ForeScout Technologies has acquired SecurityMatters for $113 million as part of an effort to extend the reach of its cybersecurity offerings into the realm of operational technology (OT) platforms for IoT.
Jonathan Connet, director of corporate strategy for ForeScout Technologies, said that the more OT platforms become connected to the networks within the context of an Internet of Things (IoT) initiative, organizations are being confronted with a host of cybersecurity issues that most of them are not yet prepared to address.
SecurityMatters provides device visibility, continuous network monitoring and threat and anomaly detection without requiring agent software to be deployed on an OT platform. ForeScout Technologies and SecurityMatters already have a two-year alliance, but as product development continued to evolve, it became apparent that tighter levels of integration would be required as IT and OT cybersecurity continue to converge, Connet said.
Sometime in the first quarter, for example, ForeScout Technologies plans to unveil a common console through which the management of IT and OT cybersecurity can be unified, he noted.
Cybersecurity in OT environments is already a critical issue. A recent Forrester reports notes 79 percent of organizations with a SCADA/ICS network have suffered a breach in the past 24 months. Connet said those cyberattacks can be a lot more lethal in terms of the amount of damage inflicted when compared to an IT cybersecurity breach that might result in customer account records being stolen.
What makes cybersecurity so challenging in an OT environment is that unlike in an IT environment, there is no standardization when it comes to operating systems being employed. Many of the OT systems are based on closed proprietary operating systems that have only recently been connected to the internet, Connet said. He added that many of the decisions to connect those OT platforms to the internet were taken will little regard to the amount of malware those platforms might be exposed to every day.
Many of the principles that need to be applied to OT platforms will also be applicable at a network edge in IT environments, Connet noted. As more application workloads are distributed to the network edge, an agentless approach to monitoring and securing those platforms will also be required.
The biggest issue, of course, is that the rise of IoT and edge computing mean the attack surface that needs to be defended is increasing at a time when there is already a chronic shortage of cybersecurity professionals. Organizations of all sizes will need to find ways to enforce security policies at scale on everything from mobile computing devices to robots on a manufacturing shop floor.
It remains to be seen whether cybersecurity concerns might hinder rollout of IoT solutions. But if history is any guide, the promise of increased productivity usually trumps cybersecurity concerns. IT security teams will find themselves once again being asked to apply a cybersecurity overlay to a wide variety of platforms already running in a production environment.