The convergence of Information Technology (IT) and Operational Technology (OT) is transforming industries. While this integration drives operational efficiency and faster decision-making, it also creates new cybersecurity challenges. GREYCORTEX Mendel offers a unified way to monitor and protect both your IT and OT environments.

As digital transformation continues, IT systems, like corporate networks and databases, are increasingly linked with OT systems, such as industrial control systems and sensors. This connection improves data sharing and process control but demands a unified approach to securing both technologies.

New cybersecurity threats are constantly emerging as the Internet of Things (IoT) and automation continue to grow. One of the biggest challenges is ensuring seamless communication between IT and OT teams, which often have distinct goals and methods. Addressing these challenges requires identifying critical assets and implementing tailored security measures.

The Core Security Requirement

A fundamental security requirement in any company is identifying and classifying assets. Understanding the value and strategic importance of each asset allows for the appropriate level of protection. Tools that enable effective monitoring and protection of both industrial and digital assets are essential in this context.

Key Differences Between IT and OT Environments

IT and OT environments differ in focus, asset life cycles, and the personnel managing them. While IT prioritizes data processing, business operations, and frequent updates, OT centers on controlling physical processes and maintaining long-term operational stability. OT systems often remain in place for decades without major updates, creating potential security gaps.

IT and OT teams also have different expertise. IT teams focus on data confidentiality and cybersecurity, while OT teams prioritize the safe operation of industrial assets, often resisting upgrades to avoid disruptions. 

Another key difference lies in the communication protocols used in each environment.

So how do you protect both environments with one monitoring solution?

NDR’s Role in Protecting IT and OT

NDR solutions are pivotal in safeguarding industrial environments, providing visibility into both your IT and OT networks. A prime example is GREYCORTEX Mendel, which passively monitors traffic across both networks to detect anomalies without interfering with system operations—a critical requirement for industrial settings.

Mendel correlates data from various sources to identify threats early, allowing analysts to investigate security events and uncover connections between them. While defining processes and security policies is critical, verifying compliance is equally important. Mendel continuously monitors these processes and notifies you about any non-compliance. Any incidents detected can also be easily exported into clear reports.

Bridging the IT-OT Divide

Better infrastructure visibility, deeper threat understanding, stronger protection of both digital and industrial assets—these are some of the key benefits that NDR solutions bring.

Mendel facilitates cooperation between your IT and OT teams. By integrating with the MITRE ATT&CK® Framework, Mendel creates a common language for analyzing threats, helping both teams collaborate more effectively.

Additionally, Mendel allows you to customize event categorization based on team needs, ensuring IT and OT professionals see the information that matters most to them—within the same solution, but with their own tailored interface.

The Future of Industrial Cybersecurity

As cyber threats evolve, the convergence of IT and OT systems requires tools that can adapt and offer comprehensive protection. GREYCORTEX Mendel meets these needs by learning and responding to new attack types, ensuring the security of both your digital and industrial assets. The continued integration of IT and OT networks necessitates a unified monitoring and response approach, where NDR solutions are central. By leveraging tools like Mendel, organizations can strengthen their cybersecurity posture, ensuring resilience and continuity in an increasingly interconnected digital landscape.

While the convergence of IT and OT has been around for several years, there still exists a disparity between the technology, tools, and resources deployed in each network type. IT teams often turn to traditional security vendors for NGFW, XDR, and NDR tools, which don’t always work effectively in OT environments due to the different needs of SCADA and ICS systems.

GREYCORTEX has made it its mission to provide customers who have both IT AND OT networks with technologically advanced and reliable security tools. By fostering collaboration between IT and OT teams, they enable you to strengthen your security strategies and better protect yourself against cyber threats. 

In addition to its robust detection and response capabilities, GREYCORTEX Mendel offers powerful real-time network analytics. This technology provides you with visibility into your network activities, whether you’re managing a small network of 100 devices or a vast, geographically dispersed network with hundreds of thousands of devices.

How It Works

GREYCORTEX Mendel sees and visualizes traffic in the context of time and events, including L2 and L3 OT protocols and application data. To identify all devices in a network and gain a comprehensive understanding of their interactions, the protocols they use, and where data flows, Mendel requires complete packet visibility. This is where Garland Technology comes in. Network TAPs are a tested and proven industry best practice for ensuring complete network visibility for security and monitoring tools.

Scenario #1: Security Monitoring for IT and OT Infrastructure

1. Within both IT and OT environments, data from the network segments are fed through Garland Technology Network TAPs. These TAPs mirror the network traffic to provide 100% visibility across the environments.
2. In OT scenarios, Garland commonly uses its specialized Industrial Network TAPs that are purpose-built for industrial, manufacturing, utility, and military environments.
3. Data from multiple Network TAPs is delivered to Garland’s PacketMAX™ Advanced Features to aggregate, filter, and load balance the mirrored traffic.
4. The aggregated traffic from each location is then delivered to GREYCORTEX Mendel. Mendel serves as both a Network Detection and Response solution for the IT infrastructure and as an advanced industrial Intrusion Detection System (IDS) for industrial environments, utilizing deep packet inspection for ICS and SCADA traffic.
5. Mendel offers a complete view of your network and business applications through active and passive asset discovery. It provides detailed asset information, including vendor details, hardware and software versions, and network configurations.

Scenario #2: Security Monitoring of Medical IoT Devices and Critical Healthcare Systems

1. Garland Technology’s compact, high-performance network TAPs provide a 100% full duplex copy of the wire data.
2. Network traffic is sent to the PacketMAX™: Advanced  Features packet broker for aggregation, filtering, load balancing, and deduplication to remove duplicate packets. The refined traffic is then sent to GREYCORTEX Mendel for detailed analysis and detection of malicious activities and advanced threats.
3. Mendel enables system analysts to investigate security and operational events effectively. It helps them find root causes and respond to threats quickly. This is possible because Mendel provides a comprehensive view of network activities, whether it’s for specialized medical devices like CT scanners, X‑Ray machines, and DICOM workstations, or for Medical Information Systems and Building Automation Systems.

Key Benefits of the Garland-GREYCORTEX Solution

• Easy to manage and cost-effective, providing comprehensive monitoring of IT, OT, and IoT environments.
• Gain 100% network visibility into your active IT and OT assets without added latency.
• Ensure security with TAPs that lack IP or MAC addresses, making them immune to hacking.
• Improve collaboration and break down silos across teams with deep visibility across all network and application layers.
• Leverage real-time network analytics and advanced detection of threats and operational issues, with the capability to respond swiftly.
• Quick to implement within strict maintenance windows.

About Garland Technology
Garland Technology is an industry leader in IT and OT network solutions for enterprise, critical infrastructures, and government agencies worldwide. Since 2011, Garland Technology has been engineering and manufacturing simple, reliable, and affordable Network TAPs and Network Packet Brokers in Richardson, TX. For help identifying the right IT/OT network visibility solutions for projects large and small, or to learn more about the inventor of the first bypass technology, visit garlandtechnology.com. 

In today’s digital landscape, a stable and secure network is crucial for businesses of all sizes. It forms the foundation of effective cyber threat protection. However, without this foundation, even the most sophisticated cybersecurity tools and systems can fall short. But how can you ensure both security and stability?

An efficient network must be resilient, highly available, robust, scalable, and secure. While there’s no one-size-fits-all solution, implementing best practices tailored to your network environment and your business needs can set you on the right path.  

Let’s explore the key aspects of network security: data network architecture, network segmentation, and network access control.

Data Network Architecture:
Building a Strong Foundation

When defining your network architecture,it is important to consider topology, technology choices, and communication protocols, and ensure they are all tailored to fit your organization’s structure and needs. Whether you’re a small manufacturer, a global enterprise, a university, an ISP, or a data center, understanding the layers of the OSI model is crucial for building a secure network.

At the physical layer (L1), the quality of your infrastructure is paramount. Poor-quality fiber optics, inadequate cabling, or faulty network sockets can undermine network performance. We’ve all seen instances where a network faltered due to damaged cables or dirty connectors. These local problems can escalate to higher levels, potentially disrupting part or all of your network.

Moving up to the data link layer (L2), we encounter the Spanning Tree Protocol (STP). This crucial protocol prevents loops in the network, ensuring only one active path between any devices. However, STP recalculation can affect the entire L2 topology, leading to widespread network outages. To mitigate this risk, it’s essential that all devices within the STP domain support the same STP protocol and, ideally, can create STP trees across individual VLANs. Additionally, accurate configuration of the Root Bridge or the implementation of a Root Guard is highly recommended.

At the network layer (L3), issues from L2 can lead to disruptions. For instance, connecting VLANs between routers within a dynamic routing protocol can introduce problems. To minimize the impact of L2 issues, consider logical or geographical segmentation of your network at the L3 layer.

Maintaining a stable network requires continuous monitoring of all individual elements and performance metrics like Round Trip Time (RTT), Average Response Time (ART), and User Experience Time (UET). Tools like GREYCORTEX Mendel can assist you by tracking these metrics, identifying configuration issues, and reporting anomalies to ensure smooth operations.

Network Segmentation:
Protecting LAN Integrity

Network segmentation plays a crucial role in both the security and performance of your data networks.

From a performance standpoint, it’s advisable to separate individual broadcast domains into network segments using VLANs. This minimizes unnecessary broadcast and ARP queries, leading to a more stable network. Moreover, selecting the optimal STP protocol further reduces the impact on these domains.

From a security perspective, segmenting the network into smaller subnetworks simplifies access control management and eases the inspection of communication between segments. It’s important to monitor whether your current network traffic complies with your security policies.

GREYCORTEX Mendel excels in network security monitoring, providing you with clear insights into your network activities. It also verifies whether current traffic aligns with your security policies and offers a straightforward visualization of the results.

Network Access Control:
Knowing Who’s on Your Network

Effective network access control should be enforced both at the level of network devices and of end users. At the device level, several measures can prevent unauthorized devices from compromising your network:

• BPDU Guard: This security function detects BPDU (Bridge Protocol Data Unit) packets used for communication and information propagation within the STP. If BPDU packets are detected, it blocks the switch port, preventing an unauthorized “smart” switch from connecting.
• Port Security: Properly configuring port security involves defining the number of MAC addresses allowed on a single port, thereby limiting the potential use of a connected “rogue” switch. Alternatively, you can allow only a specific MAC address, preventing the connection of any devices other than those that are configuration-approved.
• 802.1x with EAP (Extensible Authentication Protocol): In dynamic environments where users frequently move and connect from different locations, 802.1x with EAP is recommended. This protocol facilitates user and device authentication, determining network access and dynamically assigning devices to specific VLANs based on organizational departments.
• Advanced Access Control: For a more detailed approach, additional attributes such as the device’s “health status”, software configuration, or specific settings can be included. This often requires an endpoint agent, which may be standalone or part of an endpoint protection client suit. The agent collects data on the device, such as the OS version, endpoint protection status, installed applications, and registry settings, integrating this information into the access control policy.

GREYCORTEX Mendel offers a clear view of network assets and their interconnections, providing insights beyond what is recorded in asset management systems.

Remote access management

Remote access management is increasingly important as users often work beyond the secure boundaries of their organization. While traditional VPN access still remains popular, it has limitations and often falls short in providing adequate security. To address this, it’s important to monitor several aspects of VPN usage: who is accessing the VPN, which devices or systems they are communicating with, the protocols in use, the services accessed, and the volume of data transferred. GREYCORTEX Mendel can help with carrying out this comprehensive monitoring.

For enhanced security, consider Zero Trust Network Access (ZTNA) solutions, which offer enhanced security by granting access only to specific applications or services, thus improving transparency and control over remote access.

Building a Secure Network Foundation

A high-performing network is the cornerstone of organizational cybersecurity. By leveraging NDR tools like GREYCORTEX Mendel and following best practices, you can ensure superior management and protection of your network infrastructure, strengthening your overall security posture.

Remember, a secure network is not just about having a perimeter defense—it’s about creating a resilient, monitored, and well-managed internal infrastructure that can withstand and respond to various cyber threats. By focusing on these key aspects—architecture, segmentation, and access control—you’ll be well on your way to building a network that’s both secure and reliable.

We are happy to introduce the new version of GREYCORTEX Mendel. Version 4.3 enhances operational efficiency, security, and data management. This update strengthens OT capabilities and significantly improves IT security.

New version 4.3 includes these features:

• Real-Time OT Metrics
• Enhanced OT Capabilities
• PCAP Recorder 2.0
• NetFlow Processing Improvements
• Expanded API Support
• Improved User Experience

Explore more about GREYCORTEX Mendel 4.3