Radiflow, which provides Operational Technology (OT) cybersecurity solutions in industrial automation networks, just announced that it has launched a partner program for Managed Security Service Providers (MSSPs). The company will offer its OT MSSP partners a framework that enables them to offer new cybersecurity services to clients who have ICS/SCADA networks, e.g. industrial enterprise and critical infrastructure customers.
“We’re trying to help companies close a series of OT security gaps,” explained Ilan Barda, CEO of Radiflow. “Industrial companies and critical infrastructure providers, especially those that are on the small side, frequently lack the personnel and expertise to do the kind of advanced cyber defense that is now needed. So, they’re looking to outsource the work to MSSPs… however, a lot of MSSPs have a gap as well. They may not have deep OT experience, either. It’s a new enough discipline that you wouldn’t expect every MSSP to have the expertise. Now, with our OT framework, the MSSP can quickly get up to speed and deliver cyber protection for OT systems.”
The most likely OT partner candidates are MSSPs that want to enter the OT space and industrial engineering companies who want to augment their service offerings to include cybersecurity services. Radiflow provides silver, gold and premium packages, including a free trial period for MSSPs to provide a Proof-of-Value rollout to end customers. The packages include tools, procedures and support.
Radiflow works with the OT MSSP partner to implement processes required to roll out a full range of OT cybersecurity services. This might involve monitoring the network and networked assets, providing status reports, deactivating active and upcoming threats, provisioning software updates and patches, optimizing end user cybersecurity expenditures and preparing the end user for a cyberattack.
Industry feedback to the partner program has been positive. As Aaron Sherrill, Senior Analyst at 451 Research, put it, “Most industrial enterprises and critical infrastructure operators lack the internal resources to adequately protect their OT networks. This situation has created a unique opportunity for MSSPs, and Radiflow offers them the tools, procedures and expertise required to establish the framework for building OT-dedicated cybersecurity services.”
Overall, the program is based on the company’s iSID Industrial Threat Detection System. This solution runs in the partner’s cloud environment. It can be utilized by an MSSP partner as the starting point for an ongoing network monitoring service that involves building a network topology map of all devices, connections, ports and data traffic flows on an OT network and handling alerts to any changes to this baseline understanding. As part of an ongoing networking monitoring service, an MSSP can also use iSID to detect any breech attempts and apply security upgrades to any newly detected devices.
MSSPs can also enhance their OT cybersecurity service portfolio by leveraging the new automated vulnerability mapping and assessment processes included in the recently released version of iSID. Based on an advanced risk assessment engine and attack vector simulation model, iSID dynamically calculates an exploitability score for each device on an OT network and identifies the most critical attack vectors. MSSPs can utilize these dynamic mapping and scoring capabilities for a service that involves remediating vulnerabilities that are prioritized based on the specific context of a customer’s OT network and the impact on its business operations.
Radiflow is already signing up OT MSSP partners, such as Kalis Consulting, which is based in France. Their CEO, Marc Benattar, explained, “We are joining Radiflow’s new OT MSSP partner program at an exciting time in the Building Security Management space we work in. Most of our customers are rapidly introducing new digitally-driven, yet technically vulnerable devices to their OT environments. This strategic partnership positions us to provide important OT cybersecurity services for our customers and also to improve our service offering.”