Operators of industrial-control networks have historically relied on a combination of “security by obscurity” and physical segmentation to protect their networks against cyberattacks. As threats escalate daily, it’s clear that a more robust, flexible, and secure solution is required.
Today’s solution must connect networks. It must help enable monitoring and data flow over a highly secure network. It must be flexible and capable of being deployed in brownfield environments. Most important, it must deliver defense-in-depth features to organize, harden, defend, and respond to threats.
Protect Your Industrial Control Networks
The Cisco Secure Ops Solution helps businesses manage cybersecurity risk and compliance requirements in industrial automation environments.
Cisco Secure Ops Solution
Combining on-premises technology, processes, and managed services, Cisco Secure Ops implements and maintains layered security controls within operational networks.
- A consistent, integrated solution for addressing security and other risks found in the industrial control system (ICS) domain
- Increased site productivity and lower cost of operations, security, and compliance
- Improved, and in some cases automated, compliance
- Lower risk to the ICS environment
- Architecture that evolves with you
Cisco Secure Ops is an integrated and standardized solution to defend ICS and supervisory control and data acquisition (SCADA) networks, improve efficiency, and reduce site downtime. A building-block approach to security controls provides the flexibility to address attack vectors as your business demands change.
Cisco Secure Ops comprises tightly integrated Cisco and third-party products and services. It is unique in several ways. It is designed to be "dropped into" the demilitarized zone, or DMZ, between the enterprise and the ICS or SCADA domain. The solution has been purpose built for deployment in brownfield environments where a mix of new and older devices exist.
The solution offers a single global information repository. Situational awareness dashboards display system health. These help you manage system access and asset inventory as well as monitor security compliance and assurance. Core capabilities include:
- High-availability infrastructure for system-to-system and user-to-system connectivity
- Highly secure access
- Asset discovery and inventory
- On-premises backup and restore capabilities
- Vendor-qualified, automated system patches, antivirus signature updates
SecureCenter and SecureSite
The Cisco Secure Ops Solution consists of a SecureCenter and SecureSites. SecureCenter capabilities are delivered using a highly secure virtual private cloud that is completely dedicated to you. You can choose to have the SecureCenter owned and managed at Cisco facilities, to own the infrastructure and software while Cisco manages the applications and services, or to have Cisco own and manage the SecureCenter while you host it at your facility. SecureSite comprises the infrastructure (router, switch, firewall, and application hosting) and software applications installed on-premises at each site.
Monitoring and Support
With global support 24 hours a day, 365 days a year, you have access to the industry’s first support function that combines network and security experts with industry-domain specialists that understand rigs, substations, plants, and more.
The Cisco Secure Ops Solution includes:
- Proactive performance and fault monitoring
- Global security incident response and monitoring services
- Security event correlation and incident notifications
- Network availability and performance monitoring and reporting
Protect Critical Infrastructure
Cisco Secure Ops consists of a SecureCenter and SecureSites. SecureCenter capabilities are delivered using a highly secure, on-premise NOC or SOC that is completely dedicated to you. SecureSite comprises the infrastructure (router, switch, firewall, and application hosting) and software applications installed on-premises at each site. Contact your Cisco sales executive for more information.
Some clients prefer to use an existing data center location to host the SecureCenter because of corporate security policies, among other reasons. With Managed SecureCenter, the client owns the infrastructure while Cisco manages the SecureCenter applications and services. The client location must meet specific requirements to host the SecureCenter.
In addition to network security and monitoring, the client should have:
- Trained and experienced staff, including a knowledgeable security team
- Strong onsite physical security with controlled access (badging systems, video surveillance, etc.)
- High-bandwidth Internet, multiple major Internet carriers for redundancy, and Border Gateway Protocol 4 to guarantee uptime
- Desired, but not required –
- Multiple data centers with failover support (disaster recovery and business continuity)
- Generator backup
Because service availability is critical, clients who meet the requirements except for “multiple data centers” can work with Cisco architects to explore a managed option.
The Managed SecureCenter offers the proactive monitoring of infrastructure and applications. Depending on the scope of services, availability management, patch management, and release management are also provided. Others services include:
- Remote management
- Incident management
- Proactive and reactive problem management
- Change management
- Capacity management
The support model is based on agreed-upon key performance indicators (KPIs) and service-level objectives (SLOs) or Service Level Agreements (SLAs). Adherence to client information-security requirements is maintained.
Ancillary services that interact with SecureCenter are typically handled by your IT staff. These include:
- Network proxy services
- Directory services
- Printing services
Protect Your Critical Systems
The Cisco Secure Ops Solution consists of a SecureCenter and SecureSites. SecureSite comprises the infrastructure (router, switch, firewall, and application hosting) and software applications installed on-premises at each site. Contact your Cisco sales executive for more information.
The goal of any team tasked with maintaining critical systems is to experience no health, safety, security, or environmental damage; no unplanned operations disruptions; and no negative project losses. To protect against threats and harden their defenses, firms must improve their security maturity profile.
SecureSite provides a means of establishing a highly secure tunnel from the industrial control system (ICS) network to the SecureCenter. It is able to orchestrate asset discovery, automated workflows, compliance adherence, and log collection for ICS network hosts. It also provides a firewall service for highly secure system-to-system communication between systems in the office and your ICS. You can implement security controls and compliance across your entire ICS network.
This scalable solution is ideal for organizations that want to:
- Automate tasks that monopolize the operation team’s time
- Reduce start-up costs
- Compress the time to operations
- Improve overall business agility
- Retain facilities management
SecureSite capabilities are delivered within the customer cloud. Leave capacity and evergreen management to us so that you can focus on delivering highly available systems and ICS security as a business outcome to your end users.
SecureSite offers the proactive monitoring and management of infrastructure and applications. In addition, it provides
- Deployment services
- Capacity management
- Evergreen services
- Global solution support
The support model is based on agreed-upon key performance indicators (KPIs) and service-level agreements (SLAs). Adherence to client information-security requirements is maintained.