6 questions to ask before buying an ICS / OT security monitoring tool

How to shop for a solution that's right for your factory or utility.

Most factories and utilities run industrial control system (ICS) equipment that was never intended to be plugged into the internet, and whose original deployment may well date to the 1970s or 1980s. More modern systems run — you guessed it — Windows XP.

Insecure by design and intended for local access only, these control systems offer greater efficiencies but come bundled with potentially catastrophic risk. Non-targeted malware like NotPetya caused hundreds of millions of dollars in losses to manufacturing concerns around the world. Unless you plan to unplug your factory or utility from the internet and go back to the Stone Age, it's time to ratchet up the security of your operational technology (OT) environments.

That might mean acquiring an ICS / OT monitoring tool. You have both commercial and open source options. In either case, here are some questions you need to ask before and during your evaluation process.

1. Does the ICS monitoring tool offer the functionality you need?

The top ICS monitoring vendors, Indegy, CyberX, Nozomi Networks and Claroty, all offer varying degrees of asset discovery, network monitoring capability and SOC integration. They focus less on any given vertical and more on the job of analyzing specialized, often ancient, protocols like modbus and identifying specialized types of devices, like programmable logic controllers (PLCs). Industrial control system network traffic looks very different than typical corporate IT network traffic, and monitoring machine-to-machine communication is sui generis.

All vendors offer asset discovery, for instance; you can't defend what you don't know you have. "Most organizations don't know the answer to this question," Phil Neray, vice president of marketing at CyberX, tells CSO. "They might know what devices were installed when the factory was first built 15 to 20 years ago. How has the environment changed over time? What devices do I have? How are they talking to each other?"

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!