How Tripwire Log Center and Tripwire Industrial Visibility Can Work Together

How Tripwire Log Center and Tripwire Industrial Visibility Can Work Together

Many industrial security professionals lack visibility into the assets and processes of their organizations. This includes Industrial Internet of Things (IIoT) devices as well as supply chains of industrial organizations. In March 2021, Tripwire announced the results of a survey in which 99% of security professionals said they had experienced challenges protecting IoT and IIoT devices in their organizations. Two-thirds of respondents said they had trouble discovering and remediating vulnerabilities, while 60% had trouble managing their IoT device inventory. The majority (87%) of survey participants said they are concerned about supply chain risks posed by IoT and IIoT devices.

This concern is not unfounded. In 2020, the number of attacks nearly doubled for industrial companies, reported BetaNewswhile the volume of malware-related attacks grew by 54% compared to 2019. It was several months later when BetaNews shared the results of another report in which researchers noted that industrial organizations were the second most attacked industry in 2020. The research pointed to how an external attacker could penetrate the corporate network of 91% of industrial organizations, revealing that penetration testers had successfully accessed the industrial control system (ICS) networks in 75% of these entities.

Things didn’t get much better in 2021. According to safety week, 80% of IT and OT security professionals in the US, Europe, and APAC admitted that their organization had experienced a ransomware attack during that period. Half said the incident had affected their ICS/OT environment, and nearly half said the impact had been significant.

Why are industrial organizations struggling with visibility?

In april 2021SecurityWeek wrote that security teams tend to lack visibility into their OT networks for a number of reasons. A couple of them are provided below.

  • Lack of standardization: Homogeneous OT networks are not the norm. Typically, these environments consist of decades-old legacy systems that cannot be remotely patched alongside newer devices. Many systems in the first category use their own communication protocols, which complicates asset discovery. Furthermore, this network could be operating in various geographically dispersed locations.
  • Lack of tolerance for downtime: Teams responsible for securing OT networks tend to prioritize availability in the CIA Triad. This is because many industrial organizations own and operate critical national infrastructure (CNI) systems that, if taken offline, could threaten national security or undermine public safety in the host country. However, in doing so, these organizations may not be aware of the threats they face to the confidentiality and availability of their systems.

How Tripwire can help

Tripwire can help IT and OT security professionals gain visibility into their employer networks. You can do it through two of your solutions. They are Tripwire Log Center and Tripwire Industrial Visibility.

Tripwire Registration Center

Tripwire Log Center provides customers with centralized log management capabilities including collection, analysis, and delivery. The solution integrates with organizations’ existing infrastructure to help teams monitor, detect, and respond to threats in their environments. Therefore, organizations can use Tripwire Log Center to support their compliance obligations and/or to increase their awareness of digital threats.

Industrial Tripwire Visibility

Developed by Claroty, Industrial Tripwire Visibility uses its OT protocol coverage and scanning capabilities to gain insight into organizations’ OT environments. It focuses on three dimensions of those networks. First, try to highlight each OT asset and its relevant attributes, including model number, card slot, and other details. Second, it seeks to gain visibility into OT network sessions, including their bandwidth and any changes that have taken place. Finally, it helps security teams keep track of OT operations so they can visualize mission-critical processes.

Greater than the sum of its parts

IT and OT security organizations can use Tripwire Log Center or Tripwire Industrial Visibility to gain visibility into their organization’s systems and data. But they could get even more benefit from using the two solutions together. For example, teams have the option to correlate suspicious events from the Tripwire Log Center with suspicious changes detected by Tripwire Industrial Visibility to accelerate and extend their incident response efforts. They also have the option of using Tripwire Log Center to discover their ICS systems and other assets without affecting plant performance. From there, they can leverage that asset inventory to identify misconfigurations and other indicators that might be associated with insider attacks, distributed denial of service (DDoS) attacks, and other issues.

Learn more about how industrial organizations can use Tripwire Industrial Visibility and Tripwire Log Center to defend against digital threats.

Leave a Comment