Case Studies

Operational Technology Network Security Monitoring

Operational Technology Network Security Monitoring
Posted in Azure, Digital Workplace Solutions, Food and Beverage, Internet of Things (IoT)

Summary

DMC implemented Microsoft Defender for IoT across 20 sites worldwide for a company in the food and beverage industry.

Solution

Operational Technology, used in factory automation, faces a growing number of cybersecurity threats. Microsoft's Defender for IoT (MD4IoT) monitors these networks for malicious and unusual activity, provides alerts, and notifies users of vulnerabilities that require remediation.

MD4IoT goes beyond monitoring computers on a network. It can scan, detect, and report on OT equipment such as PLCs, HMIs, VFDs, and more. This information is aggregated into a local dashboard on the MD4IoT appliance and in the Azure dashboard for the product. It is ingestible by SOC software like Service Now (SNOW), Splunk, and LogRhythm.

DMC’s client reached out to get AD4IoT implemented at their various sites across the globe. We implemented the program in four phases: Discovery, Design, Deployment, and Operationalization.

Discovery

DMC began by collaborating with the client site and their third-party vendor to remotely gather information from the client’s existing network. We developed a questionnaire, and the answers helped us to determine the type of network the client used, the types of devices used, and the number of devices on that network. Our discovery included switch diagnostic information, which allowed developing detailed network diagrams and device relationships.

Design

Using the information gathered during the discovery phase, DMC built a map that plotted the connections between switches at each site. Once we had a thorough understanding of how each switch was connected, we created switch configurations to route OT traffic via SPAN/RSPAN to the central manager.

RSPAN was used for the distribution switches and SPAN was used for traffic mirroring to the sensor. We then developed commands for the sensor that was to be installed. The sensor is a local AD4IoT instance that aggregates traffic and sends data to the global central manager instance of MD4IoT used for reporting.

Deployment

Next, DMC installed the MD4IoT operating system, which is Ubuntu based, on the client-provided Dell R350 PowerEdge Server at each site. There were three network ports to configure on the server: one that was used for AD4IoT Management, one used for ingesting SPAN data, and one used for Dell server administration (iDRAC).

We reconfigured their network by adding around 15 – 20 configuration changes for each distribution and core switch. To minimize risk and issues that are likely to occur in OT Networks such as the high traffic caused by high-definition cameras, we performed thorough testing.

Operationalization

DMC then made improvements to the monitored targets and subnets that the SPAN brought in. We also applied alert filtering to reduce anomalies and false positives in reports. Any alert determined to be a false positive was cleared and filtered so that future alerts provided the most meaningful data.

Each server was connected to a central manager, which allowed the client to access data from multiple sites via a single pane of glass. DMC then conducted administrator training for IT and OT personnel so that they could operate the AD4IoT sensor appropriately.

Learn more about DMC's Microsoft Azure Cloud Solutions and Services expertise and contact us today for your next project.

Customer Benefits

  • Ability to access data from multiple sites through a single interface
  • Real-time network inventory
  • Real-time alerts for network and equipment vulnerabilities
  • Improved performance and reliability
  • DMC has the ability to implement this solution both locally and remotely. The latter allows us to implement multiple sites in days vs weeks.
  • DMC has an in-house cybersecurity lab with an MD4IoT sensor installed that allows testing for future and present client implementations.

Technologies

  1. Microsoft Defender for IoT
  2. Dell Servers and iDRAC
  3. Microsoft Azure