« Previous 1 2 3 Next »
Purdue Model for industrial networking
Safety Dance
Security Strategies
The clear structure and delineation of levels in the Purdue Model are crucial for the development of targeted security and control strategies. Giving each level its specific security protocols tailored to its needs ensures effective protection of the integrity of industrial control systems and company data alike and includes not just physical and network-based security, but also the implementation of data security campaigns and effective protection against unauthorized access to ensure a comprehensive security architecture.
This model puts organizations in a position to establish a robust, security-oriented structure that effectively supports both the operational and information technology aspects of their organization, which has never been so relevant as in our age of increasing digitalization and networking, where cyberthreats represent an ever-growing challenge.
Products and services that offer protection in accordance with the structured approach of the Purdue Model need to incorporate various technologies, as shown in Table 1.
Table 1
Purdue Model
| Technology | Levels | Description |
|---|---|---|
| Perimeter protection | 0, 1, 3, 4 | The entire network is secured by strictly controlling and monitoring access from outside, which is particularly critical for the upper levels, where data is exchanged with external sources. |
| Layer 2 and 3 (L2/L3) NGFW segmentation | 2, 3.5, 5, Internet | Next-generation firewalls (NGFWs) support advanced network segmentation, an essential factor for isolating the levels of the Purdue Model from each other. Segmentation is critical to prevent the spread of threats across the network. |
| Server protection | 3, 4 | Servers hosting critical, operational applications need to be protected. Malware, ransomware, and other types of threats must be tackled here. |
| Identity and access management and privileged access management | These systems regulate access to critical data and systems and ensure that only authorized persons have access, which is hugely important across all levels. | |
| Threat protection (IDS/IPS) | Intrusion detection (IDS) and prevention systems (IPS) can be used anywhere on the network and are important for detecting and preventing real-time threats. | |
| Application control | 2, 3.5, 5 | Here, access to applications is controlled and regulated on the basis of specified user identities and policies to prevent unwanted or threatening application activity. |
| Endpoint protection | Secure workstations and mobile devices prevent threats accessing the network via the endpoints. | |
| Deception technology | 2, 3, 4 | Deception technologies mislead attackers and distract them from the actual targets, which strengthens the overall security architecture. |
| Advanced threat protection and sandboxing | 2, 3, 4 | Sandboxing technology isolates and analyzes suspicious files and processes in a secure environment, which is crucial to detecting and subsequently neutralizing advanced threats. |
| Network operations (NOC/SOC) | Network (NOCs) and security operations centers (SOCs) provide uninterrupted monitoring and response to security incidents, which is essential for early detection and a rapid response to security events. | |
| Switching and WAP systems | Specialized switching systems (with PoE) and wireless access points (WAPs) are designed to connect OT environments securely to the network, which is critical to creating a robust infrastructure. | |
| Ruggedized systems | Extreme conditions require robust systems that function reliably and have been specially developed for use in demanding OT environments such as DIN rail switch cabinets. |
FortiDeceptor
Fortinet is the organization behind FortiDeceptor [1], a specialized tool that uses honeypot technology to attract attackers by simulating vulnerable systems on the network and distract them from real targets. FortiDeceptor was developed specifically for use in OT environments and aims to detect and neutralize typical attack patterns that are common in industrial settings. By creating a controlled and secure environment, the product security teams observe and analyze the behavior of attackers without compromising physical systems or data. The insights into attack vectors and methods gained here enable organizations to adapt and strengthen their security strategies effectively.
One key feature is the ability not only to identify attacks, but also respond proactively. This defense supports integration into the Fortinet Security Fabric, which enables real-time data transfers and coordinated responses across a zoo of security systems that help shut down security gaps more quickly and mitigate potential damage.
The extension of the digital ceiling in smart facilities is a targeted example. By integrating fake IP cameras, alarm systems, and heating, ventilation, and air conditioning (HVAC) controls, FortiDeceptor can detect attackers at an early stage. The use of fake network infrastructures as decoys provides deep insights into the intruders' methods and behaviors, making it possible to act proactively and provide comprehensive protection.
The Challenge of Zero Trust
In the context of IT and OT, the zero trust security model, which is based on the principle of trusting nobody and nothing without appropriate verification, is becoming increasingly important. That said, implementing zero trust in OT environments poses problems, because these environments often contain outmoded technologies primarily designed for reliability and uptime rather than cybersecurity. Moreover, the OT landscape is often characterized by a lack of standardization, which adds complexity and harbors extensive potential for attacks.
For an effective implementation of zero trust in OT environments, you need to consider both the functionality of your industrial automation and control systems and the security-related aspects that play a role. It is also essential for the deployed zero trust technology to be compatible with legacy technology in OT environments, because certain components such as PLCs or HVAC systems might not be able to support the technologies or protocols required for full integration with zero trust.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Purdue Researchers Find a Faster Way to Send Information by Photon
-
Vulnerability assessment best practices for enterprises
A vulnerability assessment is an important step toward protecting an organization's critical IT assets. -
Public key infrastructure in the cloud
A public key infrastructure in the cloud for secure digital communication maintains the security of an on-premises solution and reduces complexity. -
Zero trust planning and implementation
The many facets of the zero trust implementation process can be a source of frustration, which is why we offer a step-by-step guide to implementing zero trust models to help you make state-of-the-art IT security become a reality. -
ASM tools and strategies for threat management
The tools used in attack surface management help identify attack surfaces more precisely and respond to changes in risk situations.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
