Cisco is looking to better protect myriad edge-attached IoT devices with new security software that promises to protect industrial assets in one of the most disparate of network environments.
The company rolled out what it called an overarching security architecture for Industrial Internet of Things (IIoT) environments that includes existing products but also new software called Cisco Cyber Vision, for the automated discovery of industrial assets attached to Cisco’s extensive IIoT networking portfolio.
Last year, Cisco rolled out a new family of switches, including the Cisco Catalyst IE3x00 ruggedised edge switches, software, developer tools and blueprints to meldIoT and industrial networking with intent-based networking and classic IT security, monitoring and application-development support.
That security rollout also included Cisco Edge Intelligence software to simplify the extraction of IoT data at the network edge. Together with the new software, IT and operational technology (OT) groups will be able to work together to provide advanced anomaly detection in IIoT environments, said Joe Malenfant, director of global IoT for Cisco.
“The architecture understands what normal industrial traffic looks like, and if something is out of the ordinary, like a local industrial [programmable logic controller] suddenly starts communicating with a computer in another country, the IT and OT security folks can be notified immediately,” Malenfant said.
The security architecture looks to address a number of challenges in the IIoT arena, wrote Vikas Butaney, vice president of product management with Cisco’s IoT Business Group in a blog about the announcement which came at the Cisco Live Europe event in Barcelona.
IIoT projects in operational settings typically lack up-to-date asset inventories with a baseline of normal communication patterns to detect security and configuration anomalies, he stated. Flat, unmanaged, industrial-plant networks allow unfettered propagation of cyber security threats, threatening system downtime, and increasing risks to people and industrial processes.
And while data is king, it becomes trapped in heterogeneous environments incorporating industry-specific protocols that are foreign to IT and security tool sets, Butaney stated.
With that in mind, Cisco Cyber Vision software embedded in Cisco’s IoT networking gear works by passively discovering networked assets and decoding industry-specific process flows using passive Deep Packet Inspection (DPI) technology.
Then, using a combination of OT-specific rules and intelligence from Cisco's Talos threat-research team, it provides real-time anomaly detection and monitoring, Butaney stated.
Information gathered by Cisco Cyber Vision can also be used to develop segmentation policies in existing Cisco Identity Services Engine (ISE) for access control and segmentation and DNA Center for centralised management.
The idea is to let IT and OT stop the unfettered propagation of threats across operational environments – a process that is a highly manual and does not keep up with changing requirements today, Butaney stated.
Cisco Cyber Vision can also pass data to third-party security information and event management platforms, such as IBM QRadar and Splunk, Cisco stated.
Cyber Vision is based on technology Cisco acquired from Sentryo last year. Sentryo technology offers anomaly detection and real-time threat detection for IIoT networks. Sentryo products include an asset-inventory, network-monitoring and threat-intelligence platform, including network edge sensors that analyse network flows.
The other new software, Cisco Edge Intelligence, runs on Cisco’s IoT packages and gathers data from connected devices to create logical flows from the edge into private, public or third-party clouds, Malenfant said.
For example, if a robotic arm in a remote system needs replacement, it can send telemetry or information about the problem. Edge Intelligence extracts that data and gives the OT team information it can use to fix the problem Malenfant said.