Today’s sophisticated Operations Technology (OT) environment has a large attack surface with numerous attack vectors. Imagine one oil rig has over 30,000 sensors with multiple OT/IoT/IIoT vendors. Without complete coverage, the likelihood of getting attacked is not a matter of ‘if’; it’s a matter of ‘when’.
For Security and SOC teams, network monitoring is not enough. You need the ability to access the details that provide in-depth visibility into the industrial control system (ICS) environment. Without it, you can only hope your industrial control devices have not been compromised by unauthorized activities or external threats. In these environments, substantial amounts of data reside on a variety of different devices. Much of that data does not traverse the network.
Critical asset inventory information, like records of user log-ins and controller firmware versions, as well as changes to devices made via direct connections, don’t typically present themselves in network traffic. If network monitoring missed an attack on a device, it could remain infected for days, weeks, or months without detection. In fact, network monitoring only provides operators with ~50% visibility and coverage across the OT environment.
Visibility is key to providing your team the information needed to fight the sophisticated attacks in ICS. That’s why I am excited about ArcSight’s new partnership with Dragos. Dragos and ArcSight work together to provide increased visibility and improved correlation of cyber events. This partnership helps customers evaluate and make better informed decisions when classifying events and if actions are required.
Dragos’ newly announced integration with ArcSight provides three key benefits:
- Comprehensive Visualization for OT/IoT/IIoT Assets and Anomalies
- Rapidly Identify and Pinpoint Threats
- Confidently Investigate and Respond to Threats
We cannot control what we cannot see. ArcSight together with Dragos is able to meet the challenges of the Industrial Control System and be a force multiplier to the frontline ICS defenders providing cyber resilience to the world’s industrial infrastructure. And it all starts with one click at the Micro Focus Marketplace, where you can learn more about the Dragos ArcSight partnership, access the integration guide, and improve your security team’s visibility into OT threats today!
Have technical questions about Security Operations? Visit the ArcSight User Discussion Forum. Keep up with the latest Tips & Info about Security Operations. Do you have an Idea or Product Enhancement Request about ArcSight? Submit it in the Idea Exchange. We’d love to hear your thoughts on this blog. Log in or register to comment below.