Notes from Palo Alto Ignite 2019: helping system integrators bridge the IT-OT divide

By Rani Kehat, V.P. Business Development, Radiflow

​Last week, Radiflow took part in Palo Alto Network’s Ignite 2019 conference, a meeting place for Palo Alto Network’s EMEA IT security partners, held in Barcelona, Spain. Radiflow participated as a technical alliance partner for Palo Alto Networks Cortex cloud solutions and on-premises prevention in conjunction with the Palo Alto Networks firewall.

The ability to seamlessly add OT cyber tools to existing security controllers and SIEM infrastructure drew great attention from the IT security system integrator (SI) and service provider community.

Among the barriers standing in the way of IT System Integrators entering the OT environment, the main barrier, based on our observation, is not technological but rather procedural: it requires understanding the inner-workings of production processes such as power, oil, BMS, and manufacturing.

[inject id=’code-47fd23f73a9caecab1e206306adae7f9′]

While system integrators already possess all the methodologies, tools, and disciplines needed to monitor and secure production environments, most still lack the fundamental knowledge of the OT domain.

The questions we received as we demonstrated the joint solution focused on following topics:

• What is the threat surface?
• What are the attack vectors?
• How do you perform vulnerability and asset management?
• Regulations in this field, and experience in performing OT security assessments
• How to define risk zones and the appropriate security policies?
• How to establish a common language with operational engineers for building security policy (CSMS) and mitigation procedures (play-books)?

The answers to these questions boil down to the essential differences between IT and OT networks.

In general, IT environments consist of a user interface, the network itself, applications and databases. In a one-to-one analogy to OT environments, the data in IT environments can be seen as the production process itself. Therefore, data-producing companies can adopt the same risk-driven security policies.

(This is obviously not the case in OT: power plants produce power, not data, and silicon manufacturers produce silicon wafers. Data in OT may be a useful byproduct, but definitely not the main product of the process.)

At the show we have received a warm response from our booth visitors when we presented the Radiflow partner support plan, designed to enable system integrators to bridge the IT-OT divide, for the purpose of presenting a total OT cybersecurity solution to their clients.