With the implementation of Industry 4.0 solutions, automated software updates must be possible for all relevant devices at all times. Companies also need efficient endpoint security systems to protect thousands of endpoints against attacks. At the same time, internal protection of the company network must be ensured by controlling access to devices and users. This means that Industry 4.0 places extensive demands on patch management, unified endpoint management, network security, endpoint security and authentication - and all of this must be managed from a central location.

The firewall and anti-virus software security approach used by many companies to date is no longer sufficient. Instead, a comprehensive IT security concept is required that not only includes individual security measures, but also a system of protective shields that complement each other. Such a holistic security strategy requires all areas of the company to work together. This is because the established security guidelines need to be transferred to the specific processes and workflows.

IT security must be anchored in the company

Schematic representation of operational security. © Endian

Operational security" is a promising concept. It is based on the assumption that IT security must be directly integrated into (IT) operations. This approach focuses on three tasks:

Gain insight: First, determine which operational data is critical and which is not.

Analyze weaknesses: Subsequently, findings must be derived as to where security is compromised and what risks are lurking.

React accordingly: Ultimately, employees should develop a sense of when and where an attack could potentially take place and how to respond.

Operational security requires a company to establish a coherent tool landscape from the outset and not to think in terms of isolated security solutions. Only with a combination of system management, automated patch management in conjunction with application control and user administration can all levels of IT operations be considered from a security-relevant perspective. Networked tools show which applications and devices are in use and bring this into line with asset management and application control.

Only what is known can be protected

The first step in the development of such a security architecture is the inventory of hardware and software. This gives manufacturing companies a complete overview of their IT landscape - including all sub-areas such as cloud components and their own IIoT landscape. Based on this, analyses of actual device and software usage by users can be created. Many companies update their operating systems - but very few regularly install updates for all applications. However, outdated software in particular harbors the risk of vulnerabilities, even if it lies dormant unused on an end device. The same applies to IIoT systems such as sensors, cameras or machines that work with sensitive data for the production process.

Centralized and automated patch management for operating systems and applications for the entire IT infrastructure helps to overcome this hurdle. Application control is able to differentiate between authorized and unauthorized software and prevent the execution of the latter. The combination with strict user rights management reduces the risk of internal attacks.

The aim of this security approach is to delay and ideally prevent attacks with the help of several lines of defense. In this way, attacks that have cleared one or more hurdles can be fended off because they fail at other obstacles or at least can no longer cause any major damage.

The biggest challenge, however, is the sheer number of devices and manufacturers as well as the lack of standards in the IIoT sector. Industrial IoT devices in particular are generally based on different platforms and use data formats that are barely compatible with each other. In addition, many manufacturers implement inadequate security measures in their IIoT devices and the devices are so weak that no dedicated security applications can be installed on them. However, these devices are rarely the actual target of an attack. Instead, they offer a gateway to penetrate far more sensitive layers of the company's IT.

Networked security means working networked

In most manufacturing companies, the IT team works strictly separately from the specialist departments. The production manager responsible for the procurement of IIoT devices rarely has an insight into relevant security aspects. It is therefore necessary to dovetail with the IT department, which has expertise in securing networks. Unfortunately, both levels traditionally tend to look at security from a technical perspective rather than from the perspective of business processes. But the machines on the store floor form the basis for the economic success of every manufacturing company. Accordingly, larger manufacturers in particular are increasingly involving IT security experts who look at the processes at risk from a business perspective. Only the triad of security specialists, IT and production is able to develop and implement a comprehensive "operational security" approach.

Operational security is an approach to preventing security gaps in the process as early as possible. The real challenge lies in the organizational structures of many companies, where the IT operations and IT security departments predominantly operate in parallel and largely independently of each other. With the help of automation, however, secure foundations can already be created during deployment and configuration in order to significantly reduce the attack surface.

Bernhard Steiner, Director PreSales EMEA Central at Ivanti / ag