TL; DR: Otorio is a digital risk management solutions provider that specializes in cybersecurity for converged OT/IT networks. It helps companies diverge from legacy systems and move to new digitized methods to secure their operational technology and production machinery. By introducing its new risk assessment solution spOT, Otorio finds more ways to protect its clients from the ever-evolving cyber threat ecosystem.
In the era of Industry 4.0, manufacturing and supply chain companies have shed their old ways of system management to meet the new technological standards and boost their competitive advantage. But with this change comes the risks that lurk in this new hyper-connected world.
Many supply chain and manufacturing companies have been hesitant to implement upgraded security measures for their new, updated systems. This has made them a target for exploitation. According to a study done by BlueVoyant, 93% of companies impacted by a direct cyber breach in their supply chain revealed it stemmed from weaknesses in their machine production system.
Cybersecurity and risk management have become invaluable to the protection of operational technology. Otorio, created by CEO Daniel Bren and CTO Yair Attar in 2018, simplifies cybersecurity for companies in the operations industry. It equips manufacturers with the tools to ensure operational continuity and agility.
“The goal is to protect operational networks, meaning the production lines that keep our food, electricity, and common goods running smoothly without any interruptions,” said Yoel Knoll, Otorio VP of Marketing.
Otorio CEO Daniel, CTO Yair, and core management team bring military expertise to the company from their experience in the cyber defense unit for Israel Defense Forces. Their background and zero faults tolerance help them to identify solutions with precision.
The company started in the European market and is branching out to North America, serving power utilities, machine manufacturing, and end-user companies. Otorio helps companies bring their old systems into the present and delivers security tailored to their converged OT and IT networks.
“Our solutions help companies open up and use all the digital processes they’re using but do it in a secure way,” Yoel said. “We help them harden those old systems. We have many ways to discover gaps in the security of machines – and provide mitigation steps to seal them. Not in an IT way, but in a way that is geared towards operational technology.”
Bridging The Gap Between Old Systems and New Technology
Before they adopted digitalization, the norm for operational networks was to facilitate their security measures through air-gapped conditions. They would disconnect and keep their computer systems physically isolated from unsecured networks like the public Internet.
Yoel told us the market looked quite different 10 years ago.
“It was mostly air-gapped,” he said. “If you wanted to impact a factory, you would have to infiltrate and physically connect to the production floor. Once we had these amazing IoT in a hyper-connected world, basically there is no place to hide. That security by obscurity doesn’t work anymore. The operational network was never designed to deal with these kinds of threats.”
Unlike other industries geared toward cybersecurity, this type of digital advancement was out of the operational sector’s ballpark. Transferring their old security systems was not as simple. Although digital transformation was the only way for companies to survive in this new era, many OT networks delayed the security transformation they needed to thrive.
Otorio helps businesses move from the security by obscurity phase and find solutions to manage risk and keep their operational technology from harm. Since many of these production networks are 20 to 30 years old, Otorio sets out to redesign their security measures to match their current technology.
Offering Manufacturers Visibility Into Operational Networks
Otorio works with its clients to increase visibility into their OT networks. The company gives customers the tools to see into the machine technology on their production floors and detect risks. With its help, OEMs can monitor and protect machinery from breaches through Otorio’s patent-pending cyber digital twin technology.
“With the cyber digital twin, we recreate a digital model of your production floor, which is completely disconnected from the live network. And we simulate breaches to detect the vulnerabilities and gaps in your security. It’s like a red team but it’s automated, continuous, and is done on a system that is completely disconnected from the operational network,” Yoel said.
Also thanks to automation, Otorio’s technology can run assessments to find gaps in the systems and alert manufacturers on a continuous loop. It keeps businesses proactive and ready to combat any breach threat.
Developing New Preventative Measures To Maintain Security
Otorio emphasizes prevention by creating solutions to combat security threats before they appear. The company is now extending its offering with spOT. The solution helps managed security service providers (MSSP) to deliver one-time or periodic assessments of production floors to detect vulnerabilities and ensure secure and compliant zero trust digital machinery. This new tool empowers MSSPs to automate security tests in factories and production facilities and reduce time put into the assessment process.
Another way Otorio spOT can be used is to help machine builders ensure that the machines they provide to production lines are safe and compliant. It accomplishes this by assigning a unique digital fingerprint to the technology from machine level to production lines. From there, machine builders can monitor their database for the unique machine fingerprint and pinpoint which machine has the vulnerability. With the spOT device, they can discover where attacks can occur and mend the vulnerability before it acts.
“Because the system works on machine learning and automation, we can also provide mitigation playbooks. We don’t just flag an issue. We also tell you this is what you have to do in order to mitigate that. So it is really quick to detect and manage the issue,” Yoell told us.
Otorio’s mitigation playbooks help companies stay a step ahead. By using a type of crowd-sourcing method, Otorio accumulates a wide variety of breach knowledge from its other client experiences and places it in a database. Operators use these mitigation playbooks to search for the problem and discover the solutions to their security issues.
As the cyber risk environment evolves, companies will need updated solutions to fight new threats and sustain their secure operational atmosphere. Otorio continues to help OT networks thrive and push past their old security mindsets for adaptable, robust systems.
“We make their systems resilient. At the end of the day, it’s all about reaping the reward of digitalization without the risk. We take the risk out of Industry 4.0,” Yoel said.