Today we announced an expansion of our partnership with 1898 & Co, based on our shared solution framework. While personally excited by the solution strategy, automation workshops, and consulting services that our shared framework enables, I would like to explain why we started this joint venture.
OT cybersecurity challenges
No modern industry is immune to the operational, technological, process and security challenges that require an automated solution. As the operational technology (OT) and information technology (IT) environments continue to converge, companies in industries such as energy, utilities and manufacturing are increasingly challenged. Such companies have to overcome obstacles such as:
The high proportion of manual work
Analyst burnout and difficulty hiring qualified talent
Larger area and infrastructure growth
Business Disruption through Violations
Ever-increasing compliance requirements
Lack of documented processes
The list goes on and on. It’s discouraging.
We created the Medley Global Partner Program to partner with partners like Nexum, Elastic, Recorded Future – and now 1898 & Co. – to deliver customer-centric, collaborative solutions that add value to our mutual customers. An independent power transmission company achieved several results from working with Swimlane and 1898 & Co.:
Scalable and secure deployments that meet NERC CIP requirements
Saving 45 minutes per Indicator of Compromise (IOC) investigation.
Secure asset management for the energy grid
The rise of SOC and SOAR investments for OT environments
After engaging with the team at 1898 & Co., led by global managing director of safety and risk consulting, Matt Morris, we found that these needs and valued outcomes are not unique to individual clients. Rather, these requirements transcend any organization operating in an OT environment. This observation is further corroborated by the SANS 2021 OT/ICS Cybersecurity Report, which found that investments in a Security Operations Center (SOC) for OT control systems (37%) and Security Orchestration Automation and Response (SOAR) (33%) support the most important were the two most important investment priorities of the surveyed companies over the next 18 months.
“Organizations with critical infrastructure face increasing threats to their IT and OT environments, making it difficult for even the most seasoned analysts to identify and respond to threats in a timely manner,” said Morris. “Investing in a SOAR platform will help these companies maximize and optimize the productivity of existing security tools and people through the power of low-code automation. By implementing Swimlane’s SOAR approach, operators can truly accelerate their SOC and give analysts the tools they need to maximize their efficiency and increase scope and coverage to more comprehensively address the top threats. ”
Top cybersecurity threats and requirements executives are addressing
The driving factors behind investing in SOCs for OT environments and SOAR were the need to maintain ongoing compliance and prevent breaches. From a compliance perspective, most companies running an OT environment map their control systems to the NIST Cyber Security Framework, with NERC CIP and MITER ATT&CK ICS frameworks also being common. According to the SANS survey, the top five vectors threatening OT environments include ransomware (54.7%), nation-state cyberattacks (43.1%), new and vulnerable devices being added to the network (31.3% ), non-state cyberattacks, including criminal , terrorism and hacktivism (27.9%) and the integration of IT into control system networks (26.3%).
Outlook: predictions for the future of OT cybersecurity
With all of this internalized, I sat down with the team at 1898 & Co. and we identified 3 major OT cybersecurity trends that we expect to see continued proliferation over the next 3-5 years.
OT and IT will fully converge
As organizations demand greater integration of these technologies, the need for real-time detection and response will be paramount. In the course of this convergence, the global skills shortage will become even clearer. There is a huge shortage of candidates who have experience in IT and OT. Proper use of the security automation architecture is critical to enable this convergence.
Ransomware and national threats will continue to rise
Security experts have known this for a long time, but now it’s becoming apparent that the way we think about war has changed. Organizations that manage critical infrastructure such as the power grid, water supply, healthcare and basic manufacturing need expertise and technology to reduce the impact and downtime associated with this risk.
As the power grid evolves to accommodate technological advances in the way we generate, transmit and distribute electricity, the safety of operating technology will take center stage. The expansion of digital devices and grid upgrades bring many benefits, such as smarter and more resilient power systems capable of reducing the frequency and length of power outages, but they also require constant monitoring and safe response processes. As the network modernizes, the need for automated actions will be paramount.
Low-code security automation for OT environments
Together, Swimlane and 1898 & Co. offer solutions to these existing and emerging challenges through our new shared solution framework. Swimlane’s low-code security automation solution provides a people multiplier to empower SOC teams in an OT environment. With the help of 1898 & Co. to build automation-friendly processes, companies in OT environments are able to increase their resources tenfold.
Learn more about how to get started today.
*** This is a Swimlane (en-US) Security Bloggers Network syndicated blog written by Mike Kay. Read the original post at: https://swimlane.com/blog/1898-swimlane-partnership-secures-critical-infrastructure-companies/