A new perspective on security and business
The battle continues, cyber-criminals versus their organizational victims. However, another battle is often raging under the surface inside organizations – security versus the rest of the business. Fighting the global war on cybercrime is much more challenging when the targets are distracted by internal turf wars. If security and business teams step back from the ledge, it’s not hard to see that everyone is working toward a common goal. Both groups want the same thing, not to be a victim of cybercrime. Understanding how to attack this problem without friendly fire is the missing element. A new perspective can show a path toward it.
A challenge of standing on the ledge is the limited view of options available to work the problem. Abraham Maslow described it well, “if all you have is a hammer, everything looks like a nail.” If you focus solely on security methodologies, you will likely only view the problem from this angle. If a cybersecurity threat exists within a system, removing that threat is all that matters. The hammer is the security tool available to remove threats; the threat is a nail.
But what if we looked at the threats from a different perspective? For a more pointed example, we can look at the threats in an OT environment. Like IT, OT devices are vulnerable to various cyber threats. However, threats to device and process configurations are an equally important concern. These operation-focused threats include misconfigurations, unexpected setting changes, unplanned updates, or anything else that could alter a device’s expected functionality. Reducing this type of threat is the focus of OT operation teams. By taking a step back, we can view the operation-focused threats the OT teams are concerned with alongside the security team’s cyber-focused threats. Doing so reveals that both teams have a common goal – maintaining operational continuity.
Now that we have a common goal, one that both security and the business (specifically the operations team in this example) can agree on, the challenge remains how to mitigate the threat best. Continuing our OT example, this step is where a shift is needed from traditional IT security methodologies. The tools used to mitigate threats in IT systems, such as Endpoint Detection and Response (EDR), are often unsuitable for use in an OT environment. The differences between OT and IT, including system resource constraints, legacy software and operating systems, unique devices, and specialty applications, explain part of the reason IT EDR is unsuitable. It can’t monitor threat behaviors it doesn’t understand. More importantly, because of the singular focus on cyber threats, some actions taken by IT EDR tools may inadvertently introduce new operation threats. This explains the reluctance of OT teams to deploy security tools. They could hurt operational continuity more than it helps.
Supporting the new perspective’s common goal requires a new approach simultaneously addressing cyber and operation threats—Cyber-Physical System Detection and Response (CPSDR) does just that. It takes the proven cyber threat detection and response concepts from EDR and introduces operation-threat protection to support the common goal. With this new dual context and focus, security teams can mitigate against cyber-attacks, and operation teams can lockdown configurations, allowing each to complete their mission without risking operational continuity in the process.
TXOne Networks is pioneering this new paradigm of protection with TXOne Stellar. Designed specifically for the OT environment, Stellar supports business and security team goals by defending the operational stability of OT devices and Cyber-Physical Systems and detecting and responding to cyber threats. With TXOne Network’s deep OT industry knowledge, there is no longer a need to settle for “IT solutions will have to do.” Stellar can accelerate your OT resiliency by providing newfound confidence to operations teams that it is safe for security teams to apply security controls without impacting availability because they are dual-focused on their goals too.
Announce your organization’s turf war reconciliation. Keep the operation running with TXOne Stellar.
Resource : https://www.scmagazine.com/native/incident-response/a-new-perspective-on-security-and-business