Industrial IoT protected

Oleg Marsavin

Industrial IoT protected

Cisco Announces Cisco IoT Security Architecture at Cisco Live EMEA Conference in Barcelona, ​​which, according to Vendor, provides transparency and security in IT and operating systems
technological environments. The architecture leverages existing IT security products and services, including Cisco Talos threat analytics, as well as a new industrial IoT network security product
called Cyber ​​Vision and Edge Intelligence Data Extraction Tool.

Today’s networks are the core of operational technologies (ITs) that underpin many critical infrastructures, including energy, transportation and manufacturing. To improve the release process
products, cost optimization, and security enhancement, organizations are increasingly needing immediate access to the data contained in these IT systems. Companies are looking to transform IoT data
into meaningful information and benefit from this for business. “Among the 70,000 Cisco IoT corporate users, we see accelerations in digitization projects that connect
operating assets with converged networks. Although estimates for the number of connected devices may vary, there is a consensus that cybersecurity is the number one task for customers,
implement IoT projects, ”said Vikas Butaney, Vice President and Product Manager, Cisco IoT Business Group.

Industrial IoT Security Architecture

Industrial IoT (IIoT) projects in the operating environment typically lack a modern inventory of assets with underlying communication models to identify security anomalies
and configuration. Flat, unmanaged industrial networks allow cyber security threats to be spread without interruption, threatening system downtime and increasing business risks. And though the data
being at the forefront, they fall into heterogeneous environments that include industry protocols that are alien to IT departments and security toolkits, Bhutan said.

IIoT’s integrated cybersecurity architecture enables you to protect your operating environment with four key elements:

  • identification,

  • policy definition,

  • implementation of the policy,

  • monitoring the current operation of the entire system.

Cisco Cyber ​​Vision is the first software solution for IIoT security built into the Cisco Industrial Network product portfolio. Cyber ​​Vision is based on Cisco technology,
purchased from Sentryo last year. Sentryo technology offers real-time detection of anomalies and threats for IIoT networks. Sentryo products include inventory of assets,
network monitoring and threat analysis platform, including cross-border network sensors that analyze network flows. All of the operational traffic goes through the network, and Cyber ​​Vision analyzes it
this traffic with a deep knowledge of protocols for the discrete, technology and utility industries, allowing IT and OT to provide security while maintaining production integrity for
operating environments.


Cisco Cyber ​​Vision begins with the identification of assets and the decoding of industry-specific workflows using Passive Deep Packet Inspection (DPI) technology.
Using a combination of OT-specific rules and Cisco Talos threat data, Cisco Cyber ​​Vision provides real-time anomaly detection and monitoring. Cyber ​​Vision
analyzes the traffic of connected devices and then creates segmentation policies that apply with Cisco Identity Services Engine (ISE) and Cisco DNA Center, a network management platform, for
prevent the spread of threats in IoT environments. Cyber ​​Vision also uses Cisco Edge Intelligence to retrieve data at the network boundary. This approach, according to Liz Centoni,
Cisco’s senior vice president and general manager, Computer and IoT, eliminates the need for Cisco customers to deploy a separate platform for managing IoT environments.

protection IIoT

Protecting IoT environments is more challenging because cyberattacks against any particular platform are usually high-tech. Many attacks targeting an IoT device,
are designed to damage, for example, critical industrial control systems. To ensure the security of such environments, you need a security architecture capable of
real-time to display on-screen operational data, including not only the type of attack, but also the physical location of the device, according to Ms. Centon.


Architecture understands what normal industrial traffic looks like, and if something out of the ordinary (for example, a local industrial controller suddenly starts communicating with a computer in another country),
IT and IT security staff can be notified immediately. Also, the controller should never talk to another controller. When the system identifies that controller
communicates with the engineer, this is absolutely normal. But if it turns out that he is talking to another sensor, then this should not happen. But to prevent such situations, we can create one
group policy.

To do this, Cisco uses its traditional networking tools, creating security and segmentation policies in its Identity Services Engine (ISE) and DNA Center network control panel.
Segmentation prevents threats from spreading across the operating environment. In addition, it is powered by Cisco Talos Threat Information, which provides on-line threat monitoring
real time. It provides uptime, reliability and security of the company’s industrial assets and processes, notes Liz Centon.

Current approaches require customized software and integration of different vendor technologies that are complex to deploy and manage. Current proposals are further complicated by the lack of a simple one
a way to control what data is delivered to certain applications running in a multi-cloud environment.

Cisco Edge Intelligence is a new IoT software that retrieves, converts and delivers connected asset data from the edge of IoT to multi-cloud data management points. Edge Intelligence
provides data where it can be processed. This makes it easier for businesses to use their own data collected by border devices to their advantage. According to Cisco, it is not
Not only does it simplify data management, but it also helps companies improve their competitiveness.

It may take some time before the best cybersecurity policies and methods are in line with the pace at which new devices connect to the Internet. In too
According to Cisco, many organizations would find it a good idea to start deploying better DevSecOps techniques in their IoT environments right now. Many of the applications deployed at the border,
would be much safer if developers were to embed controls directly into applications as they were created and deployed. This approach will facilitate the software integration of such
platforms like Cisco Cyber ​​Vision.

Internet of Things (IoT)

IT-News Magazine [№ 01/2020],


Leave a Comment