The concept of zero trust security is gaining more adherents in the industrial technology space. As  Jens Meggers, executive chairman of cybersecurity software supplier Mission Secure says, âYou should assume bad guys will get in, so your focus should be on limiting what they can access.â
And thatâs the focus of Mission Secureâs new Sentinel 5.0 platform, which is designed to provide context-aware cybersecurity policy monitoring and enforcement for industrial operations technology (OT) systems.
If youâre not familiar with the zero-trust cybersecurity concept, it is a well-known IT cybersecurity principle that essentially eliminates implicit trust to access systems inside a network perimeter by validating every stage of digital interaction continuously.
Without zero trust architectures, Meggers says industrial operators often rely on disjointed collections of tools, such as firewalls, intrusion detection systems, and endpoint vulnerability scanning. Such combinations of cybersecurity technologies, however, do not fully provide the ability to manage and secure industrial operating environments, he adds.
Policy instantiation and monitoring
The Sentinel 5.0 platform allows operators to define and enforce granular policies based on inputs such as network traffic, attempted remote access, asset firmware versions and vulnerabilities, as well as the digital and/or analog signals generated by physical devices.
Mission Secureâs technology operates at network level to discover and classify assets and find out whoâs accessing what and why and then restricting access as needed, explains Meggers, who noted that the companyâs technology began in the defense indystry before expanding into industrial applications.
Meggers says the signal integrity sensors should be placed in an operationsâ âmost sensitive areas to read direct sensors, not controllers.â
âUsers can plug in real or virtual sensors at the switch level to listen in on network traffic activity to know whoâs talking to what and to find machines, control systems, and cloud access,â Meggers adds. âThe dashboard allows you to drill down into details around all network activity. Once you know what to expect [as normal network activity], you can then install the guard rails with a whitelisting approach to start. For example, start by identifying which protocol specifics are allowed, then you can generate a list to see what activities on your network falls outside of your whitelist activity.â
Standard capabilities of the platform include passive monitoring, asset discovery, and alerting. Specific to its zero trust capabilities, the platformâs policy engine enables:
- Creation of access control policies to define the conditions under which users or applications can send commands to an industrial device.
- Identifying firmware state and vulnerabilities and limiting access to only fully patched systems.
- Alerting and acting on anomalies in physical signals, and isolating systems that show abnormal behavior.
- Supporting root cause analysis by correlating network events with sensor outputs.
Industrial cybersecurity partners
Mission Secure also partners with other industrial cybersecurity technology suppliers such as Verve Industrial and Claroty.
With Claroty, Mission Secure integrates Clarotyâs collection of a userâs asset inventory and vulnerabilities, customized risk scoring, threat detection, and network communication mapping with its OT policy enforcement engine to create and enforce policies based on hundreds of possible inputs.
Working with Verve Industrial, a supplier of IT/OT asset inventory and vulnerability software, Mission Secure goes âbeyond perimeter detection to protect the most vulnerable and critical OT assets at the endpoint level,â says John Livingston, Verve CEO. Verveâs software integrates IT and OT data to build asset profiles for effective risk prioritization. In its closed-loop platform, users can reduce the time typically needed from analysis to remediation with the ability to act within Verveâs software platform.