Gartner predicts 30% of critical infrastructure organizations will experience a security breach by 2025. Why?
The use of outdated and physically isolated devices makes these environments vulnerable to insider threats and external breach attempts. This is one of the reasons why, in a recent report, Gartner analyst Ruggero Contu outlines how Venture Capital (VC) investments focus primarily on Cyber-Physical System (CPS) protection platforms. In the paper, Gartner includes cyber deception technology as an important security control solution applied to CPS.
Take our quiz today to find out how deception technology can work for your organization >
Gartner included CounterCraft as the only deception vendor referenced in the recent Emerging Tech: Security — Venture Capital Growth Insights for Cyber-Physical System Security report. According to Gartner, CounterCraft is the only deception technology solution with the capability to safeguard CPS.
There are different critical factors that have been driving investments in this market:
- An inherent lack of security in many IoT devices and OT infrastructures, particularly as a result of the inability to leverage physical separation through air gapping at the time of IT/OT convergence
- The use of legacy systems no longer supported by the manufacturer,the norm in OT
- A fear of disturbing equipment that has been operating fine for years, sometimes decades, for a security patch
- The inability to apply traditional cybersecurity strategies from the IT world to OT
Deception technology is able to provide user/asset/physical process authentication and behavior analysis in CPS.
“Deception can help in the proactive protection of critical assets without imposing any burden on the normal operation of services.”
CounterCraft’s approach does not require modifying existing SCADA/ICS networks to protect organizations’ CPS. CounterCraft supports deploying deception at multiple layers in ICS/OT environments: PLC/RTU, IEDs and controllers, HMI systems, applications, databases and file servers. Find out more about how cyber deception is uniquely positioned to face the challenges inherent in these environments.
CounterCraft in ICS-OT networks
CounterCraft has developed a deception solution that can mimic specific OT environment architectures. The Platform can identify how threat actors try to move laterally across OT systems to understand their activities and targets. This threat actor monitoring is done in a safe way, as malicious actors are triggered to interact with deception infrastructure made of emulated HMIs and PLCs.
Here is an example of how CounterCraft helped Red Eléctrica safeguard their production ICS/OT network by deflecting a targeted attack into a decoy electrical substation.
Download our latest whitepaper to find out how Red Eléctrica detects ICS-OT system attacks in real time.
About CounterCraft
CounterCraft is a software company that goes beyond detection and response to provide proactive cybersecurity solutions and detect attacks faster for the world’s leading organizations. Their premier product, CounterCraft The Platform™, consistently stops red teams, spear phishing, ransomware attacks and insider threats. This distributed deception platform is a global leader in active defense, with tooling that provides real-time intelligence and the capability to manipulate adversary behavior. Their technology stops attackers in pre-breach recon phases, integrates contextualized threat intel with incident response workflows, and saves money and time by helping security teams prioritize their actions. CounterCraft The Platform is used successfully around the globe by Fortune 500 companies and government organizations, including the US Department of Defense.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
1https://www.gartner.com/en/newsroom/press-releases/critical-infrastructure