Intel & Fortinet Partner Graylog: Cybersecurity Tips

Hi Ross. Can you please introduce yourself and your role at Graylog? 

 I’m Ross Brewer, and I serve as the Vice President and Managing Director for EMEA.

With years of experience in the cybersecurity sector, I have witnessed the changing requirements of organisations across EMEA.

I was particularly attracted to Graylog due to its unique capability to meet these needs directly with Security Information and Event Management (SIEM) solutions that offer threat detection, investigation, and response (TDIR) features.

These capabilities are powered by security analytics, event correlation, machine learning (ML) and artificial intelligence (AI)-based anomaly detection, and incident response workflows.

In my experience, there's a robust demand in key EMEA markets for both self-managed and cloud-based cybersecurity solutions. Graylog isn't just another provider - it's a strategic partner that offers unparalleled support to organisations navigating this complex landscape.

At Graylog, I have the opportunity to build and expand teams, while growing Graylog's presence across EMEA, fostering strong partnerships and enhancing customer outcomes.

Manufacturing remains the number one industrial target for cybercrime. Why is this the case, and what is the biggest factor in making it so? 

Let's talk about the drivers behind hacking. They aren’t just messing around - they are attempting to cause serious harm. Their goal? To throw a wrench in the works of critical infrastructure environments and for economic gains.

With regards to manufacturing, it is often like hitting the jackpot for cybercriminals. Why? Because it isn’t just about one company. An attack on manufacturing sends ripples through the entire supply chain and affects a whole network of connected businesses.

Think of it this way: when hackers target manufacturing, they're essentially trying to piggyback on these organisations to gain access to often much bigger targets. It's not just about one factory or one product line. They are targeting an entire ecosystem of companies, products, services - and ultimately, all the people who depend on them.

It's akin to knocking over the first domino in a really complicated pattern. One successful attempt can cause a chain reaction that is felt far and wide.

Digital transformation tends to open companies up to greater cyber security risks. As technology evolves, so do the methods of cyber criminals as they seek to identify and exploit new vulnerabilities. How can manufacturers balance their need for advancement with a dramatically evolving threat landscape? 

Smart manufacturing requires companies to generate and store more data than ever before. IDC forecasts that global data volumes will increase to 175 zettabytes by 2025 and IIoT (industrial internet of things) plays a key role in that growth. 

Collecting that data is only one piece of the puzzle. The data collected from smart appliances, for example, must be digested and evaluated in order to be useful. Via a series of sensors, devices, servers and endpoints for tracking, management and control - data is circulated for bi-directional communication.

However, with increased connectivity comes increased risk. The operational technologies that connect the Internet of Things (IoT) ecosystem to improve supply chain management, are also potential weak points that can be exploited by bad actors - compromising safety, operations, equipment, productivity and budgets.

As a result, attackers are targeting software, cloud or other third-party service providers to breach manufacturing supply chains.

This hyperconnectivity provides a number of benefits in manufacturing.

The real-time data exchange between systems, machines and processes exponentially improves operational efficiency.

The visibility helps to improve coordination between manufacturers, suppliers and distributors - creating a smarter and more agile manufacturing environment. But the sector is only as good as its service which needs to be prompt, accurate and without risk.

Therefore cybersecurity must be at the forefront of all digitisation efforts in the space. 

What are the biggest cybersecurity mistakes manufacturers make?

The World Economic Forum (WEF) defines cyber resilience as ‘the ability to anticipate, protect against, withstand and recover from any cyber-related event impacting manufacturing operations’. To do this, organisations need to improve their operational efficiency by automating threat detection and the response. 

Given the increasing sophistication of threat actors, relying solely on perimeter defences is a mistake the industry repeats.

As manufacturers have access to user activity, they can actively log and monitor this to identify malicious activity before it can transfer from the network to the manufacturing environment. For example, by monitoring API calls, manufacturers can gain visibility into data movements within their own networks.

The mistake is often just assuming that the bare minimum will do while focusing efforts on operations but they are missing a trick.

You wouldn’t overhaul the design of your home and fill it with nice things that allow you to function well while living there, and then go off to work and leave your door open. This is basically inviting criminals into your home.

Manufacturing operations are the same and will be unduly impacted if they aren’t first secure. Cybersecurity should undoubtedly always be the first port of call in a digital environment. 

What are SIEM solutions and how can manufacturers leverage SIEM solutions to enhance productivity while meeting compliance? 

Today gaps in security can be attributed to expanding attack surfaces but employing AI to underline security removes the reliance on human intervention 24/7.

For example, SIEM (security information and event management) systems can enhance security in manufacturing by providing real-time monitoring, threat detection, and incident response capabilities.

The SIEM system serves as the foundation for security operations, gathering log data from multiple sources - servers, apps, network devices, security technologies - and centralising it under one roof. This enables an essential overarching view of everything happening throughout the entire IT environment.

The ability for SIEM to correlate and normalise this heterogeneous data is one of the main advantages.

However, making sense of the logs is just as important as gathering them. SIEM systems are able to detect irregularities that could point to a security issue more readily when logs from various sources are formatted uniformly.

By using advanced analytics and machine learning, these systems can identify potential security threats which prompts automated responses to mitigate risks.

Customisable dashboards and reports help maintain compliance with industry regulations and improve operational efficiency. Hence SIEM is a fairly crucial component of modern cybersecurity tactics. 

IoT is a major contributor to manufacturing’s cyber security vulnerabilities, due to a disconnect between operational teams and IT workers. What's your perspective on this? 

The rapid growth of IoT devices has the potential to transform how we interact with technology in our daily lives. Yet, the proliferation of interconnected devices hasn't been matched with appropriate regulatory oversight, creating some significant security concerns.

One of the main issues we are grappling with is the lack of standardised security practices in IoT device manufacturing.

In the absence of regulation or industry-wide standards, we're essentially dealing with a "Wild West" scenario. Manufacturers can - and often do - release devices with significant security vulnerabilities, either due to oversight or cost-cutting measures.

This problem is compounded by the global nature of IoT manufacturing. Many devices are produced in markets like China, where oversight can be less stringent. This introduces potential supply chain security issues that are difficult to control.

Additionally, IoT security revolves around APIs (Application Programming Interfaces). These are essential for allowing different devices and systems to communicate within complex IoT deployments.

However, APIs are often an overlooked vulnerability in security strategies. From a security perspective, APIs are a double-edged sword. They're necessary for functionality but also provide a potential entry point for attackers.

If not properly secured, APIs can be exploited to gain unauthorised access to systems or sensitive data. This may include personally identifiable information or even sensitive health records in some cases.

Attackers might exploit zero-day vulnerabilities - previously unknown security flaws - or take advantage of weak authentication mechanisms. They could also target inadequate gateway protections to intercept or manipulate the data APIs transmit.

To address these challenges, we need a multi-faceted approach. This includes pushing for stronger regulations and standards in IoT manufacturing, improving supply chain security practices, and placing a greater emphasis on API security in IoT deployments.

It's also crucial for organisations deploying IoT solutions to conduct thorough risk assessments, implement robust security measures, and maintain vigilant monitoring of their IoT ecosystems. As the IoT landscape continues to evolve, so too must our approach to securing it.

If you had to give a message to manufacturers about the cyber security challenges they face moving forward what would it be?

We're seeing criminals become increasingly sophisticated.

They're getting better at disguising their activities to look like normal network traffic, which makes it harder for traditional defences to spot them. This is where AI and machine learning come into play.

These technologies are powerful tools in our arsenal. They can process enormous amounts of data, including API calls, much faster than humans can. By doing this, they establish what 'normal' looks like in a network, making it easier to spot when something's off.

But let's not get carried away with the latest tech.

Good old-fashioned digital hygiene and best practices are still crucial. You'd be surprised how many organisations don't properly log and monitor their network and device activities. This leaves them essentially flying blind when it comes to potential security incidents.

Comprehensive logging and monitoring are like leaving digital fingerprints of all activities. If something malicious happens, you have a trail to follow. This allows for quicker identification and response to threats.

Another key aspect is developing strong forensic capabilities. This is about being able to investigate incidents thoroughly when they do occur. It's not just about knowing that something happened, but understanding how and why it happened. This knowledge is crucial for preventing similar incidents in the future.

A solid cybersecurity strategy needs to include processes for collecting detailed forensic evidence, analysing incidents, identifying weak points, and quickly implementing fixes. It's about learning from each incident to make your defences stronger for the next time.

Remember, in cybersecurity, we're always playing catch-up with criminals and this is only set to worsen. However, by combining new technologies with fundamental best practices, we can stay as far ahead of the game as possible.

****** 

Make sure you check out the latest edition of Manufacturing Digital and also sign up to our global conference series - Procurement & Supply Chain 2024 & Sustainability LIVE 2024
******
Manufacturing Digital is a BizClik brand.