How can OT operators and IT security become a united force for cybersecurity? How can OT security be organized so that it detects purely passively, but still allows for quick and controlled response?
In OT, two parties with strong wills often face each other when it comes to cybersecurity.
In the right corner, those responsible for industrial processes (rightly) insist that cybersecurity measures should not affect the sensitive infrastructure, or only to the extent that the availability of the equipment and systems is not affected. This results in the understandable requirement of a passive intrusion detection system (IDS) that reports anomalies but does not actively block or mitigate them.
In the left corner, the cybersecurity team (also rightly) prioritizes a rapid incident response. They demand structures and tools that ensure their capability to act swiftly and efficiently.
As different as the parties may seem at first glance, they are identical in their fundamental goal: to keep the company running.
However, the two parties often go their separate ways due to a lack of structures and shared tools that would enable them to work together.
Yet process and plant managers and cybersecurity teams could collaborate perfectly, as the combination of the OT anomaly detection system Rhebo Industrial Protector and the OT client management software ondeso SR shows.
Detect passively, act controlled and orchestrated
The network-based intrusion detection system (NIDS) Rhebo Industrial Protector integrates seamlessly into any OT network via mirror ports. It continuously and passively monitors OT communications for security-related events and technical error states. Anomalies in network behavior are reported and documented in real time with all the data needed for evaluation, but without interfering with industrial processes.
The notifications can also be forwarded via standard interfaces as pre-qualified events to a SIEM system to support higher-level threat detection with OT insights. This gives cybersecurity teams visibility into the OT and into risks and security incidents occurring there.
Process and plant managers, in turn, can promptly report detected technical error states to Maintenance, thus avoiding downtime.
Coordinated incident response is then orcestrated via ondeso SR. In addition to general central administration of OT systems, the client management software also enables cybersecurity management of OT end devices. Changing configurations, rolling out software updates and security patches, as well as system settings for USB interfaces, RDP connections or client firewalls, backup creation and restores can all be mapped, scheduled and automated via ondeso SR.
This allows OT operators to retain control over the implementation of planned security measures in their infrastructure. OT-wide rollouts and patches can be synchronized with maintenance windows. Patches for individual systems can also be prepared in ondeso SR and scheduled to be applied step by step to avoid overloading OT networks and systems.
Strengthen cyberresilience and ensure availability
The synergy between Rhebo and ondeso enables companies to:
- avoid production downtime.
- accelerate incident response.
- implement targeted security measures in OT.
- strengthen their digital sovereignty with technology “Made in Germany.”
OT operators and IT security can thus work together to increase their cyberresilience, system availability and process reliability.
Find out more about the partnership between ondeso SR and Rhebo Industrial Protector in the joint solution profile.
Download ondeso / Rhebo solution brief (pdf)
