In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.
Over the last 12 months, the Splunk IoT, Manufacturing and Energy team has worked with hundreds of customers exploring how best to secure their OT environments. From these many interactions, we have observed three common patterns:
Perhaps unsurprisingly, most of the organizations we interact with are actively seeking to better understand how, where, when and how much they should rely upon Splunk technology to aid them on this journey. The fact that Splunk’s role in OT and the benefits it might deliver were not self-evident was a key motivation for our decision to invest in the Splunk for OT Security solution.
In August 2020, we announced the availability of the OT Security Add-on for Splunk for users seeking to monitor OT environments better. Today, we are excited to announce version 2.0.1 of the solution, which includes several significant enhancements:
The impact of applying Splunk for OT Security can be immediate. For example, circling back to threats revealed in the last 90 days, organizations concerned about the Oldsmar attack who are using Splunk for OT Security would benefit in several ways:
The Splunk for OT Security content steers directly into the pain points we hear from organizations looking to do more to increase their OT security posture and visibility. With tight alignment to the MITRE ATT&CK for ICS framework, a bevy of new integrations to first-class OT inventory discovery / anomaly detection platforms and the potential for even under-staffed SOCs to increase the pace and quality of investigations using Phantom, we look forward to working with our customers to advance the security of their OT environments.
To learn more about applying the Splunk Security Operations Suite within OT contexts, watch this overview presentation, review the latest documentation here or download the OT Security Add-on for Splunk. For any questions, comments or ideas, don’t hesitate to reach out to us directly.
----------------------------------------------------
Thanks!
Ed Albanese
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.