The reality remains that companies who are still early in their journey, and even some of those who are more mature, struggle to obtain the quality data needed to make important budgetary and resource allocation decisions. While easier said than done, there are two areas that team leaders can focus on to have the most impact. One is by obtaining better activity of network traffic, and the other is by consolidating activities and relying on integrations to collect the data from secondary and peripheral network activities.

Network activity

Modern OT network operators are tasked with integrating a large number of devices, from machinery to sensors, monitors, and a large number of OT devices. While many of these assets are designed to share data others are not - creating a gap in the information seen across the network.

Implementing tools to capture and record all network traffic allows practitioners to understand their full threat landscape without having to worry about making each device interoperable with others. This data can then be corroborated with what’s occurring at other facilities, meaning teams can better focus resources on not just checking regulatory boxes but securing operational crown jewels with data that can be relied on.

Integrating for efficiency

A list of network limitations goes hand in hand with understanding the activity across said network.

Practitioners must maintain documentation of access to switches that collect traffic flow on the network, along with a list of firewalls and the users or devices that are granted elevated access. The challenge is conducting a network-wide audit to obtain this critical information when various factors, such as always-on machinery or business-continuity activities, don’t allow for machines to be taken offline and reviewed. For that reason, it is best to conduct such a network-wide review during the installation of new machinery, when onboarding a new OT security system, or during routine scheduled downtime.

It is no secret that conducting these assessments manually has gone from cumbersome to simply impossible. The massive amount of data that passes through a network at any given moment, along with the vulnerabilities and mitigations that have been applied to each device means that any assessment conducted becomes obsolete nearly instantaneously.

For this reason, the approach must involve either ongoing or regularly scheduled network assessments that can be conducted alongside previously scheduled network threat assessments.

Data quality at scale

Obtaining quality data for a single facility is a challenge. But what about collecting data across dozens of facilities across regions?

Either internal teams or third-party vendors need to incorporate the various depth and breadth of data needed to score entire networks as well as the individual facilities that connect to them. Without this, it is impossible to understand the true risk that each facility holds. If 49 facilities are low-risk, but the one high-risk facility also happens to be the location that manages the production of the company’s most essential product line, then the organization still remains vulnerable to cybersecurity threats.

The reality remains that team leaders and OT security professionals are facing the same challenges of being understaffed while being overwhelmed by all the tools needed to monitor their network—resulting in more demand on personnel.

For this reason, companies should strongly weigh not only the platform they use for OT security but also the integrations that are offered. By relying on these integrations that already exist within a platform to conduct large-scale risk assessments, CISOs can save time and money without having to request a higher budget from the C-suite.