Webinar on December 20th, 2016 at 2pm EST
Executive Summary for Defend Against New Security Threats to Your Data Center
The modern data center presents a well-known array of IT related security challenges, but an additional area of risk now arises from the operational technology (OT) equipment required to support and maintain the modern data center. These OT devices, which primarily relate to the physical operations and security of the data center itself, are now being connected to the Internet.
Chris Kubecka will present actionable methods of preventing novel threats, discovering cyber attacks, detecting the level of damage, and rebuilding after a breach. Susan Lutz will discuss a detailed case study of how an enterprise US telecom hardened their data centers against attack.
Famed Cybersecurity Expert Chris Kubecka
Security Industry Luminary Susan Lutz
Webinar Topic: Understanding Vunerable Technology in the Data Center
Operational technology (OT) is a broad term that basically refers to computerized industrial equipment. Examples of OT equipment often found in modern data centers include the following:
Heating, ventilation, and air conditioning (HVAC) systems
Fire suppression systems
Power generators and power conditioning systems
Physical access control system, such as human badge readers
Building automation systems
The integration of these assets with external systems may not be well understood. Some devices have embedded phone home capabilities for services and support. Often wireless routers or other less obvious connection points are routinely enabled during installation.
Understanding the risks inherent in linking IT and OT assets is an important step in addressing them, as is understanding the varying approaches to protecting IT and OT assets.
There are certainly good reasons these assets need online access. For example, OT equipment needs to be accessible at all times for monitoring, maintenance and troubleshooting from IT devices. Additionally, IT applications are helpful for analyzing data on datacenter operations and security.
While the value of allowing online access to OT equipment is compelling, these links cause additional risks. The 2013 security breach at a Target store that exposed information on approximately 40 million credit and debit cards originated through remote access to HVAC systems at Target facilities.
Conversely external OT related attacks can compromise IT assets, as may have been the case with the recent Delta Airlines power outage that took reservations systems offline for hours.
And, unfortunately, internal threats – whether intentional or accidental – continue to be the biggest risk. An employee connecting a malware- infected laptop or flash drive can spread the infection throughout the data center, affecting both IT and OT assets.
Understanding the risks inherent in linking IT and OT assets is an important step in addressing them, as is understanding the varying approaches to protecting IT and OT assets. IT security often focuses preventing unauthorized access to sensitive data and applications. OT gives greater weight to safety and availability of operations.
Topic: Identifying and Assessing OT-Based Threats
Traditional security tools do not effectively support OT environments. Most OT devices don’t support direct access to the operating system, let alone the installation or use of third-party security tools. So, the key to securing OT devices is securing OT network traffic, and traffic between IT business networks and OT control networks.
Conventional IT network security controls, such as traditional firewalls, can’t effectively monitor and analyze OT device traffic in real time to identify known and unknown threats specific to OT. Traditional firewalls are designed to find IT-specific threats in packets, ranging from the use of spoofed IP addresses to the use of illegal commands in IT application protocols. These firewalls rely on a ruleset that specifies which traffic is to be allowed or denied based on IP addresses, port numbers, and other basic traffic characteristics.
Traditional firewalls don’t have the ability to parse OT protocols for both content and context, to understand the syntax and semantics of the OT commands, or to support the complex rules required to secure and protect OT equipment.
Topic: Preparing to Meet Future Data Center Needs
Attackers are already taking advantage of Internet-connected OT devices to infiltrate data centers and cause data breaches and other compromises. With the anticipated growth in IIoT adoption, IIoT devices and other OT devices will collectively impose greater risks to the security, safety, and availability of data centers.
Conventional security technologies do not address these risks and cannot protect against OT-based threats. IT/OT gateways offer sophisticated capabilities to identify and stop OT threats, and enable centralized monitoring and analysis of OT operational data by specialized IT applications. These applications can identify preventative maintenance needs to prevent OT failures and the ensuing outages. They also give data center staff the “big picture” view of OT operations, safety, and security that’s never been available before, enabling much better decision making for both short-term and long-term needs.