Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

The Advantages of Integrating Your OT Security with Next-Generation Firewalls

Even the most advanced next-gen firewalls have blind spots when it comes to industrial security. Here’s how to close those security gaps across your network.

Enterprise information technology (IT) managers face an uphill battle when it comes to detecting and mitigating ever more frequent and sophisticated cyber threats. In their constant match of wits against sophisticated hackers, next-generation firewalls (NGFWs) have emerged as a game-changing IT security asset. And enterprises worldwide have voted with their pockets – a recentMarketsandMarkets report forecasts a 12.3% compound annual growth rate for the NGFW market from 2017 to 2022, reaching $4.27 billion by 2023.1

With the increasing convergence of IT and operational technology (OT) threats, industrial enterprises are looking for ways to leverage and adapt their existing IT cybersecurity investments to address new cyber threats targeting their OT networks as well.

Integrating NGFWs with dedicated industrial cybersecurity solutions can provide organizations with comprehensive and effective protection across both their IT and OT networks. Let's explore some of these advantages and see how such an integrated solution works.

Deploying next-gen firewalls in OT Networks

An NGFW is an IT-oriented network security device that provides advanced filtering capabilities beyond a traditional, stateful firewall. In addition to port and protocol inspection of incoming and outgoing network traffic, NGFWs typically include functionality like application awareness and control, integrated intrusion prevention and threat intelligence.

NGFWs offer a deep-packet inspection function that examines the data carried in network packets. They are also well-equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. This is very important for detecting complex, multi-vector attacks that can traverse from the IT to the OT network.

NGFWs have been deployed in critical infrastructure sectors, including utilities and transportation, oil and gas, and manufacturing, with varying levels of success in preventing cyberattacks on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks.

Adding OT expertise to your IT cybersecurity arsenal

With the rise of external and internal threats targeting industrial infrastructure, organizations need real-time, 360-degree visibility and security while addressing the unique technical and operational requirements of their OT networks.

In this context, deploying NGFWs in conjunction with OT-specific security tools can enhance network visibility and control. Monitoring OT network traffic and ICS devices requires technical expertise and tools that don't exist in most IT organizations. NGFWs, for example, cannot query ICS devices in their native language. This type of functionality is critical for detecting unauthorized changes to ICS devices that do not travel across the network (e.g., serial connection).

Another key OT security requirement is an up-to-date and accurate inventory of ICS assets. A typical ICS network may contain hundreds of programmable logic controllers (PLCs), remote terminal units (RTUs) and distributed control systems (DCSs) from a mix of vendors. To assess risk and build an effective defense strategy, you need to know the manufacturers, models, firmware versions, latest patches and current configuration for each asset in your network.

NGFWs can integrate with ICS asset discovery and tracking tools. Detailed asset inventory information, such as IP address, device type, vendor and model, can be delivered as a tag to the NGFW. This enables admins to define and extend security policies across IT and OT environments and improve their overall cybersecurity posture.

In addition, by combining OT alerts with IT procedures and policies in a single pane of glass, industrial organizations can reduce management complexity and accelerate the implementation of OT-focused firewall rules.

Real-world use cases

Here are a couple of practical examples of how an integrated solution can help protect ICS networks and assets from unauthorized access.

1) Streamline ICS device maintenance using granular security policies

Critical maintenance activities require network connections to sensitive ICS devices. Setting up a connection may necessitate a change in the NGFW’s intentionally strict security policies. These activities often need to be authorized on short notice, which requires detailed asset inventory information or clear visibility into the ICS network.

By integrating OT network security with the NGFW, administrators can configure policies that apply to specific ICS assets using dynamic address groups (DAG), taking their various characteristics into account. For example, when ICS network access is required to update engineering stations, the NGFW administrator can set a policy that applies only to these devices without having to rely on IP addresses which may have changed over time.

2) Secure network connections between ICS and IT environments

To enable network connections between assets in the ICS network and corporate IT applications, NGFW administrators are compelled to set permanent firewall rules that are too permissive and can’t automatically adapt when changes occur. This increases security risk by expanding the potential attack surface.

Using an integrated solution, administrators can configure specific rules for individual ICS assets and group them by type or vendor. There is no need for prior knowledge of the network or IP address. For example, an administrator can set a rule to allow only specific communications commands in order to facilitate data gathering from other devices in the OT network.

Looking ahead

By integrating NGFWs with dedicated ICS security solutions, industrial organizations can augment visibility and control of their OT network. This type of integration enables unified detection of IT and OT threats, faster mitigation of potential risks and maximum return on investment. To learn more about securing your industrial operations from cyber threats, check out our whitepaper: Mind the Gap: A Roadmap to IT/OT Alignment.

1. “Next-Generation Firewall Market,” MarketsandMarkets, June 2017

Related Posts

Integrate Everywhere with Tenable.io

By Diane Garey • March 21, 2017 - 8:19am

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.