easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114The turtle, protected by its hard shell, is a good metaphor for the security model used in most industrial networks. The industrial DMZ (iDMZ) is the shell that protects the soft, vulnerable\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n The turtle, protected by its hard shell, is a good metaphor for the security model used in most industrial networks. The industrial DMZ (iDMZ) is the shell that protects the soft, vulnerable center\u2014the industrial control systems (ICS) the business depends on.<\/p>\n But while the iDMZ blocks most threats, some will inevitably slip through. When they do, they can move sideways from device to device, potentially causing downtime and information leakage. Giving traffic free rein once it makes it past the iDMZ conflicts with the zero-trust security principle to never trust, always verify. And as companies look to \u201cdigitize\u201d manufacturing and apply more cloud-based services also known as Industry 4.0, more devices need access to production systems.<\/p>\n You can limit the spread of malware that makes it past the iDMZ using a technique called micro-segmentation<\/a>. The idea is to tightly restrict which devices can communicate and what they can say, confining the damage from cyberattacks to the fewest number of devices. It\u2019s an example of zero-trust in action: instead of taking it on faith that devices only talk to each other for legitimate reasons, you lay down the rules. An HVAC system shouldn\u2019t be talking to a robot, for example. If it is, the HVAC system may have been commandeered by a bad actor who is now traipsing through the network to disrupt systems or exfiltrate information.<\/p>\n So why isn\u2019t every industrial organization already using micro-segmentation? The barrier I hear most often from our customers is a lack of security visibility. To micro-segment your network you need to know every device connected to your network, which other devices and systems it needs to talk to, and which protocols are in use. <\/em>Lacking this visibility can lead to overly permissive policies, increasing the attack surface. Just as bad, you might inadvertently block necessary device-to-device traffic, disrupting production.<\/p>\n Good news: Cisco and our partner Rockwell Automation have integrated security visibility into our Converged Plantwide Ethernet (CPwE)<\/a> validated design. With Cisco Cyber Vision<\/a> you can quickly see what\u2019s on your network, which systems talk to each other, and what they\u2019re saying. One customer told me he learned from Cyber Vision that some of his devices had a hidden cellular backdoor!<\/p>\n Security visibility has three big payoffs. One is awareness of threats like that backdoor, or suspicious communications patterns like the HVAC system talking to the robot. Another benefit is providing the information you need to create micro-segments. Finally, visibility can potentially lower your cyber insurance premiums. Some insurers give you a discount or will increase coverage limits if you can show you know what\u2019s connected to your network.<\/p>\n Once you understand which devices have a legitimate need to communicate, explicitly allow those communications by creating micro-segments, defined by the ISA\/IEC 62443 standard<\/a>. Here\u2019s a good explanation of how micro-segments work<\/a>. Briefly, you create zones containing a group of devices with similar security requirements, a clear physical border, and the need to talk to each other. Conduits are the communication mechanisms (e.g. VLANs, routers, access lists, etc.) that allow or block communication between zones. In this way, a threat that gets into one zone can\u2019t easily move to another.<\/p>\n Both Cisco and Rockwell Automation provide tools for segmenting the network. Use Cisco Identity Services Engine (ISE)<\/a> for devices that communicate via any industrial protocol, including HTTP, SSH, telnet, CIP, UDP, ICMP, etc. For your CIP devices, you can enforce even tighter controls over traffic flow using Rockwell Automation\u2019s CIP Security<\/a>, which secures production networks at the application level. We have several Cisco Validated Designs (CVDs) on a range of security topics, many jointly developed and tested with Rockwell. Examples of our collaboration with Rockwell include Converged Plantwide Ethernet, or CPwE<\/a>, and the recently added Security Visibility for CPwE<\/a> based on Cisco Cyber Vision.<\/p>\n Combining an iDMZ with micro-segmentation is like blending the protective abilities of a turtle and a lizard. Like the turtle\u2019s shell, the iDMZ helps keep predators out. And like lizards who can drop their tails if a predator gets hold, micro-segmentation limits damage from an attack.<\/p>\n Bottom line: To get started with micro-segmentation\u2014and potentially lower your cyber insurance premiums\u2014use Cyber Vision<\/a> to see what devices are on your network and what they\u2019re saying.<\/p>\n Network Security within a Converged Plantwide Ethernet Architecture Design and Implementation Guide<\/a> \u00a0\u00a0Industrial cybersecurity needs granular security policies. This requires visibility into what assets are connected. Learn how Cisco and Rockwell are enabling OT visibility into CPwE with Cyber Vision.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n The turtle, protected by its hard shell, is a good metaphor for the security model used in most industrial networks. The industrial DMZ (iDMZ) is the shell that protects the soft, vulnerable\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n The turtle, protected by its hard shell, is a good metaphor for the security model used in most industrial networks. The industrial DMZ (iDMZ) is the shell that protects the soft, vulnerable center\u2014the industrial control systems (ICS) the business depends on.<\/p>\n But while the iDMZ blocks most threats, some will inevitably slip through. When they do, they can move sideways from device to device, potentially causing downtime and information leakage. Giving traffic free rein once it makes it past the iDMZ conflicts with the zero-trust security principle to never trust, always verify. And as companies look to \u201cdigitize\u201d manufacturing and apply more cloud-based services also known as Industry 4.0, more devices need access to production systems.<\/p>\n You can limit the spread of malware that makes it past the iDMZ using a technique called micro-segmentation<\/a>. The idea is to tightly restrict which devices can communicate and what they can say, confining the damage from cyberattacks to the fewest number of devices. It\u2019s an example of zero-trust in action: instead of taking it on faith that devices only talk to each other for legitimate reasons, you lay down the rules. An HVAC system shouldn\u2019t be talking to a robot, for example. If it is, the HVAC system may have been commandeered by a bad actor who is now traipsing through the network to disrupt systems or exfiltrate information.<\/p>\n So why isn\u2019t every industrial organization already using micro-segmentation? The barrier I hear most often from our customers is a lack of security visibility. To micro-segment your network you need to know every device connected to your network, which other devices and systems it needs to talk to, and which protocols are in use. <\/em>Lacking this visibility can lead to overly permissive policies, increasing the attack surface. Just as bad, you might inadvertently block necessary device-to-device traffic, disrupting production.<\/p>\n Good news: Cisco and our partner Rockwell Automation have integrated security visibility into our Converged Plantwide Ethernet (CPwE)<\/a> validated design. With Cisco Cyber Vision<\/a> you can quickly see what\u2019s on your network, which systems talk to each other, and what they\u2019re saying. One customer told me he learned from Cyber Vision that some of his devices had a hidden cellular backdoor!<\/p>\n Security visibility has three big payoffs. One is awareness of threats like that backdoor, or suspicious communications patterns like the HVAC system talking to the robot. Another benefit is providing the information you need to create micro-segments. Finally, visibility can potentially lower your cyber insurance premiums. Some insurers give you a discount or will increase coverage limits if you can show you know what\u2019s connected to your network.<\/p>\n Once you understand which devices have a legitimate need to communicate, explicitly allow those communications by creating micro-segments, defined by the ISA\/IEC 62443 standard<\/a>. Here\u2019s a good explanation of how micro-segments work<\/a>. Briefly, you create zones containing a group of devices with similar security requirements, a clear physical border, and the need to talk to each other. Conduits are the communication mechanisms (e.g. VLANs, routers, access lists, etc.) that allow or block communication between zones. In this way, a threat that gets into one zone can\u2019t easily move to another.<\/p>\n Both Cisco and Rockwell Automation provide tools for segmenting the network. Use Cisco Identity Services Engine (ISE)<\/a> for devices that communicate via any industrial protocol, including HTTP, SSH, telnet, CIP, UDP, ICMP, etc. For your CIP devices, you can enforce even tighter controls over traffic flow using Rockwell Automation\u2019s CIP Security<\/a>, which secures production networks at the application level. We have several Cisco Validated Designs (CVDs) on a range of security topics, many jointly developed and tested with Rockwell. Examples of our collaboration with Rockwell include Converged Plantwide Ethernet, or CPwE<\/a>, and the recently added Security Visibility for CPwE<\/a> based on Cisco Cyber Vision.<\/p>\n Combining an iDMZ with micro-segmentation is like blending the protective abilities of a turtle and a lizard. Like the turtle\u2019s shell, the iDMZ helps keep predators out. And like lizards who can drop their tails if a predator gets hold, micro-segmentation limits damage from an attack.<\/p>\n Bottom line: To get started with micro-segmentation\u2014and potentially lower your cyber insurance premiums\u2014use Cyber Vision<\/a> to see what devices are on your network and what they\u2019re saying.<\/p>\n Network Security within a Converged Plantwide Ethernet Architecture Design and Implementation Guide<\/a>The answer is micro-segmentation\u2014but there\u2019s a barrier<\/h2>\n
Gain visibility into what\u2019s on the network and how they\u2019re talking<\/h2>\n
Visibility sets the stage for micro-segmentation<\/h2>\n
A lesson from nature<\/h2>\n
To learn more about how Cisco and Rockwell can help strengthen OT\/ICS security with visibility for CPwE, join us for a webinar on November 14. Register here<\/a>.<\/strong><\/h3>\n
Learn more<\/h2>\n
\nDeploying CIP Security within a Converged Plantwide Ethernet Architecture Design Guide<\/a>
\nCPwE Identity and Mobility Services<\/a>
\nCPwE Industrial Demilitarized Zone<\/a>
\nIndustrial Automation Security Design Guide 2.0<\/a><\/p>\nThe answer is micro-segmentation\u2014but there\u2019s a barrier<\/h2>\n
Gain visibility into what\u2019s on the network and how they\u2019re talking<\/h2>\n
Visibility sets the stage for micro-segmentation<\/h2>\n
A lesson from nature<\/h2>\n
To learn more about how Cisco and Rockwell can help strengthen OT\/ICS security with visibility for CPwE, join us for a webinar on November 14. Register here<\/a>.<\/strong><\/h3>\n
Learn more<\/h2>\n
\nDeploying CIP Security within a Converged Plantwide Ethernet Architecture Design Guide<\/a>
\nCPwE Identity and Mobility Services<\/a>
\nCPwE Industrial Demilitarized Zone<\/a>
\nIndustrial Automation Security Design Guide 2.0<\/a><\/p>\n