CyberX has joined the McAfee Security Innovation Alliance, which aims to accelerate the development of open and interoperable security products and simplify integration with complex customer environments. CyberX specializes in Industrial Internet of Things (IIoT) and industrial control system security.
This partnership and future certified integrations between CyberX’s continuous, real-time visibility into operational technology (OT) risk and McAfee will address the need for unified security monitoring and governance across both IT and OT environments.
CyberX was recently recognized by Gartner in a report titled “Competitive Landscape: Operational Technology Security.” In the report, Gartner predicts that OT security spending will grow at a CAGR of 45.7 percent through 2022, with the highest annual growth percentage occurring in 2019 and 2020.
“Convergence of IT/OT is driving the need for new security capabilities and integrations as a result of a move to a hybrid IT/OT architecture,” according to Ruggero Contu, Gartner Senior Director Analyst. “The mounting number of attacks is evidence that the likelihood of breach is real and serious. While financial loss as a result of attacks can be significant, it is the impact to safety and reliability that is of greatest concern to most.”
With the Industrial Internet of Things (IIoT) driving the deployment of billions of new devices to monitor and control critical OT processes such as turbines, robotics, and mixing tanks, OT environments are increasingly connected to enterprise IT networks and the internet, making them more vulnerable to dangerous attacks.
Purpose-built for OT security, CyberX’s platform enables customers to auto-discover their OT assets and network topology, identify critical OT vulnerabilities and attack vectors, and continuously monitor their OT networks for destructive cyberattacks such as WannaCry, NotPetya, and TRITON.
The National Institute of Standards and Technology (NIST) noted CyberX’s industrial cybersecurity platform when recommending new ways of securing manufacturing industrial control systems in its November report.
CyberX uses agentless Network Traffic Analysis to continuously monitor industrial control systems (ICS) network traffic for anomalies. NIST specifically tested detection of zero-day threats that would not normally be detected by traditional security tools that rely on predefined signatures. Examples of anomalies detected by CyberX and documented in the NIST report include unauthorized devices attached to the ICS network, unauthorized remote access to the ICS network, network scans using ICS protocols indicating potential cyber reconnaissance activities, unauthorized PLC logic downloads and file transfers between ICS devices, and communication using undefined function codes in ICS protocols, which may indicate attempts to exploit known vulnerabilities in ICS devices.
Notable CyberX customers include two of the top five US energy providers; a top five global pharmaceutical company; a top five US chemical company; and national electric and gas utilities across Europe and Asia-Pacific. Strategic partners include Palo Alto Networks, IBM Security, Splunk, McAfee, Optiv Security, DXC Technologies, and Deutsche-Telekom/T-Systems.
On December 4, CyberX announced its participation in the GE Digital Alliance Program, a partnership of companies dedicated to growing the digital industrial ecosystem. At the same time, the company announced that its industrial cybersecurity platform has been installed in GE Power’s integration environment to support joint GE and CyberX customers with interoperability validation testing.