OK. So, by now you have probably all heard about the latest, and possibly most pervasive, cybersecurity threat(s). So how does that tie to silver bullets? It's simple really. If you look at the risk, what your options are, and how exposed you will be and for how long, you will see that true cybersecurity is a multi-disciplined, multi-faceted, ever-evolving program, not a single technology or practice. (For some practical recommendations in minimizing your risk read our list here).
Let's be honest here. Cyber Security, especially in OT, is not straightforward, glamorous, sexy or fun. And it is often woefully underfunded, misunderstood, neglected or even ignored. It is no wonder then that many end users look for point solutions to specific problems and are especially fond of products that promise significant coverage with minimal effort.
In reality, however, the only truly effective program is one with a host of protections. From whitelisting to change management, SIEM tools to anomaly detection, backups to patching and everything in between they are all necessary fundamentals each of which is strengthened by its support of the overall program.
No single action or technology can protect you from this latest threat. So why then are so many buyers looking at a single aspect of their problem? Why would you run an RFP process solely for an inventory solution if you are not going to plan how that inventory fits into patching, baselines, change management and whitelisting, as well? Are you really going to trust your entire operations' security stance on a single perimeter monitoring solution? Why would you buy an anomaly detection tool without also discussing how you would resolve the issues it highlights for you?
To be clear, I am not calling out any single technology as a waste of time or money. Rather, I am saying the opposite. These tools are valuable and helpful. But if you truly want to get value out of a combination of tools you really should look at tying them together.
What if you could pull up a list of every single processor running in your plant and know exactly what you had to do for each AND plan accordingly? What if you could click on a link in your asset inventory to show you everything you ever needed to know about that single asset in a single view from its last backup and patch level to how many failed logins have been registered on it? What if you could filter your view of your assets to highlight your critical/regulated assets? How about polling all systems to see how many are running XP and have SMB ports open/enabled? And then sending a single command to all those devices to shut them down?
It can happen and will for you too. But not until you look to build a security platform that ties together multiple security tools. For now, back up your systems, turn up your alerts, tighten your controls and hope the cure comes before the disease. And as for those promises of a 'silver bullet'? Don't believe the hype.
For a more comprehensive report on Meltdown and Spectre, including our mitigation recommendations, click the link below: