Join us in-person to celebrate the launch of our first runZero Research Report! Learn more

Industrial Talk: OT Security vs IT and Passive Discovery vs Active Scanning

Overview

Industrial Talk chats with Huxley Barbee, Security Evangelist at runZero about “OT Security vs IT Security and Passive Discovery vs Active Scanning.” The following is a summary of the conversation:

Cybersecurity and OT with Huxley from runZero. (0:00)

  • Palo Alto Networks provides comprehensive security solutions for all assets, networks, and remote operations.
  • Huxley Barbee, security evangelist at runZero, discusses cybersecurity and the importance of staying connected and safe in the digital world.
  • Industrial Talk is a platform dedicated to amplifying voices and solving problems through various mediums, including podcasts, videos, and webcasts.

Cybersecurity in IoT, OT, and ICS environments. (4:36)

  • Security evangelist at Ron zero discusses chasm solution for cyber asset attack surface management.
  • Huxley highlights the importance of security in IoT and OT environments, emphasizing that it’s often an afterthought. -Scott MacKenzie agrees, noting that security should be a priority from the beginning of a project, rather than an add-on later on.

Industrial control systems security. (9:13)

  • Scott MacKenzie and Huxley discuss the importance of aligning security and operations in an organization, with Huxley highlighting the need for more conversations to understand the importance of including security in planning and decision-making.
  • Huxley notes that operational teams may prioritize mechanical problems over security updates, but this can lead to negative consequences, such as security breaches or outages, which can affect the way devices operate.
  • Huxley emphasizes the importance of knowing what assets are present in an OT or ICS environment for proper security controls.

Cybersecurity risks in industrial control systems. (14:04)

  • Huxley emphasizes the importance of selecting security controls commensurate with the value of assets.
  • Huxley highlights the irony of introducing security measures to avoid outages, only to inadvertently cause them.
  • Vendors and devices create variety and complexity in IoT security.

Active scanning techniques for IoT devices. (20:02)

  • Huxley explains how active scanning techniques can cause real-world problems, such as network outages, due to the way they are implemented.
  • Huxley highlights the bias against active scanning that has developed as a result of poor deployments in the past.
  • Huxley argues that active scanning can be safe for OT and ICS environments with proper development.

Active scanning vs passive device discovery in cybersecurity. (24:19)

  • Active scanning involves customizing security measures based on specific devices, while passive discovery tends to be more costly and effortful.
  • Huxley discusses the challenges of passive discovery in network traffic analysis, including the need for multiple collectors and the difficulty of deploying collectors in the right locations.
  • Huxley also highlights the advantages of active scanning over passive discovery, including the ability to be targeted and thorough in gathering information.

OT security challenges and ransomware attacks. (28:58)

  • Organizations prioritize availability over security in OT environments, leading to potential exposure to penetration.
  • Huxley predicts decrease in cyber attacks due to increased payoffs.
  • Huxley believes there are more adversaries lurking in OT environments than known breaches, with a ratio of 50x on the OT side compared to 5x on the IT side.
  • Huxley thinks nation-state actors are waiting for political and military situations to make their moves, while financially driven actors are waiting for the right opportunity to strike.

Security programs and protocols for OTC organizations. (35:48)

  • Scott MacKenzie and Huxley discuss the importance of security programs in organizations, with Huxley mentioning the need for a security program at every organization with an OTC.
  • Huxley will be at the ICS village conference, showcasing runZero’s solutions for detecting protocols and devices in a mock network environment.

Cybersecurity and industry connections. (39:45)

  • Huxley shares his expertise on cybersecurity and asset protection in the industrial sector.

Meet Our Speakers

Huxley Barbee

Former Security Evangelist

Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Related Resources

Podcasts
Oil and Gas Upstream
Huxley Barbee discusses why and how cybersecurity for operational technology (OT) and industrial control systems (ICS) including oil and gas...
Read More
Podcasts
Risky Biz Interview: Breaking apart OT protocols
runZero's Rob King on the how and why of reverse engineering for active discovery
Read More
Podcasts
ExpedITioners Podcast: The modern divergence of environments and security methodologies
In this episode, Zach and Huxley talk about the modern divergence of environments and security methodologies.
Read More
Podcasts
Infosec Toolshed: Metasploit: Why did he do it?
Every top 10 list of security tools includes Metasploit. But how did the project get started?
Read More

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

Try It Free
© Copyright 2024 runZero, Inc. All Rights Reserved