The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic. More than three-quarters of respondents went on to predict that their organization’s networks would become even more connected in the years that follow.
Industrial organizations are More Connected, but Not Necessarily More Prepared
Notwithstanding the findings discussed above, many organizations aren’t prepared to face the challenges associated with the IT-OT convergence. These obstacles include the fact that nearly a third of organizations’ OT environments lack proper safeguards against digital threats, as reported by Help Net Security. They must also navigate the difficulties of having siloed teams under their employment. More than half (56%) of respondents in the survey said that collaboration between their IT and OT teams had become more challenging in recent years, for instance, thus complicating the task of securing Internet of Things (IoT) devices deployed in those environments.
Siloed teams and missing safeguards weigh on other security concerns facing industrial organizations, as well. In the first half of 2021, Kaspersky blocked more than 20,000 malware variants. Those attack attempts targeted almost a third of industrial computers protected by the security firm’s solutions, and they used various types of digital threats in the process. Specifically, Kaspersky’s researchers saw an increase of spyware and malicious scripts by 0.4% and 0.7%, respectively.
It’s a similar story with vulnerabilities affecting organizations’ industrial control systems (ICS). TechRepublic noted that the security community learned of 637 such weaknesses in the first half of 2021. That’s a 41% increase over the 449 flaws discussed a year earlier. Nine in 10 of those vulnerabilities involved “low attack complexity” in that someone didn’t need special skills to misuse them. Additionally, nearly three-quarters of the weaknesses required no privileges to execute, while 66% required no user interaction.
Where These Developments Leave Organizations
IT and OT need to come together to address the security challenges discussed above. Tripwire understands this reality. That’s why it decided to partner with Nozomi Networks.
Time for a bit of context. Recognized as the market leader in OT and IoT security, Nozomi Networks enables customers to achieve superior operational visibility of their OT and IoT networks and detect threats across all deployments. Nozomi Networks solutions support more than 48 million devices in thousands of installations across energy, manufacturing, mining, transportation, utilities, building automation, smart cities, and critical infrastructure. What’s more, the products are deployable onsite and in the cloud, and they span IT, OT, and IoT to automate the hard work of inventorying, visualizing, and monitoring industrial control networks through the innovative use of artificial intelligence.
By bringing those solutions together with Tripwire’s compliance offerings, customers will be able to strengthen their security posture across their IT and OT networks. These tools will work together to provide them with a consolidated view of their compliance and their authorized assets in those environments. Customers can then leverage that visibility to improve collaboration between IT and OT teams such as by building more continuous data sharing workflows and by consolidating processes such as change reconciliation.
“With Nozomi Networks, our customers now have access to OT and IoT network monitoring and threat detection that is fully integrated with Tripwire’s industry-standard solutions for integrity monitoring, change detection and compliance validation,” explained Tim Erlin, vice president of strategy at Tripwire. “By partnering with Nozomi, we are able to provide a complete and consolidated view of customers' IT and OT security and compliance posture using proven solutions that meet the industry need.”
A Reality Check
The challenges associated with the IT-OT convergence are difficult for a single vendor to address on its own. Until now, no single solution could help organizations to improve IT-OT collaboration while mitigating ICS malware attacks and vulnerabilities all while maintaining compliance. The partnership between Nozomi Networks and Tripwire represents an important step for the security industry, and it reiterates the need for industry leaders to work together to provide comprehensive protection for organizations against today’s emerging threats.
To learn more about the integration between Tripwire and Nozomi, click here.