While no single security tactic will give you 100 per cent protection, there is a way to foster a defence-in-depth approach in securing your business, operations and assets.
The ransomware attack on Colonial Pipeline was yet another wake-up call for critical infrastructure and supply chains to rethink their approach to securing operations. In the past twelve months, ransomware has disrupted operations for supply chain organisations, including:
- A European steel manufacturer
- A US natural gas supplying facility
- A US water treatment facility
- A Japanese automotive manufacturer
- An Australian logistics company
- A South American energy distribution company
Infrastructure and supply chains are particularly vulnerable to cyber-attacks, but for different reasons. Infrastructure security investments tend to be aligned with regulatory requirements, versus “what if” scenarios. Supply chains focus on efficiency and minimising cost, forcing security proposals to compete with other, more appealing investments. The pandemic has further increased the attack surface by causing enterprises to rush remote employee access, leaving security gaps in the wake.
Supply chains are now the preferred delivery system for malware, whether targeting key infrastructure or other organisations. With ransomware expected to increase sevenfold by 2025, increasing security protections within infrastructure and connected supply chains is a business imperative.
OpenText offers multiple solutions across the detect, protect, respond and recover model. While no single security tactic will give you 100 per cent protection, these solutions foster a defence-in-depth approach in securing your business, operations and assets.
Endpoint detection and response
Beyond NGAV protection and data protection, the inclusion of world-class detection and response capabilities is essential, such as those found in EnCase Endpoint Security. You need to have detection and forensic parsing capabilities that sit at the kernel level of your endpoints – below the operating environment. This enables continuous monitoring for anomalous behaviour.
Managed detection and response
Businesses that are stretched for resources in their security operations centre now have the option of onboarding managed detection and response services that keep eyes on glass (analyst-led monitoring) and deliver continuous machine-automated monitoring of your systems and data sources 24/7, 365 days a year. OpenText Managed Detection and Response (MDR), for example, pairs best-in-breed technologies alongside security personnel with more than 15 years of experience working on breach response investigations and malware analysis engagements.
Business endpoint detection and DNS protection
As ransomware actors continue to target all sectors of the economy, it’s essential for the nation’s health and safety that businesses build resilience against – rather than simply defend against – cyber-threats. Device and network-level security such as Webroot® Business Endpoint Protection and Webroot® DNS Protection are essential, but when paired with backup and recovery solutions from Carbonite they work together to undermine ransomware actors and return operations to normal quickly.
Attacks on critical infrastructure such as that on Colonial Pipeline and the water treatment facility in Oldsmar, Florida underscore the need for embedded threat intelligence in process control systems and other internet-connected devices that can be targeted by threat actors bent on causing maximum harm. Webroot BrightCloud® Threat Intelligence gathers and distributes telemetry data from millions of real-world endpoints, providing protection for all cloud-connected devices only minutes after the detection of a new threat.
Identity and access management for third parties
Supply chain attacks target the weakest spot in almost every operation’s security programme: third-party access. Traditional identity and access management (IAM) tools are not built to secure access for decentralised, distributed user populations, providing a fraction of the security delivered to employee populations. OpenText Identity and Access Management secures and automates access to every third-party person, system or thing connecting to enterprise on-premises and cloud systems.
Industrial IoT needs the OpenText IoT platform to securely integrate operating technology, such as that of Colonial Pipelines, that was not initially designed for today’s connected ecosystems. The OpenText IoT Platform can deliver secure device management that is identity-centric and which verifies each device and associated data stream to enable clear and governable integration to enterprise applications, providing a protected and resilient IT to OT operations.
Used in concert, security and derived value is increased as each solution leverages capabilities from the others. For example, BrightCloud Threat Intelligence enables:
• Encase to increase the chances of discovery of both known and unknown threats
• Identity and access management to dynamically re-evaluate external risk signals and take action
IoT to alter data security and orchestration.
Doing so provides OpenText customers with rapid response and remediation of threats to avoid disruption and return business operations to a trusted state quickly.
To find out more on how OpenText can assist your organisation please visit us:
by Dennis McDermott, Senior Product Marketing Manager, OpenText