Security teams are tasked with the challenge of processing large amounts of operational technology (OT) and IT security telemetry. To make this easier, Swimlane has announced a low-code security automation platform to create a centralized system of record and control point.
The platform integrates with other OT security providers, including Nozomi Networks, Dataminr, and 1898 & Co, Swimlane says. This allows OT security teams to unify threat detection and response by providing access to intelligence and telemetry from both the OT and IT environments.
"This cyber-physical threat response saves organizations crucial minutes when connecting with staff members who might be affected by a natural disaster, accident, social unrest, or other types of physical risk," explains Cody Cornell, co-founder and chief strategy officer of Swimlane.
For example, integrating automation with Nozomi Networks will allow industrial and critical infrastructure security operations teams to maintain continuous asset compliance and mitigate the risks of attacks from combined OT and IT entry points. The Dataminr integration provides automated processes to mitigate physical risks and warn at-risk employees as soon as possible to ensure their safety. And the integration with 1898 & Co allows industrial and critical infrastructure entities to add managed threat detection services that are specifically designed to address OT-specific challenges, Cornell says. That includes detecting both OT and IT-born threats, machine-speed threat validation and scoring, and rapid remediation of threats using OT response methods.
Turning to Automation as Threats Pile Up
"Cyber threats have increased in frequency and severity, which will only worsen with time," Cornell notes. "SecOps teams in industrial organizations are regular targets for cyberattacks due to the importance of their systems and infrastructure."
With the limited resources at their disposal, security teams working in organizations that rely on OT struggle to keep up with new threats. The industrial cybersecurity sector has also been attempting to address the OT security skills gap over the past few years.
"The need for security professionals to understand and safeguard cybersecurity and deal with the issues posed by antiquated and unsupported legacy processes and control systems makes the talent shortage in the OT security sector particularly more severe," Cornell adds.
The combination of factors — a cybersecurity skills shortage in OT and an overwhelming amount of OT and IT data and telemetry to analyze — creates a situation that could benefit from automation. In the OT sector, automation could play a critical role in defending against rising cyber threats in a more effective and efficient manner.
Automation has become a must-have technology for security operations: The US Executive Order on Improving the Nation's Cybersecurity from May 2021 highlighted multiple areas where automation should be adopted to manage the ever-increasing volume of threats and talent shortage.
Going Low-Code to Transcend SOAR
Legacy security orchestration, automation, and response (SOAR) products have earned a reputation of being rigid and unapproachable for the average security professional, Cornell notes. With security automation at the center, organizations could maximize the productivity of their existing security investments and staff while gaining greater visibility into critical assets, accelerating their response to incidents targeting their critical infrastructure, and improving overall team efficiency.
"Traditionally, OT systems were completely segregated from Internet-facing technology," Cornell says.
However, as critical infrastructure operators increasingly seek to carry out digital transformation initiatives, these systems are being modernized and connected to IT systems. The result is an expanded attack surface as previously isolated OT systems, once relatively immune to cyberattacks, are now Internet-accessible and high-value targets for threat actors.
"Mission success depends on secure operations, but IT, OT, and IoT assets all have different characteristics, communications, behaviors — and unique security challenges," Cornell says. "We created this ecosystem to help critical infrastructure operators take defense up a notch and reduce cyber-risk with a proactive approach designed to secure their complex ecosystem of IT, OT, and IoT assets."
Vendors Stepping Up Automation Offerings
Swimlane isn't the only company using automation to ease security pain points while managing security telemetry. Security operations platform ThreatQuotient recently released ThreatQ TDR Orchestrator, which is designed to address industry needs for simpler implementation and more efficient operations.
In June, Snowflake released a tool to help underpin cybersecurity capabilities, including SIEM, compliance automation, and vulnerability management. The workload offers customers access to cybersecurity capabilities including SOAR, compliance automation, and vulnerability management through connected applications that run on top of their existing Snowflake environments.
Earlier in the year, Sophos acquired SOC.OS, a spinoff company of BAE Systems Digital Intelligence with a software-as-a-service (SaaS) solution for automating the monitoring and triaging the growing volume of data and alerts across organizations.