New version maps business processes and prioritizes OT risk mitigations to reduce potential for business interruptions
Radiflow, a leading provider of cybersecurity solutions for industrial automation networks, has released a new version of its iSID industrial threat detection solution.
In this new version, iSID analyzes the OT network and maps the operational business processes of the industrial facility. Each network-connected asset includes the details of the business processes that each is connected to within the asset inventory maintained by iSID.
According to Radiflow, the iSID operator can then use this information to rank the business processes according to their critical impact and adjust the risk scoring, resulting in a business-driven prioritization of the risk mitigations.
Radiflow has also added a framework that calculates a risk score based on a set of best practices for OT cybersecurity defined by Radiflow and delivers proactive recommendations to reduce the risks. For example, upon detecting potential attack paths to and access vectors on the OT network, iSID would calculate a risk score based on the increased attack surface and potential damage, and then provide the user with recommendations for threat mitigation measures.
The company highlighted in an official statement that Gartner recently recommended in a recently published report titled "Hype Cycle for Managing Operational Technology, 2019" that "security and risk managers should map OT leading performance indicators against IT/OT leading risk indicators to write security policies consistent with maintaining and improving performance."
"The new risk analysis capabilities are part of our overall product strategy to deliver our customers with the intuitive tools to manage their risks in a business-driven manner, which we believe are aligned with Gartner's recently published recommendations to security and risk managers," said Michael Langer, Chief Product Officer at Radiflow."
By mapping business processes and prioritizing OT risks according business impact, Radiflow's new iSID allows industrial enterprises to address the most important vulnerabilities first in order to reduce the potential for business interruptions.
The company reports that this latest version of iSID is a direct extension of the Dynamic Vulnerability Scoring for OT assets that Radiflow announced earlier this year, where it allows OT network managers to dynamically evaluate vulnerabilities based on the attacker models and pre-defined defence strategies.
"In manufacturing, it's important to take early risk mitigation measures because when an attack occurs it might be too late so," added Langer. "However, as downtime is not allowed you need to prioritize these mitigation measures and the best is to do it with a business impact view."
Radiflow's OT MSSP partners can leverage the new capabilities to offer ongoing OT risk analysis and mediation services to their industrial enterprise customers, the company said.