IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Four tips for organisations to help future-proof their OT security strategy

By Contributor
Tue 19 May 2020
FYI, this story is more than a year old

Article by Forescout Asia Pacific and Japan senior director systems engineering, Steve Hunter.

The operational technology (OT) security market is officially in transition. Acquisitions are accelerating, venture capital investment is slowing, and strategic partnerships are becoming critically important. OT systems themselves are also in a transitional state, as traditional, isolated legacy systems turn into fully IP-connected, cyber-physical systems. To stay relevant in the OT world, the cybersecurity market is evolving alongside these systems.

Gartner states that, by the end of 2023, organisations will need to adjust their OT security solutions, because 60% of today’s point solution OT security providers will have been rebranded, repositioned or bought, or will have disappeared.* While this may cause anxiety for OT security stakeholders, businesses can implement strategies to help prepare for the imminent changes in the OT security market.

IT and OT networks are founded on different and often conflicting priorities, making IT-OT security challenging for businesses. Only when the needs of both environments are thoroughly understood can digital convergence be successful.

Forescout has developed four tips to help businesses future proof their OT security strategy:

1. Proactively identify, classify and monitor OT network assets

The first step to managing cyber and operational risk for any OT system is to figure out what’s in it. Almost every security framework, including NIST CSF, NERC CIP and CIS Critical Security Controls, requires identifying and classifying hardware as a prerequisite. If businesses haven’t implemented some form of real-time OT asset inventory tracking, they should make it a priority for 2020.

OT systems are rapidly morphing into cyber-physical systems that are connected to vast corporate and operational networks via the internet. Not only does this expose them to new internet-based threats, but it also increases the potential for misconfiguration and malfunction of these assets. More moving parts plus more connections equals a higher risk of operational problems.

Proactively identifying, classifying and monitoring OT network assets can help businesses discover what risks they face in the present, and also plan to reduce future risks. Not only will cyber threats like malware be a risk, but businesses will also be able to confirm whether assets in a cyber-physical system are performing as they should and take steps to remediate any issues before they cause downtime. Implementing an OT network monitoring technology is one of the fastest ways to create and monitor an accurate asset inventory. Businesses should look for a mature vendor with an extensive library of built-in checks for OT-specific cyber and operational threats developed from experience in the field.

2. Align IT and OT teams to execute integrated cybersecurity initiatives

With IT-OT convergence gaining more traction, businesses need to implement a strong cybersecurity program while also maintaining the top priority of availability for OT systems. For this to succeed, many elements must align, and teams must seamlessly integrate. There are certain areas where IT is the expert and other areas where OT is the expert, and both teams need to align, working towards a common goal.

To promote an alignment initiative, businesses must clearly define roles and common goals, designating subject matter experts, and conducting cross-training. Additionally, empowering teams with mature platform security solutions that have strong cross-functional capabilities can greatly streamline security activities and improve team cohesion.

3. Use proof-of-value (PoV) requirements that will accurately assess a vendor’s suitability

When undertaking any security PoV, all relevant teams, including security, engineering and operations, should be consulted for input. Ensuring that solution requirements meet everyone’s needs is vital to the success of any OT security investment.

Elements to consider include how a vendor is collecting OT data, the strength of a vendor’s threat intelligence database, and how comprehensive their orchestration and integration capabilities are.

Whatever PoV requirements businesses decide to include, the most important thing is to ensure that they accurately assess a vendor’s maturity and suitability for the business, as well as try to weed out companies that won’t be around in two or three years.

4. Align with emerging market dynamics by reassessing the OT security vendor landscape

Acquisitions and partnerships in OT security products are accelerating, making the market landscape more volatile. As this market matures, narrow-scope point solutions will be challenged by vendors offering organisation-wide platforms that traverse IT, OT, Internet of Things (IoT), and the cloud.* This year is an ideal time to evaluate the current security suite to understand which tools are providing the most value and whether any of the organisation’s current vendors are at risk of becoming obsolete or going out of business.

The future of the OT security market is uncertain; however, by staying up to date on emerging technologies and understanding how IT and OT networks interoperate, organisations can holistically manage risks to their organisational OT infrastructure.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
SOTI
Australian consumers loyal to retailers who deliver speed and visibility
SOTI finds extensive order visibility and speed are the most important factors for turning one-off customers into loyal, long-term buyers.
Story image
Digital
Ivanti puts spotlight on power of employee digital experiences
The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe this impacts morale.
Story image
Artificial Intelligence
Juniper study reveals top AI trends in APAC region
Juniper's research shows an increase in enterprise artificial intelligence adoption over the last 12 months is yielding tangible benefits to organisations.
Story image
Compliance
Stock security features inadequate in face of rising risk
"Organisations must proactively find ways of identifying unseen vulnerabilities and should take a diligent, holistic approach to cybersecurity."
Story image
Vendor
Forescout reveals top vulnerabilities impacting OT vendors
Forescout’s Vedere Labs has disclosed OT: ICEFALL, naming 56 vulnerabilities affecting devices from 10 operational technology vendors.
Story image
Voice recognition
Renesas and Cyberon expand services with voice recognition
“We are honoured to collaborate with Renesas to simplify the development of embedded voice recognition functions."
Story image
State Library of Victoria
State Library of Victoria entrusts Oracle support and security to Rimini Street
“Our finance team are very happy with the support and security that Rimini Street provides, which keeps our assets and our customers secure."
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
Oracle Cloud
Commvault, Oracle to deliver Metallic Data Management as a Service
"We are excited to partner with Commvault and enable our customers to restore and recover their most mission-critical cloud data."
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Infrastructure
Oracle Cloud Infrastructure expands distributed cloud services
“Distributed cloud is the next evolution of cloud computing, and provides customers with more flexibility and control in how they deploy cloud resources."
Story image
Migration
SNP unveils next generation of CrystalBridge software platform
Data is a key pillar of every customer-centric organisation, as it relies on agile decisions to become increasingly sustainable and intelligent.
Story image
Hybrid Cloud
HPE GreenLake advances hybrid cloud experience with new services
"The innovations unveiled today further build on our vision to provide the market with an unmatched platform to spur innovation and drive transformation.”
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why its time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Infrastructure
New VMware offerings improve cloud infrastructure management
VMware has unveiled VMware vSphere+ and VMware vSAN+ to help organisations bring benefits of the cloud to existing on-prem infrastructure.
Story image
Digital Transformation
What CISOs think about cyber security, visibility and cloud
Seeking to uncover the minds of CISOs and CIOs across Asia Pacific, my company recently asked Frost & Sullivan to take a snapshot of cloud adoption behaviour in the region.
Story image
Hybrid workforce
How organisations can prepare for a post-pandemic workforce
The so-called 'new normal' office looks different to how it did pre-pandemic, and organisations need to take steps to better manage their post-pandemic workforce. 
Story image
Cybersecurity
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Story image
Online shopping
Consumers want speed, visibility in return for brand loyalty
72% of Australian shoppers want complete online order visibility and 63% are loyal to retailers who deliver goods the fastest.
Story image
Data ownership
Brands must reclaim trust by empowering data ownership
According to Twilio's new State of Personalisation Report 2022, 62% of consumers expect personalisation from brands, and yet only 40% trust brands to use their data responsibly and keep it safe.
Story image
Cloudian
Cloudian, Vertica to deliver on-premise data warehouse platform
"We’re enabling our customers to capitalise on a leading object storage platform and maximise the value of their digital assets.”
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology. 
Story image
Dicker Data
EXCLUSIVE: Why women in IT makes good business sense - Dicker Data
The Federal government wants to bolster female participation in the tech industry to at least 40% by 2030. Here's how one homegrown Australian company has already reached that goal.
Story image
Identity and Access Management
Ping Identity named a Leader in Access Management
Ping Identity has been named a leader in the 2022 KuppingerCole Leadership Compass report for Access Management. 
Story image
Research
New study reveals 51% of employees using unauthorised apps
The research shows that 92% of employees and managers in large enterprises want full control over applications, but they don't have it.
Story image
Microsoft
ASI Solutions named finalist of Microsoft Surface Partner of the Year
"ASI Solutions has a strong Microsoft focus, building value by helping customers maximise investment in modern workplace solutions."
Story image
Cryptocurrency
NOWPayments launches new service to analyse cryptocurrency fees
NOWPayments has launched a new network fee optimisation solution that analyses current network fees and picks the most profitable option out of the client's payout wallets.
Story image
Internet of Things
ManageEngine wins big in IDC MarketScape assessment
ManageEngine's Endpoint Central service has been recognised as a leader by IDC MarketScape in several categories including Internet of Things device deployments and UEM software for SMEs.
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Civil Defence
OutSystems platform chosen as part of ADF contract
"To be included in this project is a reflection of our ability to deliver secure, modern digital outcomes for defence at an incredible pace."
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Mergers and Acquisitions
SAS acquires Kamakura to propel risk technology innovation
Underscoring SAS growth in the domain-specific solutions space, the acquisition will enable SAS to greatly enhance the breadth of its risk solutions portfolio. 
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?