You’re Ready for Threat Hunting
Threat hunting is one of the next logical steps in your cybersecurity program. In its simplest form, you are searching the network for external threats or intrusions that went undetected by automated security systems. It is a very scalable exercise and can be done with varying degrees of automation, including none at all.
It can not only further protect your proprietary recipes and information, but it also has great potential for improving operational efficiencies as well. While this practice isn’t entirely new to the IT space, it is making its way into OT environments. And this is where beverage and food production or life sciences operations can benefit the most.
Threat hunting is proactive, and takes a step back from the scanning tools, traps and future-focused infrastructure already in place. In an age of technology, it uses gray matter to uncover malicious activity and infiltrations that have been hiding in your network for months, maybe years. And further, it can find correlations not otherwise detectable between network activity and production inefficiencies.
Infestations Wreaking Havoc in Unexpected Ways
Have you noticed your mixer acting up? Are HMIs locking down? A label printer flashing errors?
It can start with an operator charging their unprotected phone in an open USB port on the network. Months later, your oven starts acting up and won’t maintain set parameters, even though mechanically, there’s nothing wrong.
Careful review of network logs uncovers that each time the oven acts up, there are beacons going to an outside IP address. This correlation is otherwise undetectable, and is what makes the human factor critical, and threat hunting so valuable.
I went into a plant once that was experiencing repeated network slowdowns on a certain shift. Proactive hunting led to the discovery that one employee’s workstation was running an undetected Bit Torrent. So, each day when they logged in at the beginning of their shift, the entire network was impacted.