Organizations are facing an increasing challenge with securing OT environments as revealed in The 2020 State of Operational Technology and Cybersecurity Report from Fortinet. One challenge is that existing security controls designed to protect IT assets are incompatible for OT environments. At the same time, more and more organizations are experiencing OT intrusions. This has led to the discussion of how deception technology could rise to these challenges. With the latest release of FortiDeceptor, organizations can employ deception to deceive, expose and eliminate threats across both IT and OT environments.
FortiDeceptor: The Rising Security Challenges in OT Environments
With the modernization of OT environments and deployment of smart SCADA elements that requires IP connectivity, convergence of IT and OT networks seems like a natural step forward for many organizations. However, it also opened a new door for threat actors to target OT leaving organizations vulnerable and ill-prepared to handle the flood gate of threats traditional aimed at IT environments. The 2020 Fortinet report mentioned earlier illustrates the various types of threats OT faces today per diagram below.
While organizations are working hard to close this new threat vector and comply with industry regulations, they need to overcome a number of factors. For example,
- How do we protect unpatchable or legacy OT systems?
- Will there be operational delay or downtime before, during or after associated with OT security implementation?
- Will the end result of be a disjointed IT/OT security approach?
- Is the current IT cyber security solution compatible with the OT environment?
Creating an Illusion with FortiDeceptor
One effective strategy to help organizations adapt and adopt security in an OT environment without frustration is to employ the technology version of ‘magic’. Think of the greatest illusionists such as David Copperfield, David Blaine, Penn & Teller, and others that have convinced us magic is real because their illusions are so believable. Likewise, FortiDeceptor creates an illusionary or fake environment made up of a network of decoys and honey-tokens to simulate the actual environment thus it is completely unintrusive and does not create any operational delay in performing its function. As a network-based security solution, FortiDeceptor eliminates the need to take SCADA/ICS devices offline to install an agent.
FortiDeceptor Deceives, Exposes and Eliminates Threats
For an illusion to hold up, the devil is in the detail. FortiDeceptor deceives attackers by emulating a broad set of SCADA/ICS devices associated with Ethernet/IP, S7COMM, MODBUS, BACNET and others, as well as IT devices such as Windows, Linux with associated data and applications. Since the fake environment is indistinguishable from the real one, any interaction with the decoys, will raise an immediate alert. These alerts are unambiguous since employees will only interact with the real environment.
FortiDeceptor analyzes and exposes the tactics of the threat actor revealing how they entered the environment, their objectives and tools used. Organizations have the option to engage with threat actors to study them further then perform threat response or eliminate the threat automatically. FortiDeceptor is part of the Security Fabric thus it seamlessly integrates with an existing security infrastructure supporting automated threat response and threat hunting.
Lastly, organizations modernizing their ICS architecture would consider Purdue model as a systematic approach to applying security to each zone of the OT network that spans to IT network. FortiDeceptor aligns very well to this model as it provides coverage for both OT and IT environments.
Addressing OT Security Challenges
Although threat actors have discovered a new threat vector within OT, organizations can extend their IT security architecture to OT without worrying about the complexities that OT environments present. FortiDeceptor enables organizations to solve the problem of OT threats without adding delay or downtime and provides a holistic security approach across both IT/OT environments. Now, that’s magic.
Learn how Fortinet secures the convergence of OT and IT. By designing security into complex infrastructure via the Fortinet Security Fabric, organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant.
Original post by