At the Black Hat 2017 conference in Las Vegas, Leidos gave a sneak peek at a new product for critical infrastructure customers—Arena Asset Visibility and Insights (AVI). The product’s concept was driven by interactions with customers who shared concerns over the lack of situational awareness and visibility into their industrial control systems (ICS) network. While most have a wealth of tools and processes to aggressively monitor and respond to threats and security incidents to their Enterprise IT network, their Operations (OT) side is typically only monitored up to the edge of the IT/OT firewall. For the Security Analysts in the SOC, managers who act as a liaison between the plants, corporate IT, and the plant operation managers, OT awareness is minimal.
As an example, a large global company that has multiple business units with dozens of product lines and hundreds of manufacturing plants across the world typically deploys cyber security at the business unit level. This approach lacks a single view of the thousands of assets deployed at the different sites; what vendors, operating systems, and software are installed; insight into patch levels and critical vulnerabilities; and how many outstanding critical security events exist.
This multinational company has silos of information but no system to give them company-wide metrics on their corporate and industrial systems and no way to assess the company’s security posture.
In addition, most companies lack access to inventory and configuration information from within their OT environments. While a plant could have local databases and repositories with this information, there is very little access to this information outside the plant.
Comprehensive, holistic view of IT and OT risk is needed
Enter Leidos Arena AVI. A game-changing solution built for critical infrastructure companies as a central portal to enterprise wide asset related inventory, configuration, and security related information. Arena AVI breaks down enterprise silos by ingesting, storing and processing asset-related data from across the enterprise.
Additionally, it goes beyond OT visibility and provides the type of insight gained when you analyze data comprehensively, breaking down barriers in data silos and enabling new levels of assessment.
Proper Visualization is the Answer
Big data for big data’s sake is not the answer. Nor is visualization without context as it provides little insight. Arena AVI’s UI (see Figure 1) is designed to provide multiple layers of information and insight in a simple, direct way.
For example, with Arena AVI you can:
- Make sense of your asset security posture across locations in your environment
- Organize assets by different criteria, such as location and unresolved high priority security issues
- Alternatively, organize by location and applicable critical vulnerabilities
All this information is available immediately with little user input required. Users need only select a location to drill down to the context underneath. Proper use of data visualization gives more context to each analysis allowing users to take a more targeted approach, based on a clearer direction.
Achieving “OT situational awareness” is a shared goal by multiple critical infrastructure companies. The need to automatically aggregate, correlate and visualize complex event data across an enterprise, including plants and facilities not easily reached by traditional IT “big data” solutions, has been the driving force behind Arena AVI. We’re excited to see how this new solution unfolds. Stay tuned.