Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
May 8, 2023
As recent cyberattacks have demonstrated an increased risk to both IT and operational technology (OT) environments, resilience readiness has evolved. It is more than a cybersecurity strategy and involves the enforcement of rules and policies that provide the visibility, control and situational awareness to respond at the speed of business while ensuring that safety and reliability are maintained.
Fortinet’s CISO for Operational Technology, Willi Nelson, shares his perspective on considerations when developing cyber resilience, covering fundamentals and strategic planning to protect the convergence of IT and OT environments.
Willi: In light of recent events spanning the last three to five years, there has been an uptake in readiness and awareness within the industry. From pipelines to pharma and transportation, boards are becoming involved in that discussion, which turns the readiness discussion away from just, “are we prepared?” to now reporting on it. For example, some organizations have a dedicated individual that is working specifically on readiness across the organization. They are responsible for understanding whether threats are real and/or critical, but also what they should be doing and who they should call.
Willi: It’s all about awareness. The leadership, including boards and executives, is starting to have more awareness of their manufacturing facilities and operations. Security is becoming everyone’s problem. I think from an OT perspective, it’s back to partnering with your operation centers so they know what threats are real and what’s not. Automation engineers are extremely smart and very capable, but typically operation centers don’t communicate with them. It is crucial that communication opens up between automation engineers and operators to determine an appropriate response. To some extent, it’s people, process and technology, which goes back to fundamentals. We must communicate and understand what is being dealt with. For example, if I do X, how does that impact the business? The process has to be dynamic. As threats change, your response plans are going to change as well.
Willi: From an inventory perspective, it starts with knowing what assets your organization currently has. Without visibility into your current assets, you can’t know what your inherited vulnerabilities are. If you have an asset that has never been patched, and it’s not on your list of current assets, you’re never going to get to it. When dealing with new vulnerabilities, you should ideally have visibility into all of it. You should be aligned with the business and operations, your architecture and engineering teams should be talking and you should be partnered with security vendors. Once you’ve achieved this, you have progress.
Willi: When discussing solutions with OT leaders, I usually mention some of the core items which can help build a foundation for the future. For example, I encourage them to consider segmentation to help control OT/IT convergence as it gradually increases. In addition, regardless of the state of current cybersecurity planning, it is important to remain focused on a journey to integrate disparate products into a platform approach, a cybersecurity mesh platform. Also, OT organizations should incorporate zero trust network access (ZTNA) into cyber plans. Even if not all employees are working remote, ZTNA has cybersecurity benefits across the extended network.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Let us know what you need, and we will have an Optiv professional contact you shortly.