Cybersecurity monitoring has traditionally focused on internet-facing enterprise networks, with very little consideration of control systems environments. Today, the rise in control systems focused malware, such as Havex, BlackEnergy, CRASHOVERRIDE, and TRISIS, has forced companies to expand their cybersecurity visibility to include their control systems networks.
When considering your OT monitoring needs, it is important to adopt the right operational security model. Improving your SOC with the right people, processes, and technology serves the business, reduces risk, increases safety, and ensures properly maintained processes. Three common operational build models include: integrated IT/OT SOC, dedicated OT SOC, or a hybrid model. Each model has certain advantages and challenges, and the decision is ultimately determined by your needs, capabilities, and expectations.