A few days back, I attended the IT-SA Expo & Congress in Nuremberg; it’s the largest IT security conference in Europe. The weather was overcast and rainy for most of the week there in Bavaria, but that didn’t seem to slow attendance. There were over 20,000 attendees at the conference.
In the conversations I had with folks who stopped by our ColorTokens booth during the three days of the expo, I noticed a common theme. Judging by the comments I heard, there seems to be an increasing awareness that security, especially for Operational Technology, is a growing concern for technology managers and risk officers in general.
I don’t exactly know the impetus for this theme. Perhaps it’s the underlying knowledge that the conflict currently going on between Russia and Ukraine, along with other tensions around the world, means that Cyber-Physical Systems may now be considered an increasingly attractive attack surface for state actors, as they already have been for cybercriminals. The nexus of digital and physical systems means that a security compromise in the network can have kinetic effects in the real world.
One person who stopped to speak with us was a risk manager—not a technology person—at one of the largest manufacturing equipment makers in the world. I thought it was indicative that she committed time to attend an IT security conference. She was accompanied by an Operational Technology manager from their company. They told us about how they are seeking to increase their security posture, both for their own systems and for their devices deployed in their client’s industrial networks. They spoke about how they are conscious that the trend of increased connectivity between Operational Technology and the IT network has increased the risk of a compromise in manufacturing systems.
Another person who visited us was from a major multinational sports attire and equipment company. They wanted to learn more about our solutions to secure their Cyber-Physical systems, including both their warehouse operations and manufacturing. They were interested in learning more about stopping the lateral movement of ransomware within their enterprise landscape.
A manager from one of the largest IT consulting and services companies in the world stopped by. They spoke about how the number one concern they are hearing from their clients in Operational Technology/Industrial Control Systems has changed. Whereas clients used to prioritize productivity, uptime, and efficiency above all else, recently, security has come to the fore as a major concern. For their customers, they need a solution that would let them secure both IT and OT systems using a single tool with a unified administrator UI experience for visibility of assets and setting zero-trust communications policies without a loss of productivity.
We talked to them about how our Xshield microsegmentation platform serves as a unified policy decision point for many policy enforcement points in the enterprise, with controls enforced in both an agent-based and agentless manner, depending on the type of asset. We showed them examples of how Xshield can protect data center servers and cloud workloads using our lightweight agent, Kubernetes containerized applications using our agentless service mesh integration, and OT assets using our agentless Gatekeeper. We demonstrated how our Xshield console (shown below) lets them visualize assets and set progressive traffic policies for both their IT network and Operational Technology/Industrial Control Systems.
Applying zero-trust traffic policies in a progressive way eliminates the risk of breaking applications, causing downtime, and loss of production. Traffic policies can stop the lateral spread of any breach of their perimeter defenses before it becomes a crisis, whether the entry point for the compromise is in the IT network or the OT network.
They were interested to hear how Forrester ranked us with the highest possible score in OT, healthcare, and IoT security in their recent Forrester Wave: Microsegmentation Solutions. (If you would like to learn more about that, you can access the report free of charge here.)
Overall, it was a very productive conference, and I’m looking forward to further conversations about how we can be of service and help secure the critical Cyber-Physical Systems of these organizations. Our solutions team is available to discuss how we can help you reach your security goals. You can learn more about our approach by visiting our website: Breach Readiness for Manufacturing Technology and you can reach us to schedule a conversation or a demonstration at www.ColorTokens.com/contact-us.
