<img src="https://secure.leadforensics.com/24951.png" alt="" style="display:none;">

OT Cyber Security - by SolutionsPT

As a leader in your business and as a responsible organisation you want to meet the needs of your stakeholders and this requires you to manage your Operational Technology cyber security risk. To do this you want to engage with a supplier that can provide as many of your cyber needs as possible, that is a pleasure to work with and who will give you the knowledge you need to do your job well.

SolutionsPT’s philosophy for Cyber Security is that we will provide a service that best suits the needs of our customers so they can suitably reduce their risk and ensure compliance.

Our approach follows the well established 5 principals of the Cyber Security Framework:

Cyber Framework

Taking a ‘secure by design’ approach will deliver a long-term cyber security architecture that is inherently secure against threats.

5 Steps to OT Cyber Security

  1. Identify your assets
  2. Apply appropriate security measures based on risk
  3. Make system difficult to compromise yet frictionless to operate
  4. Understand compromise may happen so make detection easy
  5. Have a plan B for recovery using Business Continuity Disaster Recovery, not just data backup

 

With over thirty years of Cyber Security experience, our fully certified cyber consultants are able to work with you across all of the recognised industry standards and regulations allowing you to measure progress and show a return on investment based on an increasing cyber maturity score. Having delivered many Cyber Security Solutions across many different industries they are able to work with our customer base to ensure that their cyber security strategy is the right one for their business.

By not only identifying your assets but also understanding their criticality and the business risks associated with them we are able to help you to develop a Cyber Security strategy that meets your immediate needs as well as providing a roadmap to maintain a secure environment going forward.

01 Identify

Identification and Classification of assets allows prioritisation and risk understanding

Being able to accurately identify assets, resources and roles allows an organisation to understand what it has and what it need to protect.

Without this insight, risk mitigation measures may be targeted to the wrong areas incurring expense without significant improvements in security or maturity.

SolutionsPT provides a range of industry leading services and products that coupled with our way of working and industry experts provides organisations with a quick and high-value view of their cyber security maturity.

 

Cyber Security Management System (CSMS) Compliance

To identify, understand and reduce cyber security risks, all organisations should have implemented an ongoing Cyber Security Management System.

Our Cyber Security Gap Assessment (CSGA) is an essential step to ensuring your company implements an effective CSMS. By identifying areas that result in increased risk exposure, or non-compliance to regulatory and legislative requirements so these problematic areas can be identified and can be quickly addressed. We understand that no two businesses are the same, as such we offer a highly customisable service. Our CSGA can be tailored to your exact needs by considering the legislative requirements and any other standards your business requires to comply with.

 

Knowledge and advice you can trust

At SolutionsPT we have over 30 years’ experience within a wide variety of Critical National Infrastructure verticals and other industries and we are used to dealing with their unique Cyber Security challenges whilst maintaining network and process integrity.

 

Industry Proven Detection and Protection Tools

Using best in class products allows SolutionsPT to provide a comprehensive deep dive into the various layers of the control network from a single site to a larger multi-site deployment without adding extra levels of complexity in order to get to the information that is needed to validate the normal process operation is secure from issue. If issues are detected, either security or configuration, they can be tracked through the business’s normal workflow remediation tools.

 

Extreme Visibility

Visibility is a foundational element for protecting critical industrial processes and it provides measurable business value. Understanding your assets, their configuration and the communications they undertake in detail allows for informed business decisions and detailed risk assessments.

Back to Top

Related Products

 

Network Audit

The importance of highly-available and secure OT networks has never been greater. With threats emerging on a daily basis, how would your configuration stand up? Whether you have technical issues or require advice on expansion, our certified engineers can undertake a full operational health check and security assessment.

FIND OUT MORE >

OT Cyber Security Reliability

Security Posture Assessment (SPA) is an enhancement to the Network Audit that provides OT engineers as well as security teams with visibility into the OT Network through analysis of a packet capture file (PCAP). The report will provide detailed communication and vulnerability analysis augmenting the Network Audit with powerful automated insights.

LEARN MORE >

Claroty CTD

Claroty Continuous Threat Detection has been chosen as the gold standard for security monitoring for Critical Operation Control Systems due to its unique feature set and unrivaled detection capabilities. These environments are often complex and with disperse control environments and CTD will visibility, anomaly detection and actionable insights without sacrificing usability and control.

LEARN MORE >

Cyber Consultancy

SolutionsPT have over 30 years OT Cyber Security specific knowledge covering all Critical National Infrastructure verticals and can be called upon for individual engagements from Security Posture Analysis through to larger scale engagements covering the full Cyber Lifecycle.

READ MORE >

02 Protect

Protecting your OT network and critical assets requires a multistage approach… there is no silver bullet!
Security must be considered at every stage to build a layer of defense which combined make compromise difficult.

 

In many cases large improvements in protection can be made simply and at low-cost

For example zoning areas of criticality ensures you can implement the most stringent controls around your key assets while applying appropriate controls to the areas which pose the least amount of risk.

Deploying hardened builds that are created to defined and recognised standards  such as CIS, NCSC or DISA. These standards are often required as a baseline for secure operational environments within the UK such as Critical National Infrastructure (CNI) and help to provide secure by design methodology.

 

Centralised Remote Management

Claroty SRA allows centralised access control that can be easily audited to meet the organisations policies and procedures allowing access to networked plant items; remote access connections allow for Active Directory users or groups to be defined providing granular control over who has access and more importantly who shouldn’t have access.

 

Continual Network and Cyber Security Situational Monitoring

Once Claroty CTD has deployed network traffic is continually collected passively, the traffic content and patterns are then analysed alerting the user of potential security or configuration issues that could harm the normal running of network and its dependant processes ensuring unexpected outages don’t occur.

 

Designed to fit the network

As network and endpoint information is collected it is automatically collated and categorised and laid out following recognised IEC-62443 standards, this allows for easier presentation of the collected information; as all networks have their subtleties more granular layout templates can be achieved to show the dependencies between the standard layers in the form of ‘half layers’.

 

Antivirus That Works For OT

Get in front of malicious cyberattacks with the data science-driven power of AI. Cylance Protect works where most attacks occur; at the endpoint for better efficiency, faster resolution and less disruption. AI-driven threat prevention, response and attack mitigation stop attacks that legacy products miss while dramatically reducing alert fatigue. Discover hidden vulnerabilities in your environment with InSights to perform on-demand threat hunting across the enterprise.

Do you still have legacy systems such as XP, Windows 7, Server 2003, 2008? If so we've still got you covered with a single solution with a single management interface.

Back to Top

Related Products

 

Firewalls

SolutionsPT supply, configure and maintain firewalls from leading IT/OT vendors such as Hirschmann, Cisco, Checkpoint and Palo Alto. Deploying solutions that are tailored for your operational environment and protect not only IP traffic but industrial protocols.

LEARN MORE >

Claroty SRA

Secure Remote Access is a policy-based access control product within the Claroty Platform. SRA is designed to minimize the risk remote users, including employees and contractors introduce to industrial networks. The platform provides a single management interface recording user actions placing you in full control of your remote network.

LEARN MORE >

Claroty CTD

Claroty Continuous Threat Detection uses multispectral analysis to build a detailed ‘pattern of life’ which is unique to your process. The occurrence of deviations produce alerts that can be sent to your Security Operations Centre, or can activate security safeguards through Next Generation firewalls to place a protection ring around your most critical assets.

LEARN MORE >

Cylance Endpoint Protection

Cylance delivers a predictive advantage against never-before-seen malware an average of 25 months before it appears online. By using mathematical algorithms to detect malware, this removes the need for continual signature updates which is ideal for OT networks where patching and maintenance windows are limited. Cylance’s unique artificial intelligence (AI) approach, predicts and protects against known and unknown malware, file-less attacks and zero-day payload execution.

LEARN MORE >

03 Detect

There are significant differences between Enterprise and Operational networks. However, the convergence between these two entities provides intelligence for agile business decisions which result in improved efficiencies.
Associated risks should be controlled and strictly managed, the corner stone being Extreme Visibility.

 

Detection is key to minimising the impact of undesirable cyber security events

A good detection solution will provide visibility to the cyber security team of a wide variety of events allowing proactive Security Event Discovery.

Understanding the time and scale of any event will allow more effective remediation. And any solutions and processes should allow for test, compliance and improvement.

With 90% of data breaches being human related and 70% of all malware originating at the endpoint, it's a cat and mouse game to keep systems secure and up-to-date. Zero day threats will always be discovered, making detection simple is the key approach to reduce the risks of cyber incident and identifying these early in the attack cycle.

SolutionsPT have implemented detection solutions and provided advice to significantly improve our customer’s cyber security event detection.

 

Swift detection allowing effective remediation

The quicker and earlier in the cyber kill chain you detect and event the more likely you are to minimise the impact. Often threat actors have a presence in an organisation’s network long before any malicious action is taken.

 

Better Security is closely related to better safety

In many cases improving security will improve safety. For example detecting a change in a PLC’s code will allow remediation of a cyber-security event but that change in code will also effect the equipment safety case.

 

Protection and process improvements

Ongoing assessment of OT operations, asset discovery along with integration into a wider enterprise tools such as SIEM or SOC allows the detection of events that even if not malicious can illustrate the need for protection improvements and identify any process weaknesses.

 

Artificial Intelligence and Machine Learning

With machine learning, cybersecurity systems can analyse patterns and learn from them to help prevent similar attacks and respond to changing behavior. Furthermore, indicators in the past can also assist to predict threats in the future. It can help cybersecurity teams be more proactive in preventing threats and responding to active attacks in real time.

Back to Top

Related Products

 

Claroty CTD

Claroty’s flagship product, Continuous Threat Detection, provides extreme visibility, continuous threat detection, vulnerability monitoring, and deep insights into OT networks. This has been designed to ensure safe, secure and reliable operations while having zero impact to the underlying operational process.

LEARN MORE >

USB Sheep Dip

Industrial Control System Removable Media Protection is a self contained unit that scans, detected and protects critical Industrial and IOT environments from USB, CD and other removable media borne threats traversing the air gap into the OT network. 

TRUST NO FILE. TRUST NO DEVICE

LEARN MORE >

Network Audit

Network audit with Security Posture Assessment takes an in-depth look into the heart of the OT network. Designed specifically for OT environments, our process understands over 100 industrial protocols and cross references data with current Common Vulnerabilities and Exposures (CVE) and threat intelligent databases to deliver a comprehensive security assessment of your infrastructure.

LEARN MORE >

Cylance Protect

The Cylance AI Platform is a cybersecurity suite that protects the complete attack surface with automated threat prevention, detection and response capabilities. Build your strategy on a security platform that provides best-in-class prevention and augments and enables your team to get ahead of attackers. With low CPU/Memory footprint, legacy platform support from XP/2003 and no signatures to update, Cylance Protect provides a best-in-class unified protection against malware, malicious scripts, USB control and fileless attacks on your OT endpoints.

LEARN MORE >

04 Respond

Swift and effective response is key to minimising the impact of Cyber Security events.

 

A full response capability includes not only action to contain and remediate but also forensics to understand the factors that dictated the event impact and the capture of lessons

SolutionsPT provides expert recovery assistance and an OT forensics capability. Our product portfolio uses environment key indicators and network performance metrics along with a deep understanding of industry specific threat intelligence to allow lessons capture. More than this we will actively work with you to swiftly put in place any measures required to improve your cyber security posture

 

Understanding and explaining what has occurred is often key after a cyber-security event to satisfy regulators and management.

SolutionsPT will actively support your response and we will provide the forensics capability required for you to understand and learn from the cyber security event.

cyber-respond

Gaining from a share of industry information and best practice

SolutionsPT has and maintains a view of industry threats and best practice through active participation in a number of industry organisations that allow advice on early response and a thorough understanding of potential response actions.

 

Continual Vulnerability Detection and Patch Management

Because data is continually being collected and Threat Intelligence feeds maintained newer threats can be detected in near real-time allowing for responses, such as patches or compensating controls, to be prioritised based on potential business and process risk.

 

Endpoint Detection and Response (EDR) which maps to Indicators of Compromise (IOC) within the MITRE ATT&CK Framework

Prevention-first security can significantly reduce the number of alerts generated by the security stack, decreasing the burden and frustration associated with endless alert investigations that lead nowhere.

With Cylance Protect preventing malware, malicious scripts, rogue applications, and fileless attacks from harming the business, Cylance Optics provides the AI powered EDR capabilities required to keep data and businesses secure and maps into the MITRE ATT&CK framework.

Cylance Optics is an endpoint detection and response (EDR) solution designed to extend the threat prevention delivered by Cylance Protect by using AI to identify and prevent widespread security incidents.

Back to Top

Related Products

 

Cyber Consultancy

SolutionsPT have over 30 years OT Cyber Security specific knowledge covering all Critical National Infrastructure verticals and can be called upon for individual engagements from Security Posture Analysis through to larger scale engagements covering a more Cyber Lifecycle project.

LEARN MORE >

Proteus Disaster Recovery

Recovery from any downtime is swift and easy with Proteus disaster resilience. Spend your time where you’re needed most, safe in the knowledge that if anything happens, SolutionsPT have backed up your data and can perform a rapid restore, getting you back to business in no time.

LEARN MORE >

Claroty CTD

Claroty CTD’s northbound integration with SIEMS & SOCs provides analysts with the tools and information they need in order to make informed decisions should extra steps be needed to protect the network and its devices.

LEARN MORE >

Cylance Endpoint Protection and Response

Cylance Optics, working with Cylance Protect delivers the detection and prevention capabilities needed to stay ahead of the attackers, keeping the business secure. Cylance is 100% Artificial Intelligence with Machine Learning capabilities which means there are no signatures to update which perfectly aligns with the needs for OT. With automated playbook, protective actions can be orchestrated to ensure that your critical process is protected and rogue endpoints are isolated.

LEARN MORE >

05 Recover

Disaster Resilience and Business Continuity designed for Industrial Control System environments

 

Always have a Plan B

Having a robust Business Continuity and Disaster Recovery (BCDR) technology should be a high priority for all organisations. The faster you can recover after an incident, the less of an impact this will have on your operation and profitability. Testing of your Disaster Recovery plan should be a regular process, with continual improvements made. Should a real incident then occur, the correct people know how to respond, and can limit the impact to operations.

There are two key metrics to review with any recovery solution, RPO and RTO. RPO is Recovery Point Objective, and is essentially how frequently do you take backups to limit the amount of lost data should an incident occur. RTO is Recovery Time Objective and is the time taken to recover after an incident. The better the solution, the smaller both of these times will be.

Business Continuity (BC) assumes there is adequate resource available to host the service, often this requires additional servers which are present 'just in case'. Combining the BC with Disaster Recovery (DR) into a single BCDR solution often brings tangible cost and time befits.

 

Disaster Recovery as a Managed Service

Allow SolutionsPT to take care of the daily operations around backup and testing, allow you to focus on your own core activities. SolutionsPT become an extension of your support team.

 

Hybrid Cloud Technology

Increase the availability, and restorability of your critical systems, with having both data stored locally on-premise, and also replicated to a secure private UK Cloud to meet your RTO and RPO requirements. Even with a serious incident at your plant your data is still secure and accessible, giving you peace of mind in your ability to recover.

 

On Premise Solutions you Manage

No all of our customers permit access to external networks for a managed service, we have a number of solutions that we have tested and are guaranteed to work within an OT environment, without requiring an external connection ever.

 

Change Management to devices and SCADA configuration

 Disasters are not always hardware or software related, there is human error too. That change you undertook to your configuration which missed the backup window or simply was 'forgotten about' can be costly and embarrassing, especially if recovery means restoring a complete machine, never mind time consuming. With MDT Autosave your changes are immediately recorded, versioned controlled, recorded and can be compared to the authorised production version.   

 

Resilient Networking

Networking is at the core of all operations, so ensuring you have a stable, healthy, safe and resilient network is essential. In an increasingly connected world, it is important to have a network that has not only sufficient speed and bandwidth capacity to meet your current requirements, but also the capacity to allow swift recovery from and isolation of any incident.

Related Products

 

OT Cyber Security Collaboration

Recovery from any downtime is swift and easy with Proteus disaster resilience. Spend your time where you’re needed most, safe in the knowledge that if anything happens, SolutionsPT have backed up your data and can perform a rapid restore, getting you back to business in no time.

LEARN MORE >

Network Hardware

To support the proliferation of your mission critical networks, you’ll need access to high quality, highly available networking devices, cabling and connectivity systems.

We supply you with globally known brands, Belden, Hirschmann, Cisco and Tofino Security that are sure to meet your networking needs.

LEARN MORE >

Veeam Backup & Replication

Veeam Backup & Replication is the one solution for simple, reliable and flexible protection of ALL of your cloud, virtual and physical workloads.  Take the stress out of managing your data protection, ransomware prevention and compliance challenges.  

MDT Autosave

MDT AutoSave Change Management enables you to “undo” the change and restore program data within seconds. MDT ensures that if a program is lost due to device failure, power loss, etc., the most current copy of program logic can be automatically retrieved so plant operations can be restored quickly and correctly. MDT validate the program running in the processor matches the reference program you designate. This enables you to detect and identify changes that may have been unknown or unauthorised, thereby protecting your process, people and equipment.

OT Cyber Security

Reduce risk and ensure compliance by seeing how we can help you deliver an efficient cyber security strategy

Get in touch