News
Vendors

Cyolo reveals insights into OT cybersecurity threat landscape from KuppingerCole; releases Cyolo 4.3 for enhanced security

September 27, 2023
Cyolo raises US$60 million Series B round, will offer greater visibility, traceability, control to digital transformation initiatives

Cyolo, in partnership with KuppingerCole, released an industry analysis focused on zero trust and remote access for operational technology (OT) environments. The analysis reveals key insights about the OT cybersecurity threat landscape, outlines high-level security architecture for OT, critical infrastructure systems (CIS) and industrial control systems (ICS), and evaluates key requirements of security regulations and frameworks.  

The KuppingerCole survey identifies that both OT and IT need rigorous security measures such as strong and risk-adaptive authentication and policy-based access controls. Some tools for IT can work well in OT environments. Moreover, some OT environments are subject to regulatory requirements that mandate specific security controls and additional audit compliance capabilities. 

OT environments experience the same kinds of threats as enterprise IT – including ransomware, account takeovers, APTs, and supply chains as vectors – while experiencing expanded OT-specific threats. While traditional IT security tools may be adapted, developing robust security architectures for OT environments is inherently complex compared to their IT counterparts. Its unique nature, from equipment and software to communication protocols requires dedicated OT security solutions. 

Overall key insights of the KuppingerCole survey include: 

  • OT threat landscape. Heightened geopolitical factors have intensified attacks on OT and ICS, posing significant consequences ranging from operational disruptions and service denial to financial repercussions and potential harm to human well-being. 
  • Core cybersecurity regulations. The risks and consequences of cyber-attacks against critical infrastructure advanced regulations globally mandating secure architectures and technical controls. KRITIS and the follow-on IT Security Act 2.0 are related examples of such regulations, as well as the NIST Cybersecurity Framework. 
  • OT security architectures and key functionalities. There are eight areas of functionality that are central to effective OT security architectures. Cybersecurity architectures for OT must address asset discovery, access control, IT security tool integration, detection and response capabilities, and OT protocol level threats.

“Cyolo can help organizations with OT infrastructure to define and manage access control to those complex environments,” John Tolbert, lead analyst at KuppingerCole, said in a media statement. 

“Ensuring the security of critical infrastructure and industrial processes has become increasingly critical as organizations unite their IT and OT systems,” said Joe O’Donnell, vice president of ICS/OT at Cyolo. “This convergence has expanded the OT threat landscape and introduced significant cybersecurity challenges, as the once-isolated OT networks are now vulnerable to the same threats that have targeted IT networks for years. With Cyolo 4.3, industrial entities can confidently navigate the complexities of the modern threat landscape and fortify their defenses against evolving cyber threats.”

As the analysis breaks down, within critical infrastructure interruptions and downtime are not an option. To address the increasing need for secure access in OT environments, Cyolo introduced Cyolo 4.3, which expands key capabilities with more layers of security and makes the product easier than ever to use for both administrators and end users in the industrial space.   

With Cyolo 4.3, industrial organizations will be able to extend their multi-factor authentication (MFA) across environments through an integration with Duo Security to support their physical tokens as required. 

Additionally, the company has implemented another layer of security for file transfer within the OT/ICS environment, through query anti-virus software to scan files before they are delivered to their destination. Cyolo is also adapting for further usability, allowing teams to securely invite external users by generating a secure one-time password; and import groups from existing IdPs, using SCIM.

The announcement of Cyolo 4.3 highlights the company’s commitment to advancing zero-trust capabilities and it comes on the heels of Cyolo being listed as a Representative Vendor in the 2023 Gartner “Market Guide for Zero Trust Network Access” report for the second consecutive year and recognized by Frost & Sullivan with the 2023 North American New Product Innovation Award for Secure Remote Access to Operational Infrastructure and Industrial Control Systems (OT/ICS). 

As the threats to critical infrastructure continue to evolve, Cyolo’s zero-trust access solution continues to provide the utmost protection and ease of use.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation