Let’s get your OT Network Optimized and Secured!
“Your Network represents the blood vessels of your OT operation. Keeping it optimized & protected is making a conscious decision to choose striving over bleeding!”
Founder & CEO: Tamer Soliman
DESIAGO is IPR’s consulting and integration name brand. With the critical infrastructure domain as its primary focus, DESIAGO addresses the domain’s consulting & integration needs across the scope of Network, Network Security, secure remote access and IIoT. DESIAGO is vendor agnostic and works with multiple network , network security, secure remote access and IIoT partners. Regardless of your vendor of choice, we are here to help. Being vendor agnostic enables DSIAGO to make the most unbiased recommendations to power and secure your OT environment.
And there you have it, the unbiased domain specific expertise, ready to power and secure your OT environment .
Let’s get started!
To maximize our customers’ ROI, DESIAGO has established partnerships with the industry leading vendors in Network, Network Security, Intrusion Detection, Intrusion Prevention and Secure Remote Access/Operation. Concurrently, IPR is investing in cutting-edge IIoT and Machine Learning solutions geared towards the future of OT networks. While IIoT significantly enhances the reliability, efficient and safety of OT operations, Machine Learning (ML) is essential for the next generation transformation of the critical infrastructure sectors. ML can help facilitate Anomaly Detection, Network Security and Events Correlation, without the need for an Internet connection or Cloud access, a classic problem conventional solutions fail to address.
Building secure robust critical infrastructure networks that meet the ever challenging unique requirements of the domain requires both, the expertise and the right methodology that goes with it. It is never a one time exercise, rather a continuous process. The process starts with an assessment of both the operational requirements & existing infrastructure, developing the network & security design, a deployment phase, followed by verification & testing. The continuously monitoring and management of the network/security infrastructure, staying current with patches & security updates, and identifying areas to improve, completes the cycle ensuring the health and security of the OT network.
Bringing it together..
We use a simple methodical process for our network and security deployment, here is a sneak peek.
Let’s better understand the process by breaking down its elements in more details…
Network & Security Assessment:
A full network and security assessment of the OT network infrastructure spanning the network architecture, network configuration, security configuration, users/user-groups, sites, remote access/operation, third party access and the connection to the enterprise network. The assessment evaluates the different elements of the infrastructure in lights of the best OT design & implementation practices, industry standards, as well as, the industry regulations relevant to the specific application (e.g., IEC-61850 and NERC-CIP for power utilities). With regards to security, there are a number of industry specific standards/regulations that come to play depending on the critical infrastructure sector you are in and your geographic location. Here is a list of the most common security standards we often address:
- NIST framework
Based on the assessment a report is generated highlighting the recommendations identified to be the key building blocks for a more robust and secure OT network. The assessment report would include:
- A detailed report on the current state of operation (network, security and related processes)
- Technology recommendations covering equipment, protocols and methods
- Design recommendations laying the design building blocks required to achieve the desired network reliability, security and ensure compliance
- Recommendations on required, role based, network & security training for staff members
- Recommendations on changes to processes in order to ensure the security measure implemented are utilized and effective
Network & Security Design:
Based on the assessment report and the recommendations included, a full detailed network and security design shall be developed. The design would typically include:
- A High level topology diagram
- A detailed IP plan reflecting necessary changes and/or updates
- A set of network design diagrams
- Network connectivity diagrams
- Network segmentation and VLANs diagrams
- Switching configuration diagrams (MSTP/ RSTP / Port configuration)
- Routing configuration diagrams
- Traffic prioritization configuration diagrams
- A set of network security diagrams to include:
- Firewalls, IPS and IDS configuration diagrams
- Protocol Gateway configuration diagrams
- Remote access/operation plan and configuration diagrams
Network and Security Implementation:
Developing and executing a design implementation plan to cover:
- Based on the design, identify the changes/upgrades that need to take place
- Developing an implementation & migration plan that minimizes impact on operation
- Implementing the changes/upgrades as per the design
Verification and Testing:
Verging the design and implementation is a multi-step process:
- Review the implemented configuration and verifying the detailed design was followed in every step
- Network testing including functionality, fault tolerance, network re-convergence after a failure, redundancy and failover testing
- Security testing including both functionality testing and penetration testing as deemed required
- security standards checklist verification based on the industry specific standard recommended/mandated as deemed required
Network & Security Management:
To maintain a reliable network & security posture, continuous monitoring and management is required. A process that includes:
- Monitoring both the network and network security status using the appropriate monitoring solutions (NMS, SIEM, etc. )
- Staying up to date with network patches and security updates and having a process in place to
- Verify and test patches/updates
- Implement verified patches/updates in a way that minimizes impact on the critical operation
- Identifying issues as they develop and working fixes and work arounds as needed
- Learning from incidents on both the network and network security fronts.
- Identifying areas that require improvement and developing the necessary design changes and implementation plan
Ready to get started? Submit your contact details below and one of our experts will reach out to setup a call to discuss
Have a question? Drop us an email at: