Don't think he spoke about this but would you split up zones, like manufacturing, into sub-zones (vlans) that were protected by its own VRF to control east/west threat proliferation? Or is there little worry about 1 PLC somehow infecting another manufacturer PLC and instead the worry is a compromised PLC can then reach up to the SCADA server and it can then shut down everything. Just trying to figure out how flat or segmented we should make our networks.
Very informative, and interesting! Thanks, and much appreciated! If I could suggest a similar session on risk assement/ tolerable risk (IEC 62443-3-2) for future vidoes?
This is a good starting point but in fact conduits are just firewall rules and you may need to enhance the OOTB capabilities of NGFW with extra insights from the likes of Claroty or Nozomi to make the inspection (controls) more accurate and offer a more astute level of detail - even if your FW has OT specific capabilities to recognize the more common protocols like Modbus and Profinet...you may not understand the flows and the involved risk - In terms of compartmentalization - your mileage may vary - some orgs. just isolate part of OT locally (containment of endpoints close to industrial estate) - other more integrated flows may need to be contained in VRF's mapping to zones for transport to datacenter or cloud based IT systems (warehouse management systems or ERP systems) etc. So it's a set of guiding principles and best current practices..to be implemented with respect to snowflake like use cases...
Great video. Thanks for uploading.
Thank you for this video I am starting my first class in the IT realm and this video is helping me understand things much clearer.
this is amazing! thank you very much!!
Good One, Practical One, Thanks for your time sir. where to get the PPT ?
Don't think he spoke about this but would you split up zones, like manufacturing, into sub-zones (vlans) that were protected by its own VRF to control east/west threat proliferation? Or is there little worry about 1 PLC somehow infecting another manufacturer PLC and instead the worry is a compromised PLC can then reach up to the SCADA server and it can then shut down everything. Just trying to figure out how flat or segmented we should make our networks.
Most attacks will come from IT side. I would not worry about having 2 PLCs in the same VLAN.
Awesome video
Great, thanks
Very informative, and interesting! Thanks, and much appreciated! If I could suggest a similar session on risk assement/ tolerable risk (IEC 62443-3-2) for future vidoes?
Excellent info!
Very informative
This is a good starting point but in fact conduits are just firewall rules and you may need to enhance the OOTB capabilities of NGFW with extra insights from the likes of Claroty or Nozomi to make the inspection (controls) more accurate and offer a more astute level of detail - even if your FW has OT specific capabilities to recognize the more common protocols like Modbus and Profinet...you may not understand the flows and the involved risk - In terms of compartmentalization - your mileage may vary - some orgs. just isolate part of OT locally (containment of endpoints close to industrial estate) - other more integrated flows may need to be contained in VRF's mapping to zones for transport to datacenter or cloud based IT systems (warehouse management systems or ERP systems) etc. So it's a set of guiding principles and best current practices..to be implemented with respect to snowflake like use cases...
Good talk!