April 27, 2021 - That depends on what problems you are trying to solve. We can broadly think of security budgets serving two desired outcomes – visibility and actionability. Most of the first generation IIoT security startups were born post Stuxnet to equip the CISO with detection of sophisticated attacks and some visibility of IIoT assets. While the visibility has served immediate needs to meet regulations and board reporting, it has not translated into actionability in supporting decisive incident response. The increased visibility, without relevant context, had the undesired effect of increased incident noise levels. This adds to an already existing deep industry challenge in manpower scarcity and alert fatigue for the security operations teams of both enterprises and service providers. So the challenge remains: how can IIoT security solutions better equip enterprises with capabilities that compress time to action and support decisive incident response?
Technology innovations – How we started, where are we headed
What got us here may not get us there and a new approach is needed to unlock value that categorically deals with entrenched industry problems. While the first generation of IIoT security innovation post Stuxnet focused on detecting sophisticated state sponsored attacks, a rethink is needed of the threat landscape given the increased threats from commercial origins. There is also a need for a paradigm shift in value perception as enterprises inordinately associate technology value based on ease of implementation and scale. This inadvertently creates silos in both security assets (e.g. passive monitoring only on the network) and actions (e.g. non-intrusive agentless identification but not agent-embedded protection). A different and holistic way is needed to look beyond immediate, short-term value created by technology to measure the long-term value captured beyond technology to people and process challenges, across the entire cyber actions and assets lifecycle.
It’s worth noting four innovation vectors that can have outsized impact for IIoT security innovations to unlock untapped value for enterprise customers:
Context vs Content
IIoT security solutions should be able to ingest not just high volume and velocity of data but wide variety of data that gives better context. The solutions today lack data telemetries in threat intelligence research and IIoT operations data which miss critical insights that can exponentially reduce incident noise and alert fatigue in security operations.
Time to visibility vs Visibility
The first generation IIoT security solutions have pivoted to a vertical-focus go-to-market strategy with coverage of most common and known IIoT assets to optimise RnD ROI. What have not changed are the gaps and need for unknown IIoT asset discovery which requires more time for further RnD which customers can ill afford as IIoT assets continue to proliferate without unifying standards. Going forward, the greater value captured by the customers would be near real time identification of new, unknown assets to compress time to visibility. This capability can be greatly enhanced and accelerated on the foundations of richer IIoT asset and data telemetries to sharpen asset discovery and anomaly detection. More importantly, this delivers the much needed decision making context that drives time to action to close the threat window of opportunity.
Platform vs Product
The first generation solutions were built as ‘best of breed’ product approach to deliver identification on the network. As the market matures, customers will look to unlock greater value through a ‘single pane of glass’ platform approach which delivers the most complete coverage of the cyber defence matrix across both actions and assets. These capabilities can be enabled from an AI-first, platform purpose-built digital twin architecture to deliver actionable insights powering holistic visibiliy and actionability. The differentiating enterprise value captured is a continuous and automated monitoring with near real time response that can now reduce manpower dependencies.
Risk-based vs Maturity-based
With continuous automation powering actionable insights, enterprises can over time move away from a maturity-based approach of fitting the best-of-breed capabilities on every asset towards a risk-based, breach simulation approach that measures the likelihood of threats and their business impact. The tremendous business value unlocked and captured for enterprises is a risk and returns optimised investment approach with the ability to measure and justify IIoT security spent to the board and avoid buying into hype associated with every emerging cyber threat.
Green shoots of innovation – When and where can we look
We must not miss the signs that these market disruptive innovations have already started emerging from stealth mode through a few forward-thinking, visionary startups which are now testing product market fit with both market demand and technology supply working towards alignment. The U.S Department of Energy, the Israel Ministry of Energy and Israel Innovation Authority have just announced the U.S-Israel Energy Center which will only accelerate the adoption of standards and methodologies for the next generation IIoT security innovation the market needs. We could very well be on the cusp of uncovering the next IIoT security unicorn from the startup nation of the world.