Manufacturers are under growing risk of cyberattacks that can shut down operations (and COVID-19 isn’t helping). Extended Detection and Response (XDR) is a new approach in the security management, automation and response arena, uniquely suited to effectively connecting both IT and OT and protecting manufacturer networks.
Most organizations today have IT endpoints to protect – desktops, servers, laptops etc. But manufacturers have both IT in their office environment AND operational technology (OT) entities including complex machinery run by computers.
A recent 2020 report found that OT attacks have increased 2,000% (!) year-over-year, with attackers shifting to vectors including IoT, OT and connected industrial and medical systems.
2020 brought with it debilitating attacks, including an apparent ransomware attack on Honda, which halted operations in North America, the UK, Turkey, Italy and Japan. Attackers are also piggybacking on Covid-19 panic to cause further havoc. The BBC quoted Honda representative Katherine Keefe as saying: "Cyber criminals are preying on people's heightened anxiety during this pandemic, tricking them into clicking and sharing links that steal information.”
As a company that provides SIEM protection to companies including a leading glass manufacturer in the US and an automotive technology company in Germany, among other manufacturers, we are very aware of the unique needs of manufacturing companies. The need to integrate the protection and orchestration of both IT and OT entities, compounded by the rise of administrative staff working from home while factory work continues, means that there are many more points of potential vulnerability. In addition, every upgrade or new version on one of the OT computers can throw a wrench in the works if it’s not correlated with security tools.
This is where automation becomes critical.
Security leaders today are looking beyond Security Information and Event Management (SIEM) solutions to Extended Detection and Response (XDR) tools. The XDR approach extends protection beyond endpoints to provide detection and response across broader systems and networks. These include cloud services, on-premise data centers, IT, OT, Internet of Things (IoT) networks – basically all of the security tools active in the organization, including the SIEM btw, where relevant.
XDR tools are known for their advanced automation capabilities, and as a new category in the security arena, they come without the baggage and heavy lifting associated with traditional SIEMs.
Who in industry and manufacturing should look to XDR and why?
Large manufacturers who already have a SIEM in place face a barrage of thousands of false alerts to their analysts, often creating a situation where it is impossible to review them all, leading to security vulnerabilities. Larger organizations also have more data, so the cost of their SIEM is also very high, as most SIEM vendors sell per data volume. An effective XDR will automate data ingestion, lowering the number of alerts and the volume of data entering the SIEM in the form of accurate security alert metadata, making for a more effective and less expensive security platform.
Small and medium-sized manufacturers who know they need a SIEM but worry that their small team will not have the capacity to maintain integrations with 3rd party tools, and to write the large volume of correlation rules needed to maintain it (perhaps they already have a SIEM and see that they are paying, but not getting value out of it). An advanced XDR can provide a “fast path” to the most advanced automation technologies, providing better threat classification with a much lower number of alerts that is manageable for even a very small security team of one or two analysts.
The advantages of XDR in a nutshell:
- Fewer false alerts and less noise.
- Better protection from attacks through automation that identifies high-risk attacks, faster.
- Automated integration between IT and OT tools.
- Easier onboarding of new data sources and integrations with 3rd party systems
- Cost cutting for larger teams that have a SIEM in place, or a more cost-effective alternative solution not SIEM.
Read more about empow’s i-XDR solution here.
View a video of CISO and empow customer at DFIN as he covers everything from architecture to automation, scalability to customer support in this clip.