“In an ICS environment, it's pretty common to have vulnerable devices, so professionals need to see what assets are on their network and additional intelligence on what those devices are actually doing,” said Nadir Izrael CTO and co-founder of Armis. “Contextual data will enable teams to define what risk each device poses to the OT environment so that they can prioritize remediation of critical and/or weaponized vulnerabilities to quickly reduce the attack surface.”
While the information technology (IT)/OT convergence is driving some cross-domain collaboration, more is needed to focus on device security, Armis said. According to the company’s research, four out of the five riskiest devices run Windows operating systems, showcasing how a basic understanding of asset risk and securing vulnerable assets is still a challenge for some IT and OT teams.
Armis looked at device types and found that many are more exposed to malicious activity because they are using the SMBv1 protocol, end of support operating systems and many open ports. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the WannaCry and NotPetya attacks. While security experts previously advised organizations to stop using it completely, the data shows it is still preeminent in the field, Armis said.
“From an organizational perspective, having a risk-based approach to vulnerability management must go hand in hand with OT and IT departments working together to help coordinate mitigation efforts,” Izrael said. “Cross-departmental projects will help streamline process and resource management and achieve greater compliance and data security. Overall, to navigate the challenges of the new industrial era, security professionals need an IT/OT convergence security solution that shields all assets connected to the network.”