Network Segmentation, Visibility and Third-Party Risk Assessment

by

When Colonial Pipeline CEO Joseph Blount testified before the US Congress, he revealed that the attack was completely avoidable; Blount admitted that Darkside gained access through a VPN that did not require multifactor authentication.

As IT and OT networks continue to converge, organizations need to understand how these networks are connected.

Programmable Logic Controllers (PLC) monitor the communication input and output of devices connected to an organization's network. These communications can be analyzed at the packet level to detect anomalies or signatures of known attacks. Upon detection of an incident on the IT network, an organization should quarantine compromised devices and block all communication between IT and OT. 

This approach requires network monitoring and enforcement tools to identify current network communications, detect threats and violations, and enforce segmentation rules.

The Oldsmar water treatment plant attack is evidence that the use of remote access has increased since the pandemic. Organizations need to ensure that only approved remote access connections are allowed by continuously monitoring communications such as VNC, SSH, RDP, and others. Oldsmar got lucky, but many other OT systems in similar treatment plants may lack the visibility security teams need to identify these attacks.

Iranian railways discovered a preventable host of vulnerabilities in their IT network last July. Train systems rely on critical OT systems that integrate with IT systems and include everything from signaling solutions to sensors and brake unit devices. These endpoints connectto the network, and include software that enables the collection of data and communication back to network operations centers.

To enable this communication, connected devices rely on the TCP/IP stack. Forescout research has revealed nearly 100 vulnerabilities across more than a dozen TCP/IP stack implementations.

When it comes to the shared responsibility of securing third-party software, organizations need to become proactive in their vendor security assessments. The industry should reward vendors that have secure software design lifecycles and exploit mitigation, but it should not stop there.

As an industry, we need to move towards Zero trust policies for least-privileged access of devices and rigorous access management processes that apply to all computing environments, be they mainframe, OT or hybrid cloud IT.

Those who act now will have less to worry about when new regulations are introduced. Organizations that have learned the lessons of network segmentation, visibility and third-party risk assessment will be better prepared to minimize the impact and likelihood of similar incidents happening to them in the future.

Others?

"Slip slidin' away. Slip slidin' away. You know the nearer your destination, the more you slip slidin' away."

* Slip slidin' away - Paul Simon

 

Steve King
Steve King

Steve King is the managing director of CyberTheory, a full-service cybersecurity marketing advisory firm. King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 19 years.

Steve has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group. He has been granted engineering patents encompassing remote access multi-factor authentication using adaptive machine learning, applied cyber-threat intelligence networks, a universal IoT security architecture, contextual semantic search technologies, web-enabled multimedia transfers, image capture and database smart query processing.

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.