OT Security’s Driverless Car Moment

The Disruptive Shift in OT Security

Have you ever been in a driverless car? One in which there is no steering wheel. It can be very disconcerting. It represents a leap from today’s Tesla full self-driving where the car drives itself, but all of the “backup technology” is still available for a human driver to take over. The steering wheel, brakes, and accelerator are all removed in a driverless car. The backups are all digital backups, not human ones.

Rethinking Firewalls in OT Secure Remote Access

That’s analogous to a situation that occurred with one of our most innovative, forward-thinking customers. The CIO and CISO asked the questions: If these firewalls that used to protect us are now increasingly the entry point into our network, and BlastWave can protect the firewalls, why do we need the firewalls at all? Do the “next-gen” capabilities (from 2008), like built-in IDS, really matter if they’re getting hacked anyway? Can the fact that BlastWave cloaks all of the devices on the network with zero exposed web services prior to PKI authentication (that is, passwordless MFA) eliminate the need for those firewalls? Can this protect the IT and OT network? The conclusion those early adopters made was “yes!” They decided to remove the steering wheel and add in additional defense-in-depth tools that work in reality.

The Challenges of Traditional Firewalls in OT Security

And let me take a moment to say that firewalls absolutely can provide protection if they are configured and maintained correctly at all times. This requires more ongoing OPEX with expert headcount to actively manage these expensive devices. It can all work—if usernames and passwords aren’t compromised. It can work if human error doesn’t occur. But an adversary only has to be successful once. Defenders have to have a combination of perfection and resilience, which is hard. And let’s be honest, firewalls have been proven to be insufficient in stopping breaches. After all, approximately 100% of breaches already have a firewall.

Network Cloaking: A Game-Changer for OT Security

By contrast, the BlastShield solution that cloaks, segments, and protects networks has been pounded on by some of the most premier red teams and pen testers and is undefeated: 0% breaches with dozens of thousands of endpoints being protected today. That does not mean it’s unhackable—everything is. It does mean that under live fire, in the real world, like driverless cars, the early adopting customer is much better off.

The Business Case for Zero-Trust Network Segmentation

Our customers save 75% in upfront costs and at least 50% in ongoing headcount and OPEX costs while deploying in one-tenth the time, without downtime. And when paired with a Nozomi, Dragos, Darktrace, or other sophisticated visibility and monitoring solutions, the solution actually works in reality.

A Rapid Deployment for Next-Gen OT Security

This innovative CIO and CISO made the decision to take that leap on a Friday and plan to have the solution tested and purchased in less than a month. Deployment will take another month. And then their network is protected.