Keywords
client management, intrusion detection, OT, Adobe, Windows, backup, patch management, IT/OT convergence, ondeso
Summary
Peter Lukesch, CEO of OT client management solution provider ondeso, explains how to bring passive intrusion detection and active client management in OT under one roof. He details how this combination increased actionability for operators while streamlining time and resources and ensuring availability of sensible industrial processes.
Takeaways
In OT, intrusion detection is typically passive to ensure industrial processes don’t get disrupted by automated security measures. However, operators still need to be able to act on security-related events and other reliability issues.
The implementation of active client management components needs time and trust. That’s why most OT admins start with a hand full of industry PC before going all-in.
Client management components must be designed secure and with least privilege in mind from the start.
Due to the high amount of legacy in OT, client management must be possible without an Active Directory.
Microsoft Windows is still the biggest attack surface in OT.
In OT, the wrong tool and security approach to availability can lead to detrimental outcomes.
Cybersecurity in context of client management in OT starts with a vulnerability assessment and backup.
A powerful client management enables centralization and even automation of anything from patch management, to backup management, password management and beyond.
A centralized client management not only saves hundreds of work hours, it provides the means to actually implement an up-to-date patch management that isn’t always running late.
The integration of passive intrusion detection and centralized client management provides actionable cybersecurity for both prevention and incident response.
Such integration also steadies the sensitive balance between availability and risk reduction in OT.
Industrial companies can learn from the expertise and best practices of critical infrastructure when it comes to OT security.
Sound Bites
The largest attack surface and vulnerability in OT are Windows systems. They are the common denominator with the IT.
OT operators are much more cautious about the automatization of active security and management functions.
In particular in industrial infrastructure it’s easy to achieve the opposite of what you want to achieve.
A central client and patch management in OT can be easily scheduled within maintenance windows.
Chapters
00:00 Introduction
01:02 Intrusion detection in IT and OT
03:19 Client management in legacy OT
04:43 The risk of Windows systems in OT
05:50 Security of privileged security and management systems
06:59 How to build trust in active client management functions in OT
10:00 IT/OT convergence and the risk of spillover
11:45 The connection between client management and OT security
13:46 How to integrate client management and OT intrusion detection
22:20 What industrial companies can learn from critical infrastructure
