Why it’s time for OT environments to prioritize security automation initiatives
Today we announced an expansion of our partnership with 1898 & Co, which is built around our joint solutions framework. While I am personally excited about the solutions strategy, automation workshops, and consulting services that our joint framework enables, I want to explain why we started this joint venture.
OT Cybersecurity Challenges
No modern industry is immune to the operational, technology, process, and security-related challenges that require an automated solution. As operational technology (OT) and information technology (IT) environments continue to converge, companies in industrial industries like energy, utilities, and manufacturing, will be increasingly challenged. Such entities will need to overcome obstacles like:
-
The high volume of manual work
-
Analyst burnout and the difficulty to hire qualified talent
-
Increased surface area and infrastructure growth
-
Business disruption from breaches
-
Ever-expanding compliance requirements
-
Lack of documented processes
The list goes on and on. It’s daunting.
We launched the Medley Global Partner Program as a way to team up with partners like Nexum, Elastic, Recorded Future – and now 1898 & Co. – to deliver customer-centric, joint solutions that deliver value for our mutual customers. An independent electricity transmission company realized several outcomes from working with Swimlane and 1898 & Co.:
-
Scalable and secure deployments that are in compliance with NERC CIP requirements
-
Saving 45-minutes per indicator of compromise (IOC) investigation
-
Secure asset management for the energy grid
The Rise of SOC and SOAR Investments for OT Environments
After connecting with the 1898 & Co. team headed by the global managing director of security and risk consulting, Matt Morris, we realized that these needs and valued outcomes aren’t isolated to individual customers. Rather, these needs transcend all businesses operating in an OT environment. This observation is further validated by the SANS 2021 OT/ICS Cybersecurity Report, which found that investing in a security operations center (SOC) for OT control systems (37%) and security orchestration automation and response (SOAR) (33%) were the top two investment priorities for companies surveyed in the next 18 months.
“Critical infrastructure organizations face increasing threats across their IT and OT environments, making it difficult for even the most skilled analysts to detect and respond to threats in a timely manner,” Morris said. “Investing in a SOAR platform will help these companies maximize and streamline the productivity of existing security tools and staff through the power of low-code automation. By implementing Swimlane’s approach to SOAR, operators can truly accelerate their SOC and give analysts the tools needed to maximize their efficiency and increase scope and coverage to more comprehensively handle top threats.”
Top Cybersecurity Threats and Requirements Leaders Are Addressing
The driving factors behind the investment in SOCs for OT environments and SOAR were the need to maintain continuous compliance and prevent breaches. From a compliance standpoint, most businesses who operate an OT environment map their control systems to NIST Cyber Security Framework, with NERC CIP, and MITRE ATT&CK ICS frameworks also being common. The top five vectors that threaten OT environments, according to the SANS survey, include ransomware (54.7%), nation-state cyberattacks (43.1%), new and vulnerable devices added to the network (31.3%), non-state cyberattacks including criminal, terrorism and hacktivism (27.9%), and the integration of IT into control system networks (26.3%).
Looking Ahead: Predictions for the Future of OT Cybersecurity
After absorbing all of this, I sat down with the 1898 & Co. team and we identified 3 major OT cybersecurity trends that we expect to continue to become increasingly pervasive over the next three to five years.
OT and IT Will Completely Converge
As businesses demand these technologies to become more integrated, the need for real-time detection and response will be paramount. As this convergence happens, the global skills shortage will become more prominent. There is a huge lack of candidates who have blended experience in IT and OT. Proper security automation architecture use will be essential for enabling this convergence.
Ransomware and Nation-State Threats Will Continue to Rise
Security experts have known this for a while, but it is now becoming evident that the way we think about war has changed. Companies that manage critical infrastructures like the energy grid, water, healthcare, and essential manufacturing, need expertise and technology to help reduce the impact and downtime associated with this risk.
Grid Modernization
As the power grid evolves to accommodate technological advancements happening related to the way we generate, transmit and distribute power, the security of operational technology will be in the spotlight. The expansion of digital devices and grid modernization brings many benefits, like smarter and more resilient electricity systems that are capable of reducing the frequency and length of power outages, but they also require constant monitoring and secure response processes. As grid modernization scales, the requirement for automated actions will be paramount.
Low-Code Security Automation for OT Environments
Together, Swimlane and 1898 & Co. offer solutions for these existing and emerging challenges through our new joint solutions framework. Swimlane’s low-code security automation solution offers a workforce multiplier to add power to SOC teams in an OT environment. With the help of 1898 & Co. to build out processes that are conducive to automation, companies in OT environments are in a position to 10x their resources.
Learn more about how to get started today.
Top 13 Automation Use Cases for Your SOC and Beyond
Did someone say Automation Beyond the SOC? Yes, you heard that right! As attacks become more frequent and sophisticated, security teams require automation to mitigate alerts, unify telemetry sources, and enhance overall SecOps effectiveness. Automating use cases within and beyond the SOC helps organizations keep up with alerts and maximize their return on investment (ROI) for all their security technologies.