Insights > Network Visibility + Security

Bridging the OT Data to Visibility Divide

2021-06-17  |  7 min read 

Bridging the OT Data to Visibility Divide

The Importance of Words

The first time I saw the letters IIOT strung together on a slide, I thought it was a typo. And then I realized it was intentional.

“Mr. Stark, I don’t feel so good.” – Peter Parker

The first time I saw the words, ‘digital transformation’ on a website, I found myself grumbling at yet another tired stringing together of words that meant absolutely nothing without a lengthy explanation (or absolutely anything you could ever imagine).

“Don’t make me angry. You wouldn’t like me when I’m angry” – Dr. Bruce Banner

So maybe you can understand my relief when I saw the words, ‘IT/OT Convergence’. Finally words strung together in a pattern that actually meant something! But upon closer scrutiny I realized that even after a career spent on the Enterprise side of the house, I had no absolutely no idea what an OT was.

Object Technology? Occupational Therapy? I couldn't even come up with three guesses...

The answer: Operational Technology


One could argue that the convergence of IT and ICS isn’t IT/OT at all, as there isn’t much meeting in the middle just because you make the acronyms play well together.

“Is this your king?” -Erik Killmonger

But we do know this: Information Technology deals with intangibles, like data and information. The #1 priority of Information Technology is cybersecurity. And we also know this: Industrial Control Systems deal with tangibles, like plant, property, and people. The #1 priority of Industrial Control Systems is ensuring a safe workplace. So then it stands to reason that the convergence that’s happening in IT/ICS is the convergence of the protection of stuff.

Bridging the OT Data to Visibility Divide

With the adoption of standard IP protocols and networking conventions, ICS networks have become relatively flat and open, such that hackers, once behind the firewall, can enter and move at will. Recent examples of malware attacks impacting ICS include Industroyer - Crash Override, WannaCry, BlackEnergy, Stuxnet, and now the SolarWinds hack. Failure to ensure a safe workplace includes: loss of life, major outages, massive revenue losses, brand destruction, substantial government fines, and large-scale infrastructure damage. People and companies die.

Fortunately, IT security teams have been defending against hackers for the past forty years, and have the expertise and tools for keeping networks safe. And ICS cybersecurity incidents of the past 11 years have resulted in astronomical growth in the need and development of ICS cybersecurity tools. When these IT and ICS cybersecurity tools converge, they form a strong defense for your entire IT/ICS networks. And the protection of stuff, both yours and your customers.

If you're interested in learning more about strenthening your IT/ICS network join us in this upcoming free webinar:

Free SANS webinar: Bridging the OT Data to Visibility Divide

Join Dragos, Inc. and Keysight Technologies for a SANS Institute webinar on June 30th, 2021 at 3:30 pm ET, Bridging the OT Data to Visibility Divide, to learn how asset visibility, #NetworkVisibility, and threat detection work together to form a strong defense of your OT and IT network. #ICS

OnDemand SANS Webinar: Bridging the OT Data to Visibility Divide  

Webinar Abstract:

Asset visibility, threat detection, and investigative playbooks are critical ICS/OT technologies in your defense against industrial adversaries. However, accessing the information that these technologies need can be a significant challenge for asset owners and operators, as this information is often located throughout your OT environment, including the lower layers of the OT architecture. To solve this problem, Network Visibility tools are used to collect information from your OT architecture and feed it back to your ICS/OT cybersecurity tools. In this webinar Michael Hoffman, Principal Industrial Consultant, Dragos and Phil Trainor, Securities Solutions Architect, Keysight Technologies explore how Asset Visibility, Network Visibility and threat detection work in conjunction to form a strong defense for your entire IT/ OT network.

Speaker Bios:

Michael Hoffman works at Dragos as a Principal Industrial Consultant and has over 20 years of experience focused in O&G with roles in downstream, upstream, and global technical leadership. His past titles have included Principal ICS Security Engineer, Controls and Automation Specialist, Process/CEMS Analyzer Specialist, and Instrumentation & Electrical Technician. He has a Master\'s in Information Security Engineering Degree from SANS Technology Institute and is a SANS instructor in development for the ICS curriculum. Michael is driven to continual learning and has over 10 GIAC certifications. He is currently studying for the OSCP certification.

Phil Trainor works at Keysight Technologies. He is a network security specialist with over twenty years in the industry. He has lectured at prestigious security conferences such as BlackHat, Defcon, RSA, and SANS ICS Summit events (twitter: @Phil_Trainor), as well as numerous other security conferences. He is currently a Director in Keysight Technologies Security Solutions Group, focusing on Keysight solutions that leverage threat intelligence.