KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Okay. I guess we just should start probably with a short round of introduction and kind of a short statement.
Like, what exactly are you looking in the session? What are we going to discuss? And I guess Andrea, you should probably start first.
Yeah, absolutely. I think, you know, one of the goals that we, we want to discuss in this panel is, is the best way to protect, you know, infrastructure, again, attack like ransomware and, and one we can, you know, do in order to, you know, reduce the risk and, and, and avoid, you know, damage and blocking in, in our critical infrastructure.
Okay, great. Mer, would you want to add your vision on this?
I mean, we, we heard a lot about ware, an important topic. I don't want to get that whatever we are discussing about technology, that still people are the biggest potential we have and we should have as well, don't forget the human factor and the awareness we have to take there. That's I think as well, our biggest potential on defending the things which are going wrong.
Right, right. Okay. Just again, reminding you that this is a panel, so you are welcome to submit to questions, but we of course start with a couple of general questions if I may. So what would you say are the top trends or technologies things to observe, to watch, to look out for regards to OT and IOT security in the nearest future? Maybe you could start on that. It's a tough question. To be honest, I try to do that.
I mean, to me, it's really what, what we see is like in the us, since may, this year, for example, there's a, there's a act coming into place now it's like from the white house a direct, how do you say direct order for national cybersecurity? Because it was based off the colonial pipeline stuff. And as I mentioned, for example, software bill of materials are really a part of that because we've recognized whatever we do in our defense strategy.
First of all, we need the first line of fire beside the humans, as well to know what kind of software is in your systems and industry needs to bring in transparency there. So I believe that software bill of materials are essential way for all the other monitoring tools, which are build around to track and trace what's going on on a software level on, on devices, OT devices. Okay. Sounds very reasonable, Andrea. What's about you. Yeah. Yeah.
That's a, a great question. And I think we are observing, you know, different trends. Let me say we are observing customer, you know, investing in order to, you know, gain automation and, and adding devices and technology to, to the supply chain, to the manufacturing side, because that's on one side is bringing for them advantages more efficiency and they, you know, they can be more, more proactive in their day by day business.
That, of course, you know, the other aspect is that, you know, the cybersecurity is, is basically becoming a very central topic when you adding new technology when you're changing your infrastructure or when you're opening up to, you know, be connected with other parts of the system inside infrastructure.
So what we are observing is on one side, a great evolution of, of the network, which is great, but on the other side, also, we are, we're observing from the government and from the private with different stage of maturity, of course, but we are observing people getting more close to understand how important is the topic to the cyber security. Again, as I said, there is a very, very, you know, difference in maturity level from customer to customer.
We met customer that are, you know, at the beginning of the journey, thinking like maybe I have a problem with cybersecurity and still asking that question and the other customer that are much more mature and, and, you know, because they're adding more technology because they're changing their network, they're taking advantage to adding, you know, monitoring technology, you know, adding technology for monitoring the supply chain, the software supply chain, for example.
So we, we, you know, as I said, we're seeing different level of maturity, but the trend is positive in, you know, increase in seeing an increase in sensitivity around the cybersecurity topic. Okay.
Okay, great. So I guess we could probably build up on that observation or, and I think you mentioned earlier that kind of the networks are being opened up. So like 20 years ago, a typical OT network would be just like completely isolated from or anything else within the company, from the corporate network. And then it was kind of the trend was to build them from the same commodity hardware using the same protocols. Now they're just playing the connected to your it infrastructure and even kind of unthinkable a few years ago, they are kind of expanding into the cloud.
Do you see the trend actually kind of picking up steam? Do you believe that OT once kind of isolated and completely separated even psychologically from it, but actually grow into the cloud? Yeah.
I mean, keep in mind the purpose of the cloud is to share data. That's.
I mean, that's the basic principle, and now we have the problem that we are sharing data with parties. We don't want to share in the cloud with cyber criminals or, or anything like that. Going that step is logically leading into a cybersecurity problem. There are some certain reasons why we, why companies are doing that step that's economic reasons or usability reasons, or for the reasons of the customers end on cost savings.
However, we have to face that cloud is all about sharing data. Well, that's not what they tell you when you sign the contract, right? They tell you that you'll be sharing hardware, whatever compute and storage, and maybe AI nowadays. So like what about AI in the cloud to be able to help OT? I think basically what, what is the solution?
First of all, if we look for example at all this ransomware stuff and how data is leaking from several security INSS, what, what we see is first of all, I think the principle as a company company, if you take care to what kind of data you are processing, don't store all the data you gathered only use the data you really use need. I mean, this is protecting you from getting data leaked in, in a massive way. First of all. So I think this is important. So the question like your own data hygiene, what, what kind of data you are using and you want to store and proceed.
This is protecting you from massive data lost that's first of all. And second, if we go for the OT, of course, logical, I mean, I see a lot of concepts. The problem with OT is that we are not talking about security as well. We are talking as well about safety. Let's take mobility, let's take a train or a airplane or whatever. There's always safety as well involved and therefore for good reasons, the industry has a learning journey.
If you take, for example, trains and, and mobility of many hundred years, how to build a secure mobility system, because there had been always security and safety problems in the system before like wrong signal switches and whatever, which were leading to terrible accidents. Usually the systems are built quite resilient because of this long history, which is good because if you have a quite resilient system and you're connecting it to the, to the, to the cloud and to this new world, we are connecting a system towards, which has already a strong resilience in it. And this is good.
This is different to other IOT products we see, which have new resilience and then connected. Okay.
Okay, great. Andrea, what about your kind of position on this migration to the cloud?
Yeah, I think I have a, probably a slightly different position that Dan MI on, on this topic, which, I mean, I agree cloud was originally built for sharing, but on the other side, is that it can bring lots of advantages as, as Merico said, very, very important to do that properly. You know, I'm not, I'm not thinking that, you know, right now bringing our OT system in the cloud is the solution, not at all, but, but what I, what I see from my perspective and, you know, I spent a lots of time working on, on the oil gas industry in a security operations center.
And, and at that time, 10 years ago, you know, the main rules that we had, you know, this, the, the network have to be isolated. That was the main rules that, that we were keeping to sharing inside the company. Right. But over time I think the system gains some maturity and customer gains some maturity. So I'm a cybersecurity guy. So I'm not saying that not, you know, if, if we bring the data on the cloud, that is not gonna open up some additional threat, you know, that is for sure as me say, that's is opening gap, some other consideration that you have to do for cybersecurity.
But for example, look on our side, we have an completely on-prem solution for monitoring OT and, and OT networks and is, is fully on-prem and the customer can enjoy the solution fully OnPrem. And then also we have the possibility to have a centralized console on the cloud. Now that is opening up a question.
Do, do I want to send my data on the cloud? And what I used to say to every season that I I'm meeting is is that yes, of course you need to take in consideration some additional tread, because if you're sending data outside, there is some consideration that you have to do. But on the other side, if your goal is reducing the risk in your organization, the capability that you have by sending data on the cloud in terms of scalability in term of computational power is not even comparable to what you can do.
On-prem and the advantage is about, you know, sharing anonymized data, for example, and getting realtime insight is huge. So overall, if you do, if you do that transaction properly, or at least from the cybersecurity perspective, but not again, I'm not saying moving the entire IOT cloud right away, the entire OT system right away on the cloud. But if you do that properly, at least from the cybersecurity perspective, overall, you can reduce your cyber security theories, even if yes, you know, cloud open up some, some additional threat.
And even in, you know, personally what I, what I live in our solution, you know, certain added value that we can provide to the customer that are embracing to, you know, send some data on the cloud are, are, are not reachable in a, in a fully, you know, on-prem installation because of some limitation, scalability, computational power, and, and, and the capability of sharing data in a anonymized way.
That's our all characteristic that are there, you know, in, in a cloud system, I have to confess kind of, as the layman in this area of expertise, I still don't quite get, like what kind of resources and scalability do you need to protect your manufacturing network that you can only get in the cloud? Can you give a real life example, maybe a use case? Absolutely. Absolutely. 100%. Right.
I think, you know, forget about what we're doing inside Nozomi right now looking at a lots of solution there, providing monitoring for the OT network. And now I think one of the main basic feature is that, oh, I, you know, we can identify all the assets. Great. You can do that very well in inside, inside an on-prem installation. And then the other one is, oh, can you tell me please, how many vulnerabilities do they have for each device? And that says, great.
Now we see customer, you know, that, that they have eventually 120 plants or, or 300 plants all over the world getting one single place along list of all the vulnerabilities that they have in their network, which was great. Right? But that requires, you know, time for deciding what to do, deciding which is the back strategy to mitigate. And of course you cannot mitigate all the vulnerabilities, especially in that type of environment.
So for example, an additional value that we provide by having that type of data reaching on the cloud, again, not moving the entire system is giving them what we call actionable data. So by using, by using AI, for example, you know, you can, we can answer to the question is what I am to spend, or what is the most expensive or the cheapest way to mitigate, you know, the most high score vulnerability to have in my system and why I can do that. I can do that because I can apply. I can see different characteristic on the network. We can have access to information.
For example, of, if I have to update a firm, do I need to restart my device? Okay. Or just enough fix for example. Okay. Awesome. Miracle. I can't kind of stop thinking about your present, your early presentation and kind of, you already have this huge and dark beast isn't adding cloud to the software supply chain makes it like tenfold, at least. And you lose even more control because it's someone else's ABI nowadays.
Well, I, I think, let me play a little bit of detail as well. On, on, on what we heard before, of course, protecting, adding more and more tools for protecting their they're good.
It's, it's always good to protect yourself. I think what we need to change is our perception, how we deal with the problem. We are rather focused on to protect.
What if, if we can't protect anymore, then the question is more shouldn't we more focused on resilience. One example, if we take a power grid, the, the traditional power grids are quite resilient built, and there are a lot of OT technologies in there and the companies, the grid operators, DSO, whatever they have implemented all the cybersecurity protection Tools. Apparently not in Texas. Yeah. The Texas.
Yeah, but I mean, but they have implemented everything to protect themself. Now we are adding IOT into a transformation in the power transformation world because the power grids needs to get smart because of the, of, of the new energy grids with the renewables and stuff like that. We know it. And now we are adding IOT products to them, which have, have no relations to the power industry because they're consumer products.
If I take, let's say smart boilers, and I would say, or smart televisions, because they're only smart televisions available now in the market, they're the most vulnerable unsecure product you can find in the market of smart televisions. What if I, as an attacker, switch off all smart televisions in an entire country at the same time, I can tear down the best protected cyber protected power grid of the world. Not only in Texas, but for entire Europe. And then I switch it on, off, on off.
I mean, this is a completely mess. And this is done by using regularly IOT products and how, whatever cybersecurity monitoring analytics, AI based tool you have implemented. It will not protect you from getting a victim of this attack. We need better resilience in networks. Oh my God. Please don't give them ideas. Cause that sound, that sounded horrible. Yeah. Okay. And it's actually kind of neatly leads me to my next question.
So kind of in the past, we always had this totally separate security stack for actually separate technology stack for OT it now, IOT, is there any hope for the future convergence of those? Like, will we ever see a solution which could actually deal with the problem like you just described in our well, for the lack of better world holistic manner to understand both worlds?
Well, I need to think about that. Maybe Andrea has a better answer on it. So let me say, I think there is a convergence scene that is happening, right?
And, and it's, it's hard to tell exactly how close they will be, the, the three different stream of technologies, but, but there is a convergence scene that is happening as Meco say, there is multiple aspects on cyber security. If you are deeply in cyber security, there is no one silver ballot monitoring can bring you some, some advantages on one side resilience will, will guarantee, you know, some, some, some advantages on the other side.
And, and so on now saying if one day we can have one single solution approaching, approaching the three words. My vision is that the answer that I have is yes, it's a, it's a, it's an answer that is not, is not here.
I mean, it's not something happening tomorrow, but I think what I saw in the last 10 years make me think that even if solution have a different goal at the end of the day, from the technological, from the technology perspective, they will looks much more the same in the future. At the end of the day, you know, an old school PLC will evolve in a way that will, will looks like more close to, to a classical IOT device today, or even to a classical it system in the future. So I think, think that is the trend that is happening.
And I think that this, you know, one of the, the goal that we have is making sure that we we're stopping to thinking in silo. So that is it. So I'm gonna implement a completely different strategy. I start to need to think that a network is a network, probably a zero trust network.
And, and I have to consider, you know, every potential aspect that I have. Doesn't matter if I want to talk them as ant devices, an OT devices, an it device are all players chatting together and potentially are all entry point for an attack. So I think we'll be fundamental to look at them in, in one, you know, in a one single bucket. Right. Okay. Actually have a kind of, not really a question, probably a rhetorical one from the audience.
Let, just say kind of, if you do not know who runs your services, how can you make them resilient, I guess kind of, we don't have to discuss it because we only have limited time left, but maybe you can incorporate it in your, into your kind of closing statements for this panel. Yeah. Okay. So we are the closing statement, which is good. First of all. Yes.
I mean, resilience is, to me really the key topic it's like, don't forget about the tool there. We, we, we are getting a brilliant tool set out there, AI driven analytics, tool monitoring tools. And so it's all good. We need that, but don't forget to think about how to implement resilient architecture structures, not only technical structures as well, organizational resilient structures.
I mean, we've now the media mark ransomware attack. They're now writing the builds with the pen again and taking cash instead of electronic money, but they're doing turnovers. It's good. So however, they had a bit of resilience in there and we need that maybe for the industry as well.
Okay, Andrea. Yeah.
You know, to closing what I can say is that, you know, if you're an ICS professional out there, you know, after years of fighting internet connection and, and, and production network, cloud-based security and, and monitoring may feel counterintuitive. But on the other side, if, if you, if you start to look at that from a different perspective, you can see that it will be a lots of benefits and, and embracing what is coming will, will be the future to be, to be more effective. Okay. And I think that's a wrap up for our panel. Thank you very much, Andrea Miko. Thank you very much. Thanks.
