Digital transformation initiatives require more than integrating production control systems (OT), business systems (IT), and next-generation IoT/IIoT technology realms. The need to integrate internal and external data, systems, and users seamlessly without compromising security in the age of ransomware and advanced persistent threats, creates the first, true zero trust industrial environment.
The Purdue model to secure industrial systems is aging fast. While critical systems in OT environments have historically been air-gapped, those isolated networks are still at risk from insider threats and exposed to lateral movement within their perimeters. But air-gapped networks are disappearing fast. To compete in an increasingly dynamic and disruptive world, businesses in the Manufacturing sector are shaping and securing a digital platform that is purpose-built to power the organization’s manufacturing and supply chain needs. Under this digital transformation, customer, business, and production
processes become interconnected to create the visibility, intelligent automation, and operational insights required to stay competitive. As a result, air-gapped networks are being replaced by a new hybrid and complex environment that poses new and hybrid security challenges. These cannot be addressed by retrofitting legacy network security controls that run on implicit trust.
Elisity elegantly addresses the network security concerns around lateral movement through a cloud-delivered software-first platform. Elisity Cognitive Trust delivers fast and simple identity-based microsegmentation and least privilege access of users, devices, and applications, with policies enforced at OSI L2, L3, and L4, leveraging existing switching infrastructure, user identity providers, and device telemetry sources.
“Over the last 10 years, we have seen an increase in operational technology connecting to the corporate network, expanding the attack surface. No other vendor can provide the network visibility, telemetry, intelligence, and microsegmentation required to effectively accelerate the time to reduce risk in both greenfield and brownfield environments.”
Chief Information Security Officer
To reduce the attack surface.
Reduces risk by automatically discovering, classifying, and applying least privilege access policy to users, applications, and IoT, IIoT, OT, and IT devices, including assets previously not managed in the network, thus isolating shadow IT and rogue devices from the OT network.
To contain breaches
Minimizes the impact of breaches by keeping malicious traffic from moving laterally in the OT network and by enabling continuous threat detection. Security and networking defined by type of asset rather than lPs and ports, with simple policies that are identity-based.
The solution architecture can leverage pre-existing investments in switches, by turning them into intelligent policy enforcement points with the use of containers and by making use of hypervisors where edge computing is not available. Cognitive Trust passively gleans and continuously verifies the identity of devices, users, and applications traversing the OT network to enforce policies as close to the industrial assets as possible. It integrates with user, application, and device identity sources so organizations can very quickly gain visibility into network assets and traffic flows, assess risks, and begin building policies, to secure manufacturing operations from malicious network traffic.