Industrial cybersecurity technologies

Segmentation

The objective of designing a network architecture under the premise of communications security derives from the main need to isolate production, control and management processes. Thus, in isolated environments or zones, security solutions are more effectively adapted to each environment. In addition, a correct isolation of the environments and control of the interrelation between them allows security events (or incidents, as the case may be) to be controlled more efficiently, reducing the attack surface and blocking their propagation to the rest of the areas.

Perimeter security remains one of the main measures. A well dimensioned and correctly configured perimeter layer makes it possible to minimize risks, without the need to act on the end equipment which, due to its special characteristics, may be outdated, unsupported or unsupported by security solutions. Moreover, in industrial environments they often have long life cycles. In addition, due to their criticality, it is sometimes unfeasible to act on them to apply patches, deploy native protection measures, etc.

This security layer also makes it possible to stop propagation through traffic filtering together with advanced functions such as Application Control (FW layer 7), antivirus, web filtering or IDS/IPS. In industrial environments there is equipment that allows certain functionalities through embedded web servers, which can be affected by the same vulnerabilities as traditional servers, with the difficulty that either they cannot be corrected, or they require a complete firmware or software update.

It is also necessary to consider the collection, processing and monitoring of the information we obtain from the network itself. We cannot respond to something we do not know about, so we need to have as exhaustive a view as possible of what is happening in our network. If we are talking about production environments, the failure of an installed equipment can generate an isolated problem, but the interconnection that occurs between all systems and processes can lead to a major problem or high impact. Having reliable information can give us the key to anticipate this type of problem. Therefore, the existence of a system that allows the collection, processing and correlation of security events (SIEM) of the different systems in the network (whether or not they come from security elements) is highly recommended, allowing us to be proactive in terms of cybersecurity.