Intelligent CIO Europe Issue 61 - Page 78

t cht lk

t cht lk

It is critical to detect and prevent unauthorised USB sticks because we have seen many OT attacks that are being distorted within a USB port or transferring malicious data , files and viruses into those machines . They are then compromised by using something like a USB port or legacy operating systems that aren ’ t patched or supported by the vendor itself . We must make sure that we detect any suspicious behaviour inside our network and prevent and protect the infrastructure . At TXOne , this is precisely what we can do with the technologies we are further providing to our end-users .
What are the shortcomings of using traditional endpoint security products in the critical infrastructure or OT environment ?
This is a complex issue and we must break it down into several layers to understand it . I always recommend that before you start doing a gap assessment or a risk assessment , you must categorise what the critical assets and devices are . Furthermore , analyse and categorise their functionality , how they are parting and the risk and vulnerabilities that can be compromised and exploited on each of those . Once we know all this information , only then must we start with the patching and security .
Talking about the traditional antivirus , it must be connected to the Internet , be updated and have the latest patches to detect viruses in real-time . However , in OT we find many challenges in this area , some of them stemming from old legacy platforms that are currently running . Surprisingly , many customers have been using XP and Windows 2000 servers until
now . This is a fact that we cannot deny or change for the time being . However , since the world is on a Digital Transformation journey , traditional antiviruses are becoming outdated and need to be constantly connected and patched .
We are also working in a very harsh atmosphere . Some customers have their devices , maybe offshore , in desert zones or possibly in an air-gapped environment with no connectivity or Internet . Due to this , they cannot get the appropriate patches and updates to secure those devices . This is where TXOne comes in to do some counter-measurements to provide security in different zones with different challenges .
What do you suggest is the first step in revealing cybersecurity blind spots and complying with regulatory standards ?
We must pay close attention to compliances , especially when aiming to reveal cybersecurity blind spots and comply with regulatory standards . We ’ ve seen lots of cybersecurity compliance being applied nowadays , not just in IT but also OT , and customers are starting to implement those compliances .
In Trend Micro and TXOne , we have a powerful valueadded proposition where we can cover both pillars , starting from Layer 1 into Layer 3 for OT . We are also able to cover additional layers going above Layer 3 . Having the IT and OT convergence and securing both layers is something that TXOne and Trend Micro add value to for sure . As a company that sees the complete picture , our value addition comes from the fact that our
78 INTELLIGENTCIO EUROPE www . intelligentcio . com