Five steps to protecting industrial Internet of Things infrastructure
The Internet of Things (IoT) is ushering in a fourth wave of the industrial revolution, with multiple industries such as manufacturing and healthcare leveraging connected devices to better manage industrial control systems (ICSs). However, this new capability also raises new security concerns, and companies need to take measures to address them.
Gavin Coulthard, Palo Alto Networks systems engineering manager for Australia and New Zealand, says, “Mixing operational technology systems and information technology systems by way of IoT devices can increase the threat surface and open up new ways for hackers to breach sensitive organisational networks. This can result in data and financial losses, infrastructure damage, and damage to an organisation’s reputation.”
Palo Alto Networks recommends five key steps to protecting an Industrial Internet of Things (IIoT) infrastructure:
Implement layer-7 inspection technologies for improved visibility
Granular visibility of ICS protocols is a helpful step to increasing intelligence over data traffic. Linking this visibility to users and inspecting file-bearing applications is an essential part of this process. Next-generation firewalls employing advanced deep-packet inspection technology can help to deliver this capability.
Apply zero-trust network segmentation
It is important to apply zero-trust rules with access allowed on a ‘least privilege’ basis, where users are given access only to the systems they need to carry out their duties. This approach can result in a marked reduction in the number of vectors that can be used by an attacker, while also providing better correlation between user and application.
Use modern tools for preventing zero-day attacks
So-called zero-day attacks exploit previously unknown vulnerabilities in computer code to breach systems. Tools that can detect and prevent such threats at both the network and the endpoint levels are now essential for protection. A combination of malware ‘sandboxing’ solutions and advanced endpoint protection technology can help reduce the success of such attacks.
Secure mobile and virtual environments
Mobile devices should be checked for proper configuration before being allowed to access the network and, once on the network, applications should be limited to reduce the potential attack vectors. For virtual environments, virtualised firewall technology should be used to provide better visibility to data traffic.
Use a cohesive security platform
Many legacy ICS environments do not have adequate security, and those that do often use security systems with point solution architecture. This can hamper performance, incident response, and administration. Next-generation firewall architecture, on the other hand, along with new models of centrally-connected endpoint security measures, support optimal operation and threat detection.