Best known for its front office networking technologies, Cisco is increasingly developing technologies for industrial networks. Of course, Cisco is not new to the industrial networking realm—the company has worked with Honeywell on industrial wireless, Claroty on cybersecurity produces its own industrial network switches.
Now Cisco is offering industrial cybersecurity and edge software technologies.
On the cybersecurity front, the company has released Cisco Cyber Vision, which it describes as “the first software-based security product for automated discovery of industrial assets [that] analyzes traffic from connected assets and creates segmentation policies to prevent lateral movement of threats across operational environments.” Cisco’s Talos threat intelligence enables Cyber Vision to monitor cybersecurity threats in real time that affect uptime, productivity, and safety.
Cisco is embedding Cyber Vision in its industrial network equipment.
Describing the industry drivers behind the company’s development of this product, Liz Centoni, senior vice president and general manager of cloud, compute and IoT at Cisco, says, “While the communication network has always been the backbone for IT, it is becoming foundational for operational environments where customers require real-time access to machine data.” But access to this real-time data is seen as being risky by many industrial companies because “it’s been nearly impossible to know what is out there in those vast operations. I have never talked to a customer who says they know 100% of their devices and industrial controls. Industrial environments have been operational for decades, grown to meet demand and through mergers and acquisitions. So there’s a mix of legacy and IP-based equipment that customers don’t want to touch for the fear of disrupting current operations.”
Acknowledging that the identification of assets and vulnerabilities is the first phase to successfully securing an industrial network, Vikas Butaney, vice president of product management at Cisco IoT says, “Cisco’s Cyber Vision enables organizations to gain a full understanding of what devices are on the network, what devices are communicating to each other, and what the devices are saying. Using this information, Cisco’s Cyber Vision can identify known vulnerabilities, enabling organizations to quickly identify where they are and how to correct or protect against them.”
Butaney explains that Cyber Vision is integrated with Cisco’s IT security to provide device data directly to Cisco’s DNA-Center for policy creation, as well as with Cisco’s Identity Services Engine for segmentation and enforcement, and with Cisco’s Stealthwatch to provide the context of the asset behind the IP address. “We also have OT-specific intrusion prevention (using Snort rules to detect the actual vulnerability, rather than an exploit) that can be enforced in our OT-specific firewall, the ISA3000,” he says.
He adds that Cyber Vision has the ability to understand and decode industrial protocols used in the manufacturing, utilities and oil and gas industries, and that Cisco strives “to cover the majority of protocols that customers will see.” Cyber Vision’s RESTful API (application programming interface) can be used to connect Cyber Vision to proprietary protocols in any industrial environment.
With Cyber Vision, Cisco claims it has “removed the complexity of a multi-vendor, multi-data, and multi-asset infrastructure to deliver simple IoT cyber security solutions that can be managed on any of Cisco's gateways, switches, or routers, bringing end-to-end security and simplified data management together.”
For edge applications, Cisco offers Edge Intelligence. According to the company, this product “simplifies the extraction of data at the network edge to streamline data delivery to multi-cloud and on-prem destinations to help businesses better manage data from start to finish.”
Centoni says she often hears customers “lament that current approaches [to edge computing] require custom software and integrations of technologies from multiple vendors both on the IT and OT side. These projects quickly become overwhelmingly complex to deploy and manage. These solutions are further challenged with no easy way to control what data is delivered to specific applications running in modern multi-cloud (public, private, and hybrid) environments.”
Cisco Edge Intelligence reportedly addresses these issues by allowing operators to create data flows that deliver data from the IoT edge to multi-cloud destinations reliably and securely. “Like Cisco Cyber Vision, it is a software service deployed on Cisco’s IIoT Networking portfolio for out-of-the box deployments,” Centoni says.
Features of Cisco Edge Intelligence include:
- A set of connectors for extracting machine data;
- Tools to perform edge analytics;
- The ability to govern the logical flow of IoT data at a granular level before it leaves the operational environment;
- Pre-integration with application and platform partners to share data from edge to multi-cloud destinations; and
- A user interface designed for centralized data management and scalability.