Sophisticated security concepts have to be found for the production environments so that OT and IT security can be put into practice both for new systems and old equipment. The focus here is always on the timely detection of IT security problems and cyber attackers. It must be possible to determine the current security situation of the company at a glance at the touch of a button, thereby ensuring that almost all entry gates are closed to attackers.
This requires technology, experts and processes. In terms of software, special OT risk detection modules are available. First and foremost, such software identifies protocols and applications in network traffic, analyses extracted data and visualises anomalies. Keyword: Industrial Network & Behaviour Analysis. In addition, security-relevant information is gained through the collection, analysis and correlation of logs from various sources – Industrial System Log Collection & Analysis. Finally, vulnerability scans in selected areas and environments – Selective Vulnerability Management & Assessment – provide valuable information. If the identified potentially security-relevant information from all three modules is correlated, this delivers very high-quality information about the current “health status” of the Operational Technology.
The further processing of the results is reserved for security specialists due to the level of complexity. They evaluate and prioritise the automatically generated findings. Finally, they provide all the information in a single, easy-to-understand portal that is accessible by the relevant stakeholders – including IT & OT operations teams and the company management – or from which they receive regular, customised and helpful reports. If the processes work, from the actual automated detection to the timely resolution of actual problems, attackers will have a very hard time causing damage to production facilities.