and reliable operations. The review of OPSWAT’s products demonstrates that there are companies with solutions that can help to strengthen OT security capabilities. So, the biggest risk to critical infrastructure are users that ignore the urgency in addressing these critical issues.
ARC Advisory Group clients can view the complete report at ARC Client Portal
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: Industrial/OT Cybersecurity, OPSWAT, ARC Advisory Group.