BATTLE-TESTED CYBERSECURITYBATTLE-TESTED CYBERSECURITY

APPLICATION NOTEAPPLICATION NOTE

CyberX.io

SUMMARYACCELERATE NETWORK ACCELERATE NETWORK SEGMENTATION & ZERO TRUST SEGMENTATION & ZERO TRUST WITH CYBERXWITH CYBERX

IoT and Industry 4.0 initiatives increase operational efficiency — but they also increase your attack surface. Network segmentation and zero trust initiatives mitigate these risks by preventing threat actors from moving laterally (“East-West”) across networks to compromise critical assets.

Traditional segmentation approaches rely on manual, error-prone, and costly processes such as reviewing spreadsheets, log files, and switch information to understand how devices communicate with each other.

CyberX’s agentless IoT/OT security platform automates the most labor-intensive aspects of network segmentation projects and provides deep visibility into your IoT/OT environment. It discovers all IoT/OT assets, provides behavioral profiles for assets, and integrates with your existing firewalls so that you can segment networks faster and with lower risk.

• Discover all assets in minutes and view a network topology map with full visibility of the “digital terrain” — so you can design optimal segmentation policies without risking impact to critical processes.

• Automatically profile and group assets based on ports, protocols, subnets, manufacturer, device type, and application — so you can make informed decisions about how to segment them.

• Rapidly create segmentation rules through API-level integrations with leading firewall and NAC platforms.

• Perform automated threat modeling to test whether your segmentation stops adversaries from pivoting deeper into your networks.

• Integrate asset information with standard CMDBs such as ServiceNow.

• Immediately gain the benefits of the full CyberX platform including continuous threat monitoring

CyberX accelerates network segmentation by automatically discovering and profiling all your assets, showing how they communicate, integrating with firewall platforms, and providing automated threat modeling to test the effectiveness of your segmentation zones.

CyberX’s automated asset discovery and network topology mapping.

2

APPLICATION NOTE: Accelerate Network Segmentation and Zero Trust with CyberX

CyberX.io

Map the Digital Terrain Without Impacting Performance

Dive Deeper into Connections, Groups, and Behavior

CyberX continuously maintains an up-to-date inventory of all assets on your network. Minutes after being connected, CyberX provides detailed asset information such as MAC, IP, manufacturer, model, protocols, and type (HMI, PLC, camera, printers, etc.).

Unlike Nmap and other scanners that can bring down IoT/OT devices by actively probing them, CyberX uses passive, non-invasive Network Traffic Analysis (NTA) to identify devices, how information moves through your IoT/OT network, and how much bandwidth is consumed by each device.

The CyberX platform automatically groups assets based on their properties (ports, protocols, TCP application type, manufacturer, etc.) and generates a detailed network topology diagram. CyberX also identifies cross-subnet traffic so you can easily isolate IT from OT segments and choose which assets should be placed in Demilitarized Zones (DMZs).

In OT environments, the network topology diagram is typically based on the Purdue Model. Often, the Purdue Model is an initial first step in a network segmentation project, with Purdue levels serving as the starting zones for further segmentation. You can also use this information to segment all devices for a given production line.

Additionally, IoT/OT asset information can easily be integrated with standard CMDBs such as ServiceNow.

CyberX also shows you a heatmap of cross-subnet traffic, then allows you to drill down with just a click to verify the specific connections between those subnets. This allows you to see at a glance whether your existing segmentation policies are directing traffic as they should and discover the most efficient ways to further segment your networks.

Left: Automated asset discovery and network topology mapping for Building Management System (BMS).

Right: Detailed device information

automatically discovered by CyberX.

CyberX’s network interconnections heatmap shows how subnets communicate with each other.

3

APPLICATION NOTE: Accelerate Network Segmentation and Zero Trust with CyberX

CyberX.io

CyberX integrates with leading firewall platforms to facilitate the efficient creation of micro-segmentation rules. Using API-level integrations, you can import detailed asset information from CyberX into firewalls along with asset tags (protocol, device type, etc.) enabling you to rapidly create IoT/OT-aware policies.

Examples of IoT/OT-aware policies include:

• “HMIs can only communicate with PLCs using the BACnet protocol”

• “Only engineering workstations are allowed to program PLCs”

• “Unauthorized devices are not allowed to communicate between subnets”

Administrators can also use these tags to create Dynamic Access Groups (DAGs) in firewall platforms that support this capability, such as Panorama from Palo Alto Networks.

Test out the effectiveness of your network segmentation with CyberX’s automated IoT/OT threat modeling capability. Using proprietary analytics, CyberX analyzes your network topology and all vulnerabilities to predict the most likely path an attacker would take to compromise your “crown jewel” assets.

You can quickly visualize and simulate “what if?” scenarios that test whether your segmentation zones are truly sufficient against a targeted attack, allowing you to create the strongest possible segmentation strategy.

Rapidly Configure Granular Firewall Policies via API-Level Integrations

Proactively Address Risks & Attack Vectors

Beyond Network Segmentation: Continuous Threat Monitoring

Segmentation is just one part of a multi-layered, defense-in-depth strategy. By implementing CyberX to accelerate network segmentation, you immediately get the benefits of continuous threat monitoring as well as ongoing IoT/OT asset management, risk and vulnerability management, and detection of operational issues such as equipment malfunctions.

You also get bi-directional, API-level integration with existing IT security stacks (SIEMs, SOAR, ticketing, secure remote access, etc.) so you can leverage existing SOC training and workflows.

All of these elements are critical to maintaining a secure IoT/OT environment — throughout your network segmentation project and beyond.

We know what it takes.Funded by Norwest Venture Partners, Qualcomm Ventures, and other leading venture firms, CyberX delivers the only cybersecurity platform built by blue-team experts with a track record of defending critical national infrastructure. That difference is the foundation for the most widely deployed platform for continuously reducing IoT risk and preventing costly outages, safety and environmental incidents, theft of intellectual property, and operational inefficiencies. For more information, visit CyberX.io or follow @CyberX_Labs.

ABOUT CYBERX