CrowdStrike and Rockwell Automation have announced a partnership to help joint customers secure the expanded threat surface of the industrial control systems (ICS) and operational technology (OT) controlling our energy, manufacturing our goods and operating our medical equipment. This has been a greenfield area for security due to the real-time nature of these systems and the need for continuous availability.
The Problem
Today, the need for extending security controls in the ICS/OT area is most evident in the manufacturing sector, based on the intersection of the threat landscape and the digital transformation of the business. According to the CrowdStrike 2021 Threat Hunting Report, CrowdStrike Intelligence found that the manufacturing sector was the second most targeted industry by ransomware attacks from July 2020 to June 2021. This unique vertical is being targeted by both state-sponsored and eCrime actors.
While destructive operations affecting ICS/OT environments that originate from select targeted intrusion adversaries are not likely to be aimed at manufacturing sector entities, these environments may be targeted in economic espionage campaigns that seek data repositories or other confidential business information — which can impact operational facilities. CrowdStrike Intelligence has identified several ransomware families used by eCrime adversaries that are capable of terminating OT processes in Windows systems, as evidenced by Ekans ransomware.
The CrowdStrike Solution
CrowdStrike delivers the visibility and protection that organizations need to secure OT environments. The CrowdStrike Falcon® platform leverages real-time threat intelligence on evolving adversary tradecraft, indicators of attack and enriched telemetry from across the enterprise to deliver deep visibility, hyper-accurate detections and automated protection. The platform's cloud-native architecture and lightweight agent were purpose-built to scale across enterprise environments — delivering unprecedented efficacy against a wide variety of threats without impacting user or system performance.
As a result, customers can quickly deploy basic endpoint detection and response (EDR) in a matter of minutes and be able to stream important events such as network connections, registry information and system properties directly to the cloud upon detection for retention and analysis. Unique attacks are analyzed by machine learning and our threat intelligence team to aid in remediation. Falcon is designed as an extensible solution that ensures new security countermeasures can be added to the platform seamlessly. The Falcon agent requires minimal inbound connectivity, and deployments can support a full Purdue model in Level 2/3 or 3.5 with a proxied environment to handle this connection.
Partnerships
We are excited to work with Rockwell to address the challenges in the manufacturing vertical as well as other key verticals that Rockwell supports. Rockwell has used CrowdStrike since 2020 as its corporate standard to test its products at the time of release. The partnership expands this relationship to deliver CrowdStrike products and services coupled with Rockwell’s industrial security services to give the customer a full breadth of protection to address the needs of security teams and also the operational teams responsible for the 24/7 availability of the plant.
This is a continued effort from CrowdStrike to work with manufacturers as they build out security products and services for their critical environments. We recently announced a partnership with Nihon Kohden, a global leader in precision medical products and service — it has validated and certified CrowdStrike and is providing a service to its customers to meet the needs of the healthcare industry.
Partnering for Success in ICS and OT environments
We are excited about our expanding partnerships that together bring our unique experience and solutions to help joint customers secure the expanding threat surface of ICS and OT environments against the continuously evolving threat landscape targeting this sector. The Falcon platform offers real-time protection and visibility across operational facilities, preventing attacks on endpoints on or off the network, and by partnering with Rockwell and other strategic partners in manufacturing and other verticals, we’re creating best-of-breed solutions that will meet the strident demands of the industrial IoT space.
Additional Resources
- Learn more about IOT.
- Read the Rockwell press release.
- View the Rockwell, CrowdStrike and Dragos webcast.
- Read the Claroty solution brief.
- Watch the CrowdStrike and Claroty joint demo video.
- Learn more about Claroty’s participation in the CrowdXDR Alliance.
- Read the Dragos solution brief.
- Watch the CrowdStrike and Dragos joint demo video.
- Read our blog on “HIMSS and Beyond: What’s Next in Healthcare Security.”