EXECUTIVE BRIEF

Integrating OT
into IT/OT SOCs
In the new world of increased cyber risk, approaches that bridge the
IT/OT divide are no longer optional – they’re mission critical. Executive
leadership expects CIOs and CISOs to anticipate and stay ahead of the
enterprise-wide threat landscape, including oversight of cyber risks
related to industrial operations.

Integrating operational technology (OT) threat monitoring into

security operations centers (SOCs) contributes greatly to achieving
fast, comprehensive threat detection and response. This Executive Enel, the #1 Global
Brief looks at the trends behind combined IT/OT SOCs and outlines a
Electric Utility, Chooses
straightforward way to include industrial threat monitoring that meets
the needs of both IT and OT. Nozomi Networks
Cyber Incidents Threaten Results and Reputation With Nozomi Networks Guardian we can
now detect and collect operational and
Business executives and Boards of Directors are increasingly aware
cybersecurity issues in real-time, and
of the potential impact of cybersecurity incidents on results and
take corrective actions before the threat
reputation. High-profile attacks, such as the Equifax data breach and
can strike.
the NotPetya global attack, have demonstrated just how costly they
Gian Luigi Pugni, Head of Cybersecurity
can be, with worldwide NotPetya damage estimated at $10 billion.1
Design, Enel

In the OT arena, cyberattacks on critical infrastructure and strategic

industrial assets have dramatically increased. This includes attempts to Nozomi Networks Guardian is now a
disrupt operations and steal intellectual property. Governments are also fundamental element of our network
intensifying regulatory oversight and breach reporting requirements. infrastructure and an essential tool for
our daily activities.
As a result, OT cybersecurity is receiving unprecedented attention and Federico Bello, Head of Power Generation
transitioning away from siloed engineering supervision to management Remote Control System, Enel

by collaborative IT/OT teams.

 Why IT/OT Integration is Key

Industrial Cyberattacks - Cyberattacks on critical infrastructure – rated the fifth top risk in 2020 by our
expert network – have become the new normal across sectors such as energy,
A Top Global Risk
healthcare, and transportation.

World Economic Forum, Global Risk Report, 2020

Attackers Exploit IT/OT Many industrial companies still view IT and OT cybersecurity as separate
challenges. Different concerns and practices seem to justify siloed efforts and
Defense Gaps
separation of responsibilities. However, attackers are already exploiting gaps
between IT and OT defenses.

For example, spam phishing is commonly used to gain privileges and entry
into OT systems. And hackers are using HVAC and other poorly defended OT
systems as entry points into data centers and corporate IT networks.

ARC Advisory Group, IT-OT Cybersecurity Convergence, 2018

CIO/CISOs Need to Make Attacks and compromise are inevitable, and, by 2020, 60 percent of security
budgets will be in support of detection and response capabilities.
Informed Choices
Gartner, The IT Implications for I&O Leaders, 2018

Security tools deployed for OT security have to support the need for
coordinated enterprisewide security activities, which comes from having IT
and OT security handled with a joint governance process.

Gartner, Competitive Landscape: OT Security, 2018

IT/OT Convergence
To reduce risk, security and risk
management leaders should eliminate
IT and OT silos by creating a single digital Stat
ic

amic OT
Dyn Physical
security and risk management function. Security Security
This function should report into IT but
should have responsibility for all IT and OT
ID: 347847 © 2018 Gartner Inc.
security.
"Why IIoT Security Leaders Should Worry About Cyberattacks Like WannaCry," Gartner, 2018.

EXECUTIVE BRIEF
2
Integrating OT into IT/OT SOCs
 The Driving Force
Behind IT/OT SOCs
The Reality of In the past, industrial systems were not away from local monitoring and data
considered to have high cyber risk because processing to cloud-based applications and
Risks Facing OT
they were isolated (air gapped), without analytics increases cyber risk exposure.
Systems connectivity to enterprise systems or the
• More sophisticated attacks — A new era
internet. They were also protected by obscure
of industrial threat actors, such as hackers,
proprietary technology and considered of low
criminal organizations and nation states,
interest to hackers or attackers.
focus on disrupting industrial systems for
financial or political gain.
Now, industrial cyber risk is much higher due to:
• Easier access to resources — A
• More connectivity and exposure — The
marketplace of tools, for example malware
increased use of common technology
frameworks and vulnerability exploits,
platforms and data sharing between IT
makes it faster and easier to execute
and OT systems exposes industrial systems
industrial cyberattacks.
to more cyber threats. This includes the
migration to the Industrial Internet of As a result of these trends, the majority of IT
Things (IIoT), where physical assets and IT and industrial control systems (ICS) security
infrastructure are closely integrated. practitioners across a variety of industries
believe the threat level to OT and IoT systems
• The transition to virtual systems –
is high or critical. 2
Shifting industrial system architectures

Why the SOCs are generally tasked with preventing, to protect OT systems, threats need to be
detecting and responding to cybersecurity stopped in their early stages, often while
IT/OT SOC?
threats and incidents. Often, they also assess they are present in IT systems.
and fulfill regulatory requirements. Their
• Speed up response times — Monitoring
mandates typically do not cover industrial
OT systems separately from IT systems
systems – though it is possible to leverage
runs the risk of breakdowns in
the investment in SOCs to include OT.
communication and dropped incident
handling between multiple teams.
As threats to OT systems intensify, there are
several reasons to include OT in an enterprise- • Keep costs down — It’s more cost
level SOC. With a combined approach, effective to include OT and IoT threat
companies can: monitoring within one comprehensive
SOC than to have multiple SOCs.
• Stop threats faster — Most cyberattacks
• Leverage teams’ strengths — Protecting
on OT systems originate on the IT network
OT systems requires a blend of IT and OT
and involve multiple steps in an elaborate
skills. For many organizations, it is easier to
cyber kill chain process. High profile
close the skills gap by training IT people on
examples include an attack on a German
OT sensitivities than training OT people on
steel mill, disruption to Ukraine’s power
IT cybersecurity skills.
grid in 2015 and 2016, and the shutdown of
a gas facility in Saudi Arabia in 2017. Thus,

EXECUTIVE BRIEF
3
Integrating OT into IT/OT SOCs
 Building an IT/OT SOC

The Challenges Adding OT and IoT security into the mandate They also use insecure and often proprietary
of SOCs is not a simple matter of extending protocols whose communications cannot be
of Securing OT
IT security solutions and staff responsibilities properly evaluated by IT security tools.
and IoT Systems to include industrial networks.
Finally, the central mission of the people
OT networks are often large, complex and managing industrial networks is to maintain
include a wide range of assets that are high safety, availability and production
unknown to IT, including legacy equipment efficiency. This focus must be embraced when
that can be sensitive to many types of integrating OT network monitoring into an SOC.
network traffic.

Key All these unique challenges mean that reduce the need for scarce cybersecurity
companies will need to consider the skills, companies should consider
Considerations
following as they create an IT/OT SOC: concentrating the SOC team in one
for an SOC location and providing cross-training on
Transition • Technology — Solutions need to meet all
critical skills.
the specific requirements for OT, but also
• Accountability — Business leaders must
integrate seamlessly with IT SOC systems
create an environment that aligns IT and OT
and infrastructure.
under one common culture and reporting
• People Resources — Enterprise SOCs
structure. As the teams merge, they should
require the inclusion of industrial
work to understand the others’ priorities
cybersecurity specialists in core SOC
and challenges, and achieve the common
resourcing, or as part of a virtual or
goals set by the executive responsible for
extended team. To keep costs down and
company-wide cyber risk.

Selecting To embrace the inevitable convergence • Integrates seamlessly with IT

of IT and OT teams and achieve a high- infrastructure, easily sharing data with
the Right OT
functioning, cost-effective enterprise-wide existing applications and assets.
Technology SOC, companies need better visibility
• Includes pre-built integrations with SOC
of OT and IoT infrastructure and threats.
tools, such as SIEMs.
When selecting an OT security and visibility
• Deploys quickly and easily with mature
solution, make sure it:
technology that is ISO 9001 certified.
• Delivers superior real-time OT and IoT
• Consolidates information from multiple
threat monitoring that shortens the mean
industrial sites and scales to meet the needs
time to detection and response.
of very large distributed organizations.
• Provides comprehensive OT network
Companies with an IT/OT SOC will experience
visualization and asset inventory, without
better threat detection and response metrics,
risk to the industrial process.
improved cyber resiliency and an overall
• Empowers security analysts to rapidly
decrease in cyber risk.
remediate threats with OT-specific alert
aggregation, dashboards and forensic tools.

EXECUTIVE BRIEF
4
Integrating OT into IT/OT SOCs
 Securing the World's Largest
Organizations

9 of Top 20 Chemicals
Building
Automation
Oil & Gas
Manufacturing Food & Retail
7 of Top 10
Pharma
Automotive Logistics
5 of Top 10
Mining Airports Smart Cities

5 of Top 10
Utilities Water Transportation

Improving Enterprise-wide
Cybersecurity
While increasing cyber threats dominate the news,
there is reason to be optimistic. New technology, such
as the Nozomi Networks solution, is easy and safe to
deploy, dramatically improves OT/IoT cybersecurity and
integrates seamlessly with IT infrastructure.

To see OT and IoT security and visibility in action,

and experience how easy it is to work with
Nozomi Networks, have your team contact us:
nozominetworks.com/contact

EXECUTIVE BRIEF
5
Integrating OT into IT/OT SOCs
 Global Partner Ecosystem
Partnering
to Optimize
OT and IoT
Security

References
1. "The Untold Story of NotPetya, the Most Devastating Cyberattack in History," Wired, 2018.
© 2020 Nozomi Networks, Inc.
2. "Securing Industrial Control Systems - 2017," SANS, 2017.
All Rights Reserved.

EB-IT-OT-SOC-8. 5x11-004

Nozomi Networks
The Leading Solution for OT and IoT Security and Visibility

Nozomi Networks
Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industrial and government
organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights

The Leading
for OT and IoT environments. Solution
Customers for
rely on us OT and
to minimize riskIoT Security
and complexity and
while Visibility
maximizing operational resilience.

Nozomi Networks is the leader in OT and IoT security and visibility. We accelerate digital transformation
by unifying cyber security visibility for the largest critical infrastructure, energy, manufacturing, mining,
transportation, building automation and other OT sites around the world. Our innovation and research make it
© 2021 Nozomi Networks, Inc.
possible to tackle escalating cyber risks through exceptional network visibility, threat detection and operational
All Rights Reserved.
insight.
EB-IT-OT-SOC-8. 5x11-007 nozominetworks.com
EXECUTIVE BRIEF
6
Integrating OT into IT/OT SOCs © 2020 Nozomi Networks, Inc.
All Rights Reserved.
nozominetworks.com CS-ENEL-8. 5x11-005
v