Proactive Threat Monitoring and response is the new battleground for OT security threats. Most of the major OT (and even IT) threats over the last decade have breached networks by circumnavigating the traditional vertical security measures (i.e. firewalls, NAT, VLANs, ACLs, etc.) and have spread (horizontally) through the network. These threats require a new kind of vigilance and response that can only be achieved with advanced Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).


arc-model



The model above is a simplified adaptation of the ARC security lifecycle model. We have simplified the 5 step model of (Secure, Defend, Contain, Monitor, and Manage) into “Where to Start”, “Network Infrastructure” (Vertical Security), and “Industrial Cyber Security” (Horizontal Security).

Industrial Cyber Security (Horizontal Security) – The Monitor/Manage stage is focused on visibility of devices and application level traffic visibility to identify and respond to threats on your network that have either penetrated or bypassed your “vertical security”.

The Rise of Horizontal Security

Over the last decade, all of the major cybersecurity threats have attacked networks by exploiting people and processes rather than attempting to compromise networks directly through the firewall or other “vertical” security measures such as NAT or VLANs. The need to update your security policies to include “horizontal security measures including IDS/IPS threat monitoring and response, virtual patching of out of support, but critical controls running Window 7, XP, NT, etc, and other deep packet inspection technologies than operate inside of your primary threat defense perimeter.

Processes and technologies meant to rapidly detect and respond to detected threats must repel this new breed of network attacks that have spawned over the last decade. Because no defense is impenetrable, having a robust backup and recovery plan is a major part of any modern OT security plan/policy.

People and Process

Consider these questions when establishing processes to help monitor and manage your network.


  • What visibility do I have today to monitor internal threats and breaches? (see chart below)

    • Do I know when there is a security breach or outbreak?
      Traditional "vertical" security solutions provide little to no visibility into threats that have already gained a foothold in your network.

    • What can I do to contain and minimize the threat?
      Once you have visibility into the threat, what options do you have to contain or minimize the threat it poses to the safety of your operations or the financial health of your business.

  • Who needs to have access to view vs make changes to data collection and reporting?
    Maintain a standardized reporting and monitoring process to catch anomalies and potential threats.

  • Who needs to be alerted and what is the documented response?
    Respond quickly to threats and alerts with established procedures.

  • Determine monitoring thresholds/baseline your network - This is an important step - understanding what the health "vital signs" of your network is, to provide a baseline of comparison to help monitor for out.


Targeted & Non-Targeted Cyberattacks

different-cyber-attacks



Security / Liability Risk Tolerance

  • What are the critical systems that must be monitored & protected?

  • What systems are out of date/support, but still critical to the business and must be protected by some other means? (Virtual Patching).


← Network Infrastructure

Featured Products

MXstudio Network Management


Cybersecurity Threat Detection & Response


Fill out the form below for Product Questions, Live Demo Requests, Free Trial Requests, or General Network Security Questions.