Cyolo, a provider of secure zero-trust access and connectivity solutions for hybrid organizations with IT and OT, in partnership with KuppingerCole, released an industry analysis focused on zero trust and remote access for operational technology (OT) environments.
The analysis reveals insights about the OT cybersecurity threat landscape, outlines security architecture for OT, critical infrastructure systems (CIS) and industrial control systems (ICS), and evaluates requirements of security regulations and frameworks.
OT environments experience the same kinds of threats as enterprise IT – including ransomware, account takeovers, APTs, and supply chains as vectors – while experiencing expanded OT-specific threats.
While traditional IT security tools may be adapted, developing security architectures for OT environments is inherently complex compared to their IT counterparts. Its nature, from equipment and software to communication protocols requires dedicated OT security solutions.
“Cyolo can help organizations with OT infrastructure to define and manage access control to those complex environments,” said John Tolbert, Lead Analyst at KuppingerCole.
Overall key insights include:
- OT Threat Landscape – Heightened geopolitical factors have intensified attacks on OT and ICS, posing consequences ranging from operational disruptions and service denial to financial repercussions and potential harm to human well-being.
- Core Cybersecurity Regulations – The risks and consequences of cyber-attacks against critical infrastructure advanced regulations globally mandating secure architectures and technical controls. KRITIS and the follow-on IT Security Act 2.0 are related examples of such regulations, as well as the NIST Cybersecurity Framework.
- OT Security Architectures and Key Functionalities – There are eight areas of functionality that are central to effective OT security architectures. Cybersecurity architectures for OT must address asset discovery, access control, IT security tool integration, detection and response capabilities, and OT protocol-level threats.
As the analysis breaks down, within critical infrastructure interruptions and downtime are not an option. To address the need for secure access in OT environments, Cyolo introduced Cyolo 4.3, which expands capabilities with more layers of security and makes the product easier for administrators and end users in the industrial space.
With Cyolo 4.3, industrial organizations will be able to extend their multi-factor authentication (MFA) across environments through integration with Duo Security to support their physical tokens as required.
Additionally, the company has implemented another layer of security for file transfer within the OT/ICS environment, through query anti-virus software to scan files before they are delivered to their destination.
Cyolo is adapting for further usability, allowing teams to invite external users by generating a secure one-time password; and import groups from existing IdPs, using SCIM.
“Ensuring the security of critical infrastructure and industrial processes has become increasingly critical as organizations unite their IT and OT systems. This convergence has expanded the OT threat landscape and introduced significant cybersecurity challenges, as the once-isolated OT networks are now vulnerable to the same threats that have targeted IT networks for years” said Joe O’Donnell, Vice President ICS/OT of Cyolo. “With Cyolo 4.3, industrial entities can confidently navigate the complexities of the modern threat landscape and fortify their defenses against evolving cyber threats.”
To learn more about Cyolo 4.3, visit here. Access the report for a full view of the industry here.
