Full IT/OT Cyber Security with Fortinet and Nozomi Networks
Broad, Integrated and Automated Security with Real-Time Cybersecurity and Visibility for Industrial Control Networks
As the backbone of critical infrastructure, industrial control systems (ICS) are found in all industries, including energy, power, water, manufacturing and even military applications. Over the last decade, ECS has become more automated and advanced, but also more connected to traditional IT and enterprise networks than ever before. While this increase in network connections has helped organizations achieve a higher level of efficiency, it has also exposed EKS networks and devices to new cyber and operational vulnerabilities.
The advantages of leveraging common Internet protocols, combined with the ease and cost savings of using Windows-based terminals such as HMIs and SCADAs, have left operational technology (OT) networks exposed to traditional IT systems and associated security risks. There are two main problems with this transformation. First, critical infrastructure-related EKS networks cannot afford unexpected outages – that is, unplanned downtime – even for unscheduled maintenance or basic update patches, leaving Windows-based terminals vulnerable. The second problem is that these serial protocols of EKS, encapsulated only within TCP/IP, have no security features built into them, such as basic authentication or encryption, again a fundamental vulnerability.
New Reality – Malware/Ransomware Attacks
The frequency of EKS security incidents has increased with catastrophic consequences such as loss of life, massive outages, billions in lost revenue and large-scale infrastructure damage, and this trend is likely to increase. Industroyer – Crash Override, WannaCry, BlackEnergy and Stuxnet are examples of malware that have negatively impacted the EKS with significant consequences.
Fortinet-Nozomi Networks Joint Solution
The joint solution combines Nozomi Networks Guardian with Fortinet’s comprehensive security product for OT/ECS/SCADA Systems. Guardian’s non-intrusive EKS protocol monitoring capabilities with built-in artificial intelligence (AI) profiles the behavior of industrial devices to detect anomalies in the EKS network in real-time. It works in close collaboration with Fortinet FortiGate and FortiSIEM as part of the Fortinet Security Fabric to respond and provide a secure gateway between OT and IT networks.
Guardian passively monitors network traffic to create an internal representation of the entire network, endpoints, and the behavior of every device on the network. When an anomaly or suspicious behavior is detected, an alarm is generated and sent to security operators and network administrators. At the same time, Guardian can automatically enter the correct policy in FortiGate to block suspicious traffic. To scale the solution deeper into an EKS network, a layered architectural approach comes into play.
Fortinet Security Fabric and Nozomi Networks
With the adoption of standard IP networking, the typical EKS network follows normal network rules, which means it is relatively flat and open. This lack of segmentation means that once a threat enters the system, it can move at will, potentially increasing the amount of damage it can cause. IT networks address this problem by using firewalls to segment their internal networks so that malware can only exist in one part of the network.
This same protection can be implemented by embedding FortiGate-Guardian pairs deeper into the EKS network as shown below, scaling the solution to the entire EKS network and providing greater granularity of protection.
Once interconnected with an enterprise network, the EKS is exposed to the same potential cyber threats and damage as normal IT security breaches. These often come with the potential for security risks, even loss of life. For example, according to the Federal Office for Information Security in Germany, a targeted attack on a steel mill in 2014 first gained access to the steel mill’s IT network using sphearphishing phishing emails combined with social engineering, which led hackers to the OT network. . The impact was an uncontrolled shutdown of a blast furnace, causing major damage and downtime as well as significant security risks. Unplanned outages involve at least hundreds of thousands in damage to equipment repair and typically escalate to hundreds of millions in lost revenue.
Components of a Common Solution
Nozomi Networks Solution
The Nozomi Networks Solution consists of the Guardian appliance and the Central Management Console (CMC). Guardian is a physical or virtual, passive appliance that provides real-time cybersecurity and operational visibility for industrial control networks. The CMC aggregates data from hundreds of sites, providing highly available, centralized and remote cybersecurity management. Together, they provide comprehensive OT visibility, cyber resilience and reliability that extends visibility and intelligence deep into OT networks.
Fortinet FortiGate Enterprise Firewall
Fortinet Enterprise Firewall Solution delivers end-to-end network security with a single platform, a single network security operating system and unified policy management with centralized view for the industry’s best protection against the most advanced security threats and targeted attacks. Innovative security processor (SPU) technology delivers high-performance application layer security services (NGFW, SSL inspection and threat protection) along with the industry’s fastest SSL inspection engine to help protect against malware obfuscation in SSL/TLS encrypted traffic.
The platform also leverages the global threat intelligence of Fortinet FortiGuard Security Subscription Services to provide visibility and control for next-generation protection against advanced threats, including zero-day attacks.
Fortinet FortiNAC for Full Asset Visibility and Access Control
Nozomi Networks is the leader in industrial cybersecurity, offering the best solution for real-time visibility to manage cyber risk and increase resilience for industrial operations. With a single solution, customers get enhanced cybersecurity, improved operational reliability and easy IT/OT integration. Innovating in the use of artificial intelligence, the company helps the largest industrial facilities worldwide to See and Secure their critical industrial control networks. Today, Nozomi Networks supports more than a quarter of a million devices across industries such as critical infrastructure, energy, manufacturing, mining, transportation and utilities, making it possible to overcome the growing cyber risks to operational networks (OT).
FortiSIEM for Cross-Correlation in CT and OT
Continuously monitoring data from EKS networks, this integration allows customers to gain real-time intelligence on OT risk and correlate it with other threat information from IT networks.
This integration allows FortiSIEM to combine IT and OT data for complete visibility that gives security operations centers and incident response teams complete, comprehensive and global access to alerts.
The Nozomi Networks solution prioritizes risk-based alerts using a combination of machine learning and threat intelligence. Fortinet’s Security Incident Management (SIEM) solution combines this data with data collected from IT networks, providing customers with visibility and automated response and remediation (ARR) in a single, scalable solution. By reducing the complexity of managing network and security operations and improving breach detection, we believe integration with FortiSIEM will be valuable to customers.
Fortinet Security Fabric
Fortinet Security Fabric allows security to dynamically expand and adapt as more workloads and data are added. Security seamlessly tracks and protects data, users and applications as they move across the network between IoT, devices and cloud environments. FortiGate is the foundation of the Security Fabric, tightly integrated with other Fortinet Security products and Fabric-Ready Partner solutions to extend security through visibility and control.
Fortinet and Nozomi Networks Bridge the Gap between OT and IT
With the accelerating convergence of IT and OT environments, the combined intelligence provided by the integration of FortiSIEM, FortiNAC, FortiGate and Nozomi Networks eliminates network blind spots and extends FortiNAC’s Automated Threat Response Capabilities beyond traditional IT environments into OT Environments. The innovative integration between the Nozomi Networks solution and Fortinet’s industrial security products provides OT networks with the most comprehensive cybersecurity solution available today.
About Nozomi Networks
Nozomi Networks is accelerating the pace of digital transformation by pioneering innovations for industrial cybersecurity and operational control. Leading the industry, we are making it possible to drive increased cyber risks into operational networks. In a single solution, Nozomi Networks provides OT visibility, threat detection and insight to thousands of the largest critical infrastructure, energy, manufacturing, mining, transportation and other industrial sites around the world.
Contact us for Fortinet and Nozomi Networks Solutions: hello@cerrus.io