The ransomware attack on Colonial Pipeline was yet another wake up call for critical infrastructure and supply chains to rethink their approach for securing operations. In the past twelve months, ransomware has disrupted operations for supply chain organizations, including:
- a European steel manufacturer
- a US natural gas supplying facility
- a US water treatment facility
- a Japanese automotive manufacturer
- an Australian logistics company
- a South American energy-distribution company.
Infrastructure and supply chains are particularly vulnerable to cyberattacks, but for different reasons. Infrastructure security investments tend to be aligned with regulatory requirements, vs. “what if” scenarios. Supply chains focus on efficiency and minimizing cost, forcing security proposals to compete with other, more appealing investments. The pandemic further increased the attack surface by causing enterprises to rush remote employee access, leaving security gaps in the wake.
Supply chains are now the preferred delivery system for malware, whether targeting key infrastructure or other organizations. With ransomware expected to increase sevenfold by 20251, increasing security protections within infrastructure and connected supply chains is a business imperative.
OpenText offers multiple solutions across the Detect, Protect, Respond and Recover model. While no single security tactic will give you 100% protection, these solutions foster a Defense-in-Depth approach in securing your business, operations and assets.
Endpoint Detection and Response: Beyond NGAV Protection and Data Protection, the inclusion of world-class Detection & Response capabilities is essential, such as those found in EnCase Endpoint Security. You need to have detection and forensic parsing capabilities that sit at the kernel level of your Endpoints – below the operating environment. This enables continuous monitoring for anomalous behavior.
Managed Detection and Response: Businesses that are stretched for resources in their Security Operations Centre now have the option of onboarding Managed Detection & Response services that keep eyes-on-glass (analyst-led monitoring) and deliver continuous machine-automated monitoring of your systems and data sources 24X7X365. OpenText Managed Detection and Response (MDR), for example, pairs best-in-breed technologies alongside security personnel with more than 15 years of experience working breach response investigations and malware analysis engagements.
Business Endpoint Detection and DNS Protection: As ransomware actors continue to target all sectors of the economy, it’s essential for the nation’s health and safety that businesses build resilience against – rather than simply defend against – cyber threats. Device and network level security like Webroot® Business Endpoint Protection and Webroot® DNS Protection are essential, but when paired with backup and recovery solutions from Carbonite they work together to undermine ransomware actors and return operations to normal quickly.
Threat Intelligence: Attacks on critical infrastructure like Colonial Pipeline and the water treatment facility in Oldsmar, Florida underscore the need for embedded threat intelligence in process control systems and other internet-connected devices that can be targeted by threat actors bent on causing maximum harm. Webroot BrightCloud® Threat Intelligence gathers and distributes telemetry data from millions of real-world endpoints, providing protection for all cloud-connected devices only minutes after the detection of a new threat.
Identity and Access Management for Third Parties: Supply chain attacks target the weakest spot in most every operation’s security program: third-party access. Traditional IAM (Identity & Access Management) tools are not built to secure access for decentralized, distributed user populations, providing a fraction of the security delivered to Employee populations. OpenText Identity and Access Management secures and automates access to every third-party person, system or thing connecting to enterprise on-premises and cloud systems.
Industrial IoT: Industrial IoT needs the OpenText IoT platform to securely integrate Operating Technology, like the Colonial Pipelines that was not initially designed for today’s connected ecosystems. The OpenText IoT Platform can deliver Secure Device Management that is identity-centric that verifies each device and associated data stream to enable clear and governable integration to enterprise applications, providing a protected and resilient IT to OT operations.
Used in concert, security and derived value is increased as each solution leverages capabilities from the others. For example, BrightCloud Threat Intelligence enables:
- Encase to increase the chances of discovery of both known and unknown threats
- Identity and Access Management to dynamically re-evaluate external risk signals and take action
- IoT to alter data security and orchestration.
Doing so provides OpenText customers with rapid response and remediation of threats to avoid disruption and return business operations to a trusted state quickly.