Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth, I'm Lead Advisor and Senior Analyst with KuppingerCole. My guest today is our colleague from Asia Pacific. It's Graham Williamson, he is a Lead Analyst with KuppingerCole. Hi, Graham. Good to see you.
Thanks Matthias. Good to be with you again.
Great to have you. You've teamed up with John Tolbert. So it's a cross-national, cross continent collaboration for a topic that is more and more getting traction. And I'm seeing that also in my advisory work with our customers. This is really an increasingly important topic. It's how to protect your operational technology, your IoT, your ICS from cybersecurity threats? And you and John worked on a Market Compass in that segment. How would you approach or how would you answer that question? How to protect your OT, your IoT, your ICS? Is it so much different from IT protecting?
Yes, it was a good experience working with John and I thoroughly enjoyed it. I think the two of us working together was able to come up with some very pertinent information in this important topic. And as you mentioned, we need to make sure that we come up with this actionable. So the approach we took was to come up with some items that we used on an axes to plot how the featured vendors addressed these particular issues that we were looking at. And then we came up with a process of how we would actually in real life manage that. Now, one thing that came across in our evaluation was the vast differences between the various sectors of OT. Because OT is very, very wide. Like if you look at industrial computer systems, they're being used in everything from agriculture to utilities and you can't use one brush to color the mold, you have to make sure that what you come up with is pertinent to that particular sector.
Right. So what industries are then covered by your Market Compass? So you did that with the Market Compass which gives an overview over the market. But if it's so diverse, what did you cover?
Okay. Well, agriculture is very important. It's hard to be a farmer these days without some OT facilities that you rely on. Automotive, which is just burgeoning at the moment. What's happening in the vehicle to X? Lots of different things. In healthcare. Healthcare is one of the top three in terms of hospitals don't want you in a hospital. They want you at home being measured with in-home devices. Manufacturing, that's the top of the list. Identity 4.0. There's more happening in that space now than any of the other sectors, but it's obviously very different from agriculture. Retail. Retail is becoming more and more important because retail organizations need to make sure they focus on profit. To focus on profit, you need information. You need data on what you're selling, what your customers want, and all of this devices you're using to collect payments and so on and so forth. Smart Cities. Another major area. Most organizations now are supplying equipment that allows cities to do parking management, waste management, water distribution and so on and so forth. Transportation. Never been bigger. We have the capability now of tracking packages through the transportation network that we could only imagine a few years ago. Utilities again, can't survive without the process control mechanisms that they need to support what they're doing. So each of them is a little bit different, but they're solidly OT organizations.
Right, and now if we take a step back, you mentioned all these different industries where OT, IoT, ICS play important roles. When you do this analysis of the tools and the and the technologies that are on the market, is there some common denominator that works well with all these industries and the types of OT that they require? Is there some common ideas for managing OT as a whole?
Yes. Yes. So the common items that came through is basically five. We said, you need to in an OT organization, do five things. Number one, you need to inventory what you've got. And most of the vendors that we actually featured have very good data analysis tools that will go out on the network and accumulate that information for you. Number two, you need to put in protection. It's absolutely impossible to not do that now, particularly with the increased regulation that is coming from governments, you have to have a protection for your OT network. Number three, you got to have some type of monitoring on the network. It's no longer, you know, install and forget. You have to be continually monitoring what's happening on that network and there's some significant benefits from that. That brings in number four, which is detection. If you're monitoring things, you have to have a software that will detect what's happening when your network monitoring identifies something. You can't possibly analyze everything. You have to have a detection software that will eliminate the false positives and give you the major issues you need to address. And then the last one is response. In an OT environment, you must have thought through what your response is going to be to some type of compromise. You can't wait until that compromise happens. You have to have planned it and know how you're going to respond. If you've got to come up with a response once it happens, if you then have to go seek approval to implement the the actions you want to take, it's too late. So you have to have a disaster response plan or business continuity plan that has already done that for you.
Right. So this is, again, this cybersecurity typical protect - detect - respond scenario. So this seems quite similar. The Market Compass is aiming at supporting organizations that are needing or requiring a certain type of technology or vendor products in identifying what's best for them. So therefore, you need to apply some criteria, some dimensions to look at, some categories to rate the individual product that you took into consideration for this Market Compass. What were these categories to look at so that organizations understand what fits their needs?
Okay. We evaluated the featured vendors on seven axes. The first was device discovery. What can they do in terms of going out on the network and discovering devices? Number two was the administration of accounts. How do they actually look after who can access what on that OT network? Number three was event logging. What events are they logging and what tools are they using for that? Number four was facilities management. How are they managing their facilities? And that could be anywhere from the environmental census they're using, HVAC and so on and so forth through to the physical access control that they might have. So how how do the vendors support that operation? Then there's the event detection and response and I was really impressed with the solutions. Most of them have a very good ability to marry an event to a known threat and in fact, can provide you a list of all of the known threats on your network and prioritize them. Say these are the ones to look at first are very impressive solutions in the space. Disaster recovery. What do they provide in that space? And lastly, deception tools, there's an increasing adoption of deception tools in the IoT network now, whether you have a honeypot, if you like, a tool like devices on the network that are not real devices but look real. And as soon as they get compromised, then obviously you've got a problem and you can jump on that right away. So we looked across those seven areas and evaluated the solutions according to them.
Okay. That sounds really like a maturing market, like an increasingly growing market. And it actually meets also the needs that we see with our customer organizations. So we started with the question how to protect your OT infrastructure. So if we want to answer that question now that you've laid out what tools are available, what functionality is available across these different vendors and their products. To get more actionable, what sort of controls should be put in place by organizations that have any type of OT infrastructure, no matter in which industry they are? Is there some generic guidelines that you can give to get really going?
Yes, absolutely. So the number one would be discovery. There's too many OT networks out there where the inventory, the asset inventories, you know, ten years old and it's just a spreadsheet. You can't survive anymore doing that. So one big control is to make sure you've got an up to date inventory because you can't measure what you don't know. Secondly, monitoring, we've talked about the monitoring. It's absolutely essential that you have monitoring tools as part of your control mechanisms. And thirdly, the integration between IT and OT is just increasing in leaps and bounds. In the past it's been very usual to separate your OT network. Well, that doesn't cut it anymore. The tools in the OT space, the benefits for taking advantage of your IT environment and the tools you have in that space are just too great. So we need to look at better integration and there's some very good integration capabilities coming along. The interoperability within... And once you've done that, by the way, then you get this interoperability into your current tools. So if you've got an event monitoring at the corporate level and if you've got a security operations center, feed the OT detail into that, you know you're paying for it. You've got the people that are monitoring it. So use that facility for your OT space as well. And then there's the detection tools that I mentioned. This is an area where we need to know what's happening and they can go anywhere from behavioral analysis through to, like on an OT network, generally speaking, the same things happen day in, day out. So it's quite easy to to identify an anomaly if you've got the tools that will do that. But a lot of the detection tools give you the capability of like, say, eliminating those false positives and allowing you to focus where the priority should be put. An automated intelligence is becoming very much in favor in the OT space now.
So we can take our data and we can analyze it to give us a better idea of exactly what is happening on our network and identify those sorts of things. So in the past where, you know, we saw something happen, a PLC stop happen, we had to start phoning people around, What are you do- oh, you're doing some maintenance. You know, those days are over. We now are on top of it right away. And we monitor and keep track of who's doing what to who. And lastly, having the administration tools to allow us to be able to know what's happening. Like, so for instance, if you got some PLCs that you know, haven't been patched or there's an upgrade to the firmware having the administration tools to allow that to be properly and in a controlled way upgraded. You know, the tools are there now. We no longer have to say, oops, we can't afford, it's not broke, so don't fix it. You know, that doesn't cut it anymore because soon you're way out of date and don't have the ability to do any sort of updates again. So the whole industry now, this industry sector is focusing on managing things properly with the proper tools in place.
Okay. Really interesting and a modern approach for managing technology that's been around for quite a while. And it's really, I think, the proper approach to choose and the Market Compass is the right way to start looking at it. The name of the Market Compass is Cybersecurity for Industrial Control Systems. It is available on our website. So it's for subscribers and you can easily subscribe for a 30 day test period or it's affordable just for a year to get all the research that we do have and especially this work by John and you Graham is really interesting and I think it answers a lot of questions. Coming to questions, when there are more questions that we didn't cover in this episode. If you're watching this on YouTube, just drop your questions down in the comments section. If you're listening to that on your podcast player, just look at the show notes and drop us an email. There is contact information so that you can reach out to us and get into discussion with us. We want to learn more about the real questions that our audience faces when it comes to protecting IoT, OT, ICS with more modern tools and while you're there, why not subscribe to it?
Absolutely. We like that feedback.
Absolutely. Thank you very much, Graham, for being my guest today. This is really a great piece of research and it answers lots of questions that I see on a daily basis with our customers. So protecting OT, it's very high on the list of priorities just as of now for good reasons, for regulatory requirements, but just also to protect the business. Thanks again, Graham. Looking forward to having you soon, and have a great day and reach out to us if you have any questions. Thank you very much and bye bye.
Thank you.
