4 Ways to Improve Network Threat Detection

Feb. 21, 2022
As industrial cybersecurity threats increase, taking every measure possible to secure vulnerable OT systems is vital, particularly in a legacy environment.

Staying on top of new technology and cybersecurity at aging plants is complicated. Many plants have equipment that is 10, 20, or even 30+ years old and may be relying on unsupported operating systems or software. These legacy systems often cannot be patched or upgraded, and migrating to a new operating system is not cost-effective. To help you overcome these challenges, here are four key ways to bolster your operational technology (OT) network by increasing threat visibility.

1. Baseline Your Network

To help determine which communication activities are normal and which  may be threats, it’s essential to have an accurate baseline reading of your entire network. A compressive device inventory is necessary to observe when new or unapproved devices connect to your network. It’s also vital to understand which devices communicate to each other and what OT protocols they are using.

2. Centrally Collect System Logs

System logs can help correlate events across different devices and different manufacturers. This will provide horizontal visibility across your company. If you’re able, automate the review of these logs with machine learning technology.

3. Implement Incident Response Playbook

With the additional data you’ll collect from various threat detection tools, it’s important to develop an incident response playbook for your company. Collecting logs, baselining your networking, and implementing tools will provide little to no value unless you have a plan in place to monitor and act upon this data. Consider implementing tabletop exercises to roleplay the various scenarios.

4. Develop a Central Pane of Glass

It’s crucial to develop a dashboard with specific key points of interest across all your company’s verticals. This will help your operation center teams efficiently parse the data. With the continuing convergence of IT and OT, it is important to have central visibility. This visibility will help close the gap and provide insight into the wide variety of devices that can be seen today.

In manufacturing, security has typically taken a secondary role to production. However, the industry is beginning to see a rapid increase in OT threats. By implementing some of these best practices, you can gain additional visibility into the threats facing your OT network.

Where Can I Learn More?

Interstates has plant cybersecurity experts ready to help. If you have any questions about network threat detection, reach us at (712) 722-1662 or www.interstates.com/contact/.

David Smit is a Systems Analyst who works in Operational Technology at Interstates, a certified member of the Control System Integrators Association (CSIA). For more information about Interstates, visit its profile on the Industrial Automation Exchange.

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...