Report en
Report en
Fortinet
navigator.westlandsadvisory.com
Macro Trends underpinning greater OT
cybersecurity investment remain strong
Despite challenging global economic conditions, expenditure on OT cybersecurity has
continued to increase. There are 3 investment drivers: digital transformation, regulation,
and risk management.
The growing interconnectivity among OT devices, systems, and processes has facilitated
the digital transformation of industrial operations, increasing demand for cloud computing
services, data analytics, digital twins, and machine learning. Convergence between IT
and OT has further accelerated this trend, facilitating seamless integration and data
exchange between two previously isolated environments. The new digital asset owner is
characterised by higher levels of interoperability and collaboration, enabling process
optimisation and productivity gains. The benefits of digital transformation need to be
managed alongside the increased exposure to IT & OT vulnerabilities, requiring new
cybersecurity policies, processes, and procedures to ensure the resilience of future
operating models.
The primary goal of OT Security Leaders it to ensure that the risk of a cyber incident
impacting the Reliability, Availability and Safety of operations is minimised. This requires
identification and management of vulnerabilities, and a layer of controls to prevent threat
actors from accessing networks. The logical starting point is to identify and classify all
assets though this is rarely a simple task. Plants may be 30 years old with no official asset
register and reliant on a patchwork of different OEM systems and sensors. Security
Leaders need to have visibility of the assets they are managing, the firmware and patch
status of those assets, and what they are connecting to.
Once assets are identified and logged, OT Security Leaders should address vulnerabilities
that are known and understood and implement processes to continually monitor and
manage them. This may include changing default passwords, implementing patch
management, and monitoring of access controls.
However, as networks converge and data exchange between the factory floor and the
cloud expands, so does the scope of the threat. DiD alone is not sufficient to protect OT
operations. Modern organisations require a security approach that enforces policy,
monitors, and orchestrates across a complex network of digital infrastructure, entities and
physical assets.
The principle of Attack Surface Management (ASM) helps to address the challenge of
identifying, assessing, and mitigating the vulnerabilities that exist within an organisation’s
digital and physical infrastructure, and external entities including supply chain and OEM
partners.
ASM focusses on identifying and managing risks through a proactive approach to
security management, whereas DiD is focused on the layering of controls to protect
against threats. The approaches are entirely complementary as noted in NIST 800-53
which describes Attack Surface reduction as being “aligned with threat and vulnerability
analyses and system architecture and design. Attack surface reduction is a means of
reducing risk to organisations by giving attackers less opportunity to exploit weaknesses
or deficiencies (i.e., potential vulnerabilities) within systems, system components, and
system services.” A layered defence is recommended as part of the overall security
architecture alongside a ‘least privilege’ approach to managing network access.
The ecosystem consists of two main vendor categories. OT Network Protection vendors
typically provide firewalls, including coverage of industrial protocols, and a range of
additional capabilities from endpoint protection to SOCaaS. The main use cases include
network protection, segmentation and access management, but many also offer visibility
solutions. Most vendors also have a strong IT security platform, enabling industrial
enterprises to manage IT and OT security operations separately or to merge them into a
single operation.
The following vendors, reviewed in WA’s latest analysis of the OT Cybersecurity Industry,
provide platform solutions and integrations and should be considered by Security
Leaders.
When selecting vendors OT Security Leaders should also consider a vendors’ strategic
direction. WA analysts noted significant innovation across the industry over the last 18
months, and the technical roadmaps of some vendors are particularly strong, including
improvements to platform usability, new integrations, refinements to risk analytics, and
new OT use cases.
Profile: Fortinet
Fortinet is a publicly listed company headquartered in Sunnyvale, California, United
States. The company is one of the leading cybersecurity and networking vendors with a
broad, integrated portfolio of more than 50 enterprise-grade products that addresses
multiple security and networking use cases. The company continues to grow strongly,
serving over 660K customers with billings of $5.6B in FY2022.
Summary
Investment in research and innovation has remained consistently high resulting in an
extensive portfolio of patents (1,285). This is supported by a global network of
Development Centers and Centers of Excellence including recent investment in
Japan. Fortinet is a leading IT and OT cybersecurity solutions provider to the industrial
and critical infrastructure sectors, with a high customer base and strong coverage of all
industrial verticals.
The stated company priorities in 2023 are to be number 1 in Network Firewalls, SD-WAN
and OT Security. The OT business has grown strongly, outpacing average market growth,
due to increased investment in OT-specific products, staff and the sales and marketing
operations.
Fortinet’s native products strongly address most OT cybersecurity use-cases with Tech
Alliance ecosystem partners providing complimentary solutions. This provides customers
with an end-to-end cybersecurity platform that addresses IEC-62443, NIST CSF, MITRE
ATT&CK for ICS and other relevant standards.
Positioning
The OT strategy is aligned to addressing fast emerging customer challenges related to
securing increasing cloud connectivity, ensuring secure remote access, enabling secure
and converged IT/OT operations, and the effective management of threats and
vulnerabilities. This is achieved through the OT Aware Security Fabric which includes
Threat & Vulnerability Management vendors, Fabric-Ready OEM partners and System
Integrators.
Fortinet’s strength is its ability to provide security solutions across the entire Purdue
Model from sensor to cloud. Industry partners and customers often cite Fortinet’s
solutions as easy to deploy, use and scale.
Future developments are likely to include FortiNDR’s addition to the OT Aware Security
Fabric, improvements to compliance management, and the inclusion of new capabilities
from recent acquisitions FortiPolicy and Volon FortiRecon. Beyond products and solutions,
Fortinet’s focus on being number 1 in OT Security has been accompanied by an expanded
team of experts, experience centers, and training and awareness courses to improve
customer value and experience.
Known for
Leading global Cybersecurity company
Definition
Network Protection platforms have several native capabilities, including firewalls and
access control. Use-cases may include network visibility, segmentation, Zero Trust policy
enforcement, and incident response. Most network protection platforms also include
other native technical controls (e.g. endpoint protection) or integrate with third party
tools. The Platform orchestrates and provides centralised visibility and control of OT
cybersecurity operations.
Further insight on the market and industry trends is available in the related WA Insight
report, “Industrial Cybersecurity Industry Analysis”.
Evaluation
The following capabilities are included in the evaluation:
Network Protection including Firewalls, IPS, unidirectional gateways and data didoes.
Network Segmentation including Firewalls, VLAN’s, Access Control Lists (ACL), SDN
and agentless Micro Segmentation through identification and logical grouping of assets
and devices.
Security Operations & Incident Response including SIEM, SOAR, XDR and EDR plus
playbooks.
Qualification
Competitors must meet the following criteria to qualify for consideration in the IT/OT
Network Protection Platform Navigator:
Company must provide native solutions for OT network protection including all or one
of NGFW, IPS and Data Diode.
The relevant products integrate into a centralised platform with other network
protection products including access management.
The platform ingests information from other platforms or sources to enrich the data
and provide context.
The platform has a sophisticated central management function that provides analytics
and reporting for analysts to monitor and manage security operations, providing
network and device visibility and management.
The company has strong coverage in more than one geographical region.
Methodology
Further information on WA’s methodology can be found on the website at
https://navigator.westlandsadvisory.com
Visibility & Threat Management platforms include asset and network discovery,
contextualisation, vulnerability management and threat detection. The platform will
typically integrate with other security platforms or with the SIEM.
Definition
The market consists of a range of vendors using different approaches. This includes
pureplay visibility and asset management competitors using agent-based discovery,
threat detection companies using passive scanning among other techniques, and network
vendors delivering visibility and threat detection through firewalls or embedded in
switches. Further insight on the market and industry trends is available in the related WA
Insight report, “Industrial Cybersecurity Industry Analysis”.
Evaluation
The following technologies are included:
Vulnerability Management.
Threat Detection including Machine Learning, User & Entity Behavioural Analytics
(UEBA) and Signatures.
Qualification
Competitors must meet the following criteria to qualify for consideration in the IT/OT
Visibility & Threat Management Navigator:
The Company must provide native solutions for asset visibility and threat detection.
The platform ingests information from other platforms or sources to enrich the data
and provide context.
The platform has a sophisticated central management function that provides analytics
and reporting for analysts to monitor and manage security operations.
The company has strong coverage in more than one geographical region.
Methodology
Further information on WA’s methodology can be found on the website at
https://navigator.westlandsadvisory.com
IT/OT Cybersecurity Platforms
IT/OT Cybersecurity Platforms include several native products and integrate with other
products or platforms to provide the customer with a single, unified view of operations.
Definition
The market consists of two types of vendors, those providing Visibility & Threat
Management and those that have a strong Network Protection product portfolio. Security
Leaders will usually rely on at least one vendor from each category. However, competitors
are expanding capabilities and it is increasingly common for vendors to provide both
Visibility & Threat Management and Network Protection solutions.
Further insight on the market and industry trends is available in the related WA Insight
report, “Industrial Cybersecurity Industry Analysis”.
Evaluation
The following technologies are included in the evaluation:
Asset Visibility
Network Protection
Network Segmentation
Vulnerability Management
Risk Management
Endpoint Protection
Secure Access
Threat Detection
Qualification
Competitors must meet the following criteria to qualify for consideration in the IT/OT
Cybersecurity Platform Navigator:
The platform ingests information from other platforms or sources to enrich the data.
The platform has a sophisticated central management function that provides analytics
and reporting for analysts to monitor and manage security operations.
The company has strong coverage in more than one geographical region.
Methodology
Further information on WA’s methodology can be found on the website at
https://navigator.westlandsadvisory.com
Concluding
OT networks are often Data Rich and Information Poor with huge benefits yet to be
derived from greater data exploitation. To accelerate digital transformation, Asset Owners
require asset and network visibility but also need to manage the data and alerts
efficiently. This has resulted in innovation to not only identify assets, but to also
categorise, profile and automate risk and vulnerability management. Asset discovery and
vulnerability management are high growth product segments and address the ‘known
known’ risks to operations. Alongside firewalls and network segmentation, access
management, and endpoint protection, these controls provide strong protective
measures.
There is a growing requirement in regulation and standards to ensure that the ‘unknowns’
are covered requiring continuous monitoring through either passive or active scanning to
detect and alert if there are deviations from the baseline. To protect against the unknown
scenarios, asset owners should move towards implementing a security model based on
resilient operations and a focus on people, technology and processes to ensure
organisations are able to withstand and recover from a cyber incident with minimal
disruption to operations. ASM is key to getting ahead of threats whilst well documented
Incident Response procedures facilitate a co-ordinated, timely and effective response.