The concept of zero trust security is gaining more adherents in the industrial technology space. As Jens Meggers, executive chairman of cybersecurity software supplier Mission Secure says, “You should assume bad guys will get in, so your focus should be on limiting what they can access.”
And that’s the focus of Mission Secure’s new Sentinel 5.0 platform, which is designed to provide context-aware cybersecurity policy monitoring and enforcement for industrial operations technology (OT) systems.
If you’re not familiar with the zero-trust cybersecurity concept, it is a well-known IT cybersecurity principle that essentially eliminates implicit trust to access systems inside a network perimeter by validating every stage of digital interaction continuously.
Without zero trust architectures, Meggers says industrial operators often rely on disjointed collections of tools, such as firewalls, intrusion detection systems, and endpoint vulnerability scanning. Such combinations of cybersecurity technologies, however, do not fully provide the ability to manage and secure industrial operating environments, he adds.
Policy instantiation and monitoring
The Sentinel 5.0 platform allows operators to define and enforce granular policies based on inputs such as network traffic, attempted remote access, asset firmware versions and vulnerabilities, as well as the digital and/or analog signals generated by physical devices.
Mission Secure’s technology operates at network level to discover and classify assets and find out who’s accessing what and why and then restricting access as needed, explains Meggers, who noted that the company’s technology began in the defense indystry before expanding into industrial applications.
Meggers says the signal integrity sensors should be placed in an operations’ “most sensitive areas to read direct sensors, not controllers.”
“Users can plug in real or virtual sensors at the switch level to listen in on network traffic activity to know who’s talking to what and to find machines, control systems, and cloud access,” Meggers adds. “The dashboard allows you to drill down into details around all network activity. Once you know what to expect [as normal network activity], you can then install the guard rails with a whitelisting approach to start. For example, start by identifying which protocol specifics are allowed, then you can generate a list to see what activities on your network falls outside of your whitelist activity.”
Standard capabilities of the platform include passive monitoring, asset discovery, and alerting. Specific to its zero trust capabilities, the platform’s policy engine enables:
- Creation of access control policies to define the conditions under which users or applications can send commands to an industrial device.
- Identifying firmware state and vulnerabilities and limiting access to only fully patched systems.
- Alerting and acting on anomalies in physical signals, and isolating systems that show abnormal behavior.
- Supporting root cause analysis by correlating network events with sensor outputs.
Industrial cybersecurity partners
Mission Secure also partners with other industrial cybersecurity technology suppliers such as Verve Industrial and Claroty.
With Claroty, Mission Secure integrates Claroty’s collection of a user’s asset inventory and vulnerabilities, customized risk scoring, threat detection, and network communication mapping with its OT policy enforcement engine to create and enforce policies based on hundreds of possible inputs.
Working with Verve Industrial, a supplier of IT/OT asset inventory and vulnerability software, Mission Secure goes “beyond perimeter detection to protect the most vulnerable and critical OT assets at the endpoint level,” says John Livingston, Verve CEO. Verve’s software integrates IT and OT data to build asset profiles for effective risk prioritization. In its closed-loop platform, users can reduce the time typically needed from analysis to remediation with the ability to act within Verve’s software platform.