Manufacturers can have many hundreds or even thousands of endpoints in their network, from laptops, PCs, and mobile devices to networked production-line machines spread throughout the facility.
These connected systems deliver operational efficiencies and even competitive advantage to manufacturers.
Smart manufacturing has helped manufacturers achieve productivity gains of 17 to 20 per cent and quality gains of 15 to 20 per cent.
However, smart manufacturing also introduces cyber risks, which must be addressed in the most time-efficient, reliable way.
Steve Hunter, senior director, Asia Pacific and Japan, ForeScout, said, “In the past, production-line machines were air-gapped; they didn’t have a network connection, so they were safe from cyberthreats. Now, with every machine and device connected to the corporate network and the internet to facilitate smart manufacturing, that safety buffer is removed. Therefore, it’s essential for manufacturers to know what devices are in their network, how vulnerable they are, and their compliance status. All endpoints, including Internet of Things (IoT) sensors, need to be secured.”
In many industries, endpoint management is conducted using agents, with IT departments choosing a combination of agents to address their specific requirements. However, the use of agents can create performance issues in manufacturing operations, meaning an agent-based approach is not well-suited to manufacturers.
When networked operational or production-line devices are scanned, it can impair performance, reboot the device, or even crash it entirely. This causes expensive downtime.
These devices are often vulnerable because they’re older, rarely patched, and less protected against threats. Even new IoT devices can become exploited, because they’re generally not designed with security top of mind. These new IoT devices are often deployed without configuring the few security settings available to them, such as leaving default credentials in place. This lets malicious actors use the unsecured IoT device to access the entire network.
Furthermore, an agent-based approach all but guarantees there will be some blind spots in the network, since agents can’t be deployed across every device on the network. All it takes to immediately compromise visibility is for one device to connect to the network without an agent installed.
Manufacturing organisations, therefore, require an agentless approach that reliably sees managed, unmanaged, and IoT devices the instant they connect to the company’s network. Whether wired or wireless, corporate-issued or personally-owned, the manufacturing organisation needs to see every connected device, then take appropriate action to secure that device.
“Using an agentless solution, manufacturers can ensure every device connected to the network complies with the business’s security policies. If it’s a new device, necessary policies can be automatically applied to ensure it doesn’t introduce risk to the network. For example, if a contractor connects their laptop to the company’s network to undertake equipment maintenance, the contractor’s device is segmented and constrained to communicating with just the devices approved for maintenance, limiting the scope of a potential breach.”
An agentless security solution can help ensure endpoint compliance and remediation. For example, unknown devices can be scanned for vulnerabilities before they’re allowed to access the network.
Based on policies, the platform can automatically remediate security issues and block unauthorised applications. Manufacturers can also manually manage these processes using the same platform, giving them more control over how endpoints are treated in the organisation.
Steve Hunter said, “Endpoints can be risky if they’re not managed correctly but implementing the right controls doesn’t have to be overwhelming or burdensome. With the right agentless technology, manufacturers can reap the benefits of smart manufacturing with IoT and networked production-line endpoints while limiting the risk introduced into the organisation.”