Both technology domains have gradually converged within manufacturing floors, office buildings, power plants, and city streets. This phenomenon presents a challenge to chief information security officers (CISOs) who must achieve these new digital outcomes while keeping IT and OT systems cyber secure.

OT devices have traditionally relied on specific security controls, often with low levels of security built in. As today’s IT/OT convergence progresses, it poses a significant security risk. CISOs must protect OT devices and provide adequate safeguards without hindering their operational capabilities and the broader organizational requirements for safe industrial operations.

Integrated IT/OT security is vital

From a business perspective, the significance of protecting OT systems cannot be overstated. Crucial OT systems are critical to the smooth availability of national infrastructure, including manufacturing plants, utilities, water treatment systems, and oil rigs. Failure to protect these assets can lead to unscheduled downtime, national security risks, financial loss, reputational damage, and even the loss of life.

However, protecting OT systems is easier said than done. Oftentimes, organizations use IT-focused security solutions to protect their OT systems, despite the former having drastically different security needs. Instead, enterprises must adopt dedicated, converged IT/OT security solutions. Such solutions provide a host of benefits, the most important of which are:

  • Increased OT security visibility
  • Best-of-breed threat protection
  • Intelligent, speedy analytics and simplification

To ensure an IT/OT security solution is effective, its core functions should support three capabilities:

  • Understand your entire environment
  • Leverage both prescribed and customized tests
  • Perform structured change management to enhance OT platform security

The convergence of IT and OT is a double-edged sword – while it positions organizations to increase efficiencies through enhanced interoperability between disparate systems, it also introduces new challenges, such as security risks from inadequate segmentation.

Thus, when picking a dedicated IT/OT security solution, the imperative is that it provides complete, unified visibility across all IT and OT environments. Managing IT/OT security on a unified platform also facilitates easier risk discovery, faster response times, and greater predictability in management.

About Siemens SiESTA

SiESTA® (Siemens Extensible Security Testing Appliance) is a purpose-built IT/OT testing suite that provides the following:

  • Inventory visibility for entire production systems
  • A wide variety of technologies and methodologies for security tests
  • Clear reporting and summarization of vulnerabilities
  • Structured test processes

The rapid development of OT security technology has created a situation whereby features are bolted on rather than built from scratch. The disparate IT and OT environments have vastly different requirements and can no longer rely on repurposed IT security testing alone. As such, organizations must realize the criticality of selecting solutions that will simplify their journey through the fragmented IT/OT security landscape.

Siemens’ SiESTA® simplifies the structured testing regime and offers two leading value propositions:

  • It is a one-stop testing solution for IT/OT environments through the combination of in-house tools, off-the-shelf IT security tools, and established open-source security tooling on a single platform – enabling simplified planning and automation.
  • Active security through network probes is designed with OT networks in mind.

In conclusion, IT/OT security is best approached with a purpose-built, integrated, and unified security solution that can see, act on, and protect an organization’s entire modern IT/OT environment.

To gain further actionable insight into “Achieving Unified IT/OT Security Testing to Protect Today’s Converged Environments”, download Frost & Sullivan’s executive brief: https://hub.frost.com/opsec-testing/

 

About Kenny Yeo

Kenny Yeo currently leads Frost & Sullivan's cyber security practice across Asia Pacific. A current topic of interest is analysing how vital cyber security is today to enterprise digital transformation efforts to achieve secure DX outcomes. With 20 years of research, consulting, advisory, team management and business development experience, Kenny has expertise spanning cyber security, IoT, smart retail, industrial and e-government.

Kenny Yeo

Kenny Yeo currently leads Frost & Sullivan's cyber security practice across Asia Pacific. A current topic of interest is analysing how vital cyber security is today to enterprise digital transformation efforts to achieve secure DX outcomes. With 20 years of research, consulting, advisory, team management and business development experience, Kenny has expertise spanning cyber security, IoT, smart retail, industrial and e-government.

Share This