New regulations of the Industrial Safety Ordinance (BetrSichV) now stipulate that potential security gaps in the software and the measurement, control and regulation technology (MSR) and their degree of danger must be assessed.
Operators of systems that require monitoring such as elevators, tank farms or biogas plants, steam boilers and other pressure vessels are now obliged to identify potential cyber threats. If the operator has not carried out a corresponding risk assessment, there is a defect that can result in penalties.
Wolfgang Huber, Regional Director Central Europe at the security specialist Cohesity, explains how companies can meet these legal requirements despite limited resources: “IT teams are already flooded with warning messages from their security architecture that they cannot process at all. Therefore, the implementation of additional requirements such as the new operational safety regulation is not trivial. Too many false alarms and information make a precise risk assessment difficult, since teams assess incidents poorly and, in an emergency, take no or the wrong measures. According to Forrester Consulting's State of Security Operations study, it's already like IT teams having to put out a wildfire with a garden hose."
Automation can help
In order to solve these challenges despite limited resources, IT systems are required that react autonomously to potential attacks and take important precautions without a member of the IT team having to intervene. Modern data security and management platforms analyze the snapshots of all data AI and ML controlled and issue a warning to higher-level SIEM platforms as soon as they detect an anomaly. This can, but does not have to be an indication of an attack. Nevertheless, actions and rules can be stored automatically for every anomaly and copies of the affected production systems can be triggered. This has essential advantages.
If there are clear indications of an attack, fresh copies of the systems defined as particularly critical can be generated immediately without anyone having to intervene. This data can also be automatically moved to an isolated external cyber vault with multiple backups and encryption, so that IT teams can restore the data from there in the event of a disaster. During the greatest imaginable crisis in IT, these automatisms help to strengthen digital cyber resilience without an IT manager having to intervene manually. The most important data, the company's crown jewels, are copied to a secure location where IT teams can maintain core operations - during a massive attack.
Analyzes in the background enable additional added value
If it later turns out that the anomalies were actually triggered by an attack, the security teams can search the historical snapshots of the past weeks and months for fingerprints without having to touch the production systems themselves. In the timed snapshots, teams can locate the various attack artifacts and reconstruct the path of the intrusion. With this knowledge, the abused weaknesses and gaps in the production system can be closed so that it can be restored hardened.
The automatisms of modern data security and management solutions such as Cohesity also help to examine the growing mountains of data and to handle the files found correctly from a compliance and security perspective. Depending on the data type, actions can be defined automatically. Personal data is encrypted and not allowed to leave certain storage regions, while strict access rights control who can even open it. These rules can then be enforced end to end, regardless of where the data is stored and without a user having to do anything manually.
The rules can also be used to enforce expiration periods for data. Today, a user will certainly make the final decision as to whether these data records can be deleted. In the future, this process could happen automatically for information clearly identified as superfluous. The same also applies to archiving tasks. Automatic classification recognizes data that companies have to keep for several years and autonomously moves it to an archive. Cost-related rules can also control that less important data is pushed into a slow but cheap archive. Data that users access frequently can be automatically moved to fast but expensive storage resources.
More at Cohesity.com
About Cohesity Cohesity greatly simplifies data management. The solution makes it easier to secure, manage and create value from data - across the data center, edge and cloud. We offer a full suite of services consolidated on a multi-cloud data platform: data backup and recovery, disaster recovery, file and object services, development / testing, and data compliance, security and analytics. This reduces the complexity and avoids the fragmentation of the mass data. Cohesity can be provided as a service, as a self-managed solution, and through Cohesity partners.
Matching articles on the topic