The New Way to Secure the Cyber-Physical World

To protect modern organizations, we at InsightCyber do something that nobody else is doing.

We look for attacks, not vulnerabilities. That is a simple statement, but it reflects a profound difference between how we approach cybersecurity for critical infrastructure and operational technology (OT), and how everyone else does it today.

It is painfully obvious that the status quo is inadequate to meet the challenge of cyber-physical security, which is getting scarier by the day. Here’s why it will never work: current solutions rely on the approach that was developed to protect traditional IT, like servers, computers, and networks. Simply put, it is a vulnerability-driven approach.

In this approach, security teams and tools depend on the knowledge that was gained from past attacks. They compile exhaustive records of known vulnerabilities and compare them to what they see happening in their environments. This generates massive logs of data about things that may or may not be going wrong. If, for instance, the system notices that you’re running Application A on Platform B on Operating System C, it might be vulnerable to being hacked. Is it certain? Fairly. But someone needs to investigate to be positive.

This whack-a-mole approach has one clear fatal flaw. Hackers keep innovating new ways to attack. As long as they continue to find new vulnerabilities—which they always will—the defenders will forever remain on the defensive.

We solve the problem in an entirely different way.

Look for behaviors, not vulnerabilities

Our technology finds malware that no one’s ever seen before—the unknown vulnerabilities if you will. We detect attacks in progress, usually at their very earliest stages.

Our approach is to continuously monitor the behavior of every connected piece of operational technology in the environment, and to spot the tiny anomalies that indicate that an attack is underway. And when we find one, we issue a report with intelligent recommendations for remediation.

To do this, we’ve developed some new flavors of AI that are deeply educated on how devices and systems are intended to be working. It’s smart enough to quickly recognize small behavioral deviations that can signal trouble. It does this continually, at massive scale, across myriad environments.

This approach addresses one other huge problem that security teams face, which is that operational technology cannot be patched or updated. In most cases, software exists as firmware, and cannot be changed. In other cases, you’d have to arm wrestle a plant operator or facilities manager before they’d let you get within a hundred yards of their software. Fact is, a behavior-based approach to protection is really the only practical approach.

Consolidate IT and OT

And finally, we bridge the huge gap between the worlds of OT and IT. The people who understand cybersecurity usually don’t understand OT systems, and the people who understand OT usually don’t understand cybersecurity. In almost every way, their systems don’t work easily together. Our approach is a next-generation SIEM that delivers high-priority alerts in a scope and format that dovetails with the SIEMs used by existing security teams.

And speaking of security teams, our approach promises to transform the work happening in a traditional Security Operations Center (SOC). When people aren’t burdened with endless hours of combing through logs and chasing false positives, they go from being screen monkeys to threat hunters. And in an industry with incredibly high turnover rates, the promise of retaining employees through more interesting work is compelling.