Cyber-attacks can spread through an industrial network rapidly, often creating significant disruptions and severe financial losses. Securing the network is as critical as securing the endpoints in the network. This blog looks at virtual patching and network segmentation solutions that are good defenses against network security threats.
Network segmentation is the foundation of convenient and reliable industrial control network security. Eliminating points of vulnerability prone to cyber-attacks and reducing the impact of any security incident are the critical goals of a network segmentation scheme. Proper network segmentation comes with two countermeasures: internal segmentation and micro-segmentation. Micro-segmentation is very effective but can be very difficult to manage and deploy in large-scale network environments. A few factors specific to industrial networks need consideration in identifying the right network defense solution.
- Patching: Unpatched and legacy assets are usually essential to operations, and they require specialized protection that safeguards and maintains productivity. Virtual patching — or vulnerability shielding — acts as a safety measure against threats that exploit known and unknown vulnerabilities. Virtual patching works by implementing layers of security policies and rules that prevent and intercept an exploit from taking network paths to and from a vulnerability point. Users need to control the patching process to facilitate a pre-emptive defense during incidents and provide additional protection for legacy systems. A good virtual patching solution implements a multilayered network with capabilities to inspect and block malicious activity from business-critical traffic.
- Visibility – Getting a complete understanding of all the devices in the network, the OT network, and the shadow OT environment is an important consideration. Transparent visibility into network traffic and integrated views of IT and OT networks are important aspects of network security. In addition to visibility, building awareness of the network operation with real-time and historical analytics is a prerequisite for devising effective threat management plans.
- Protocol Support – Industrial environments have various protocols in use. Identifying solutions that can support multiple protocols like Modbus, Ethernet, CIP, and EDA allows for seamless operation within the network architecture
- Ease of deployment – From creating allow lists with ease to on-demand network segmentation for short periods, a variety of administrative tasks require consistent frequency performance. Solutions that can make managing and deploying security measures centrally and efficiently would save costs and better control the network.
TXOne Networks’ adaptive ICS cybersecurity solutions provide a safe, reliable work environment even for the most sensitive or essential technologies, keeping the operation running. Virtual patching shields un-patchable or legacy devices, and network segmentation mitigates risk by making the network fundamentally more defensible. At the same time, advanced ICS protocol-based trust list profiling gives granular, highly detailed control over assets. These protections are in industrial-grade ISIPS (Internal Segmentation IPS) appliances purpose-built for any business intention.
Two new solutions, built by TXOne, a subsidiary of Trend Micro, are now available to mitigate cyber risks in connected industrial settings. An industrial firewall EdgeFire™ and intrusion prevention system EdgeIPS™ limit the exposure of insecure communications channels and protect against vulnerability exploitation. The solutions also incorporate a highly integrated security management console to provide visibility across the entire installed OT equipment estate and help managers identify the root cause of attacks.
The value of these new smart factory solutions is enhanced when a multilayered security approach exists alongside Trend Micro hybrid cloud security and network defense solutions. Altogether, this group of smart factory security solutions can persistently prevent and detect attacks.
Learn more about TXOne solutions for robust industrial network defense.
