Honeywell delivers proactive cyber protection for Industry 4.0

Welcome to the Fourth Industrial Revolution where industrial operations and processes are more automated, connected and digitalized than ever before. They’re also more vulnerable to cyber attacks.  

The information technology (IT) and operational technology (OT) worlds have aligned, which delivers enormous benefits to operators of plants, factories and critical infrastructure. But industrial operators must first increase their capacity to protect themselves from security threats, which can wreak havoc on their operations. Cyber attacks can endanger employees, harm the environment, disrupt operations, compromise proprietary data and impact the bottom line.

Industrial enterprises are seeing more cybersecurity issues these days, according to a Deloitte survey of IT and OT professionals. Yet few organizations possess the skills and resources to thwart cyber-intruders, who are getting more sophisticated and devious all the time. It’s costly and impractical to create an in-house capability to effectively address all cyber issues, especially in these times when IT/OT budgets are stretched and talent is so hard to find.

Of course, industrial enterprises can’t cross their fingers and hope they won’t fall victim to a cyber attack or ransomware scheme that could harm employees or customers, shut down their operations or cost their organization millions of dollars. 

More and more, industrial organizations are reaching outside the plant walls for better ways to connect networks, assets, devices and people without compromising security. The new Honeywell Advanced Monitoring & Incident Response (AMIR) managed service gives plant owners and operators a powerful tool to improve their ability to protect their OT infrastructure and to monitor, detect, prioritize and respond to multi-vector cyber attacks – anytime, anywhere.

Few industrial operations are set up to constantly monitor, proactively detect and effectively respond to evolving cybersecurity threats. That’s where the Honeywell AMIR service comes in. A managed threat detection and response solution like the Honeywell AMIR service can provide industrial operators and infrastructure businesses with cost-effective and more robust cybersecurity suggestions allowing them to focus on their core business.

Based at dedicated security operation centers (SOCs), teams of experienced Honeywell security professionals use a sophisticated Security Information and Event Management (SIEM) technology platform to constantly monitor customers’ operations, working closely with their internal cybersecurity professionals. A customer dashboard, combined with ticketing and case workflow, maintain complete visibility for in-house users.

The service connects to plants and systems via a dedicated data tunnel and gathers security information from firewalls, antivirus software, routers, hardware, control systems, equipment and other connected devices. Honeywell AMIR is designed to aggregate this information and rigorously analyzes it to detect anomalies that could be signs of malware, hackers, internal security breaches or configuration errors. The goal is to identify and address such issues before they can cause serious operational problems.

To accomplish this critical task, Honeywell AMIR uses a virtual security engine (VSE), which can scan billions of logs from sources throughout the operation. This data is fed through an advanced Security Orchestration, Automation and Response (SOAR) platform that uses automated monitoring and professional analysis to quickly help address identified serious security incidents.

But Honeywell AMIR is not just a powerful cybersecurity monitoring and analysis engine. The Honeywell team works closely with industrial customers on investigation, threat-hunting and remediation to uncover security gaps in OT systems and help them reduce the possibility of future attacks.

The Honeywell AMIR service addresses many of the needs of today’s industrial plant operator by providing an effective defense-in-depth security strategy designed to help keep their OT safer, help satisfy security compliance requirements and enable all the benefits of the OT/IT convergence.