Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

How to Jumpstart Your NIST CSF for OT Environments: Protect Function

Sandeep Lota, Sr. Systems Engineer | February 20, 2020

If you’re using the NIST Cybersecurity Framework (CSF) to build an effective organizational security strategy in an operational technology (OT) environment, we’ve put together a five-part blog series on how you can mature your security program in each of the five functions of this framework. Building on our previous blog post on how to jumpstart the Identify function of the NIST CSF, we’ll now discuss some of the more advanced use cases that we’ve been seeing out there in the field for the Protect function.

To comply with this function, critical infrastructure organizations must develop and implement the appropriate safeguards to ensure the delivery of their services. Once you’ve identified what’s on your network, it’s important to protect it with strong security controls. These protections can encompass everything from network access control to segmentation.

Here are some of the ways we see our customers implementing the Protect function in their OT  environments:

  1. Continuous device security assessment to control what connects to OT network segments
    Some of our most advanced customers aren’t just assessing device security postures at points in time, but continuously. Based upon their policies, they then use this data to allow or disallow devices from entering into their control networks in the first place. This is essentially network access control (NAC) for OT networks, which we believe will be huge in the next 2-3 years.
  2. Automating response actions if a device fails any policy condition
    For our customers, it’s all about working smarter, not harder. By automating response actions for devices that fail their internal policies, they gain tremendous operational efficiency. These response actions can be anything from an email being sent out to actually implementing a control and knocking a device off the network, shutting down a switch port, or quarantining a device. They’re also integrating our solution with next gen firewalls, endpoint detection technologies, and threat & vulnerability management scanners to take it one step further and remediate a failed policy such as a missed vulnerability scan.
  3. Simulating and validating OT device segmentation
    Segmentation is on everybody’s mind these days. Despite its growing popularity, segmentation in both IT and OT is very difficult, and many industry leaders are looking for ways to simulate the process before actually executing it. We provide our customers with a graphical matrix of current communication flows to visualize what these segments might look like and also validate that their segmentation strategy won’t break critical parts of a process.
  4. Automating and auditing OT segmentation enforcement
    After simulating and testing an OT device segmentation strategy, the next phase is actually implementing it. Our most advanced customers are automating the enforcement of their OT segmentation strategies, as well as audit functionalities, via integrations with next gen firewalls.

For the complete rundown of how our industry-leading customers are implementing the Protect function of NIST, watch the short video below and then: