CyberX prepared an Industrial Internet of Things app for the original Palo Alto Networks Application Framework, and is now announcing availability of an app for its second generation, which should provide fruitful for Palo Alto Networks resellers.

Today, Boston-based CyberX is announcing the availability of their “IIoT/ICS Asset Visibility & Threat Monitoring App” on Cortex. Cortex is the second generation of Palo Alto Networks’ Application Framework open security platform, which facilitates analysis of massive data sets in a deep data lake.

CyberX, founded in 2013, is focused exclusively on providing security for operational technology [OT] companies in an age where convergence with IT makes them increasingly susceptible to attack, and requires specialized Industrial Internet of Things [IIoT] solutions.

“Our customers are companies with industrial operations, like manufacturers, oil and gas, and nuclear,” said Phil Neray, VP of Industrial Cybersecurity at CyberX. “For years the security of those industrial networks has been neglected. Breaches here aren’t about stealing credit card data. They can shut down your production.”

Two things make these networks juicy targets for attackers. One is that with the convergence of IT and OT, the attack surfaces have been increased, requiring protection against both. The other is that many legacy OT devices were designed years ago without security in mind.

“These have things like default admin passwords, and unencrypted protocols which make them highly vulnerable,” Neray said. “We help these companies understand what OT assets they have, and use our behavioral analytics and machine learning to detect threats to these assets. We have deep specialized expertise here, along with patents around behavioral analytics for OT. It’s very different from IT, because it’s machines talking to machines. That expertise is part of our secret sauce.”

CyberX auto-discover and tags all IIoT and ICS devices –  both managed and unmanaged –  to automatically define granular segmentation policies, based on OT-specific device types, protocols, and behavior patterns.

IT channel partners are an important part of CyberX’s go-to-market.

“In the past, responsibility for OT security was handled by folks in the plant,” Neray stated. “The primary mission of those people is to produce more of whatever they produce at higher quality and more efficiency – not security. So responsibility for this security has shifted to the CISO organization. The CISO is looking for OT solutions that integrate with solutions that they already have in IT. IT resellers know these companies, so they play a key role here.”

Strategic partnerships with key IT vendors like Palo Alto Networks are an important part of CyberX’s strategy.

“We have always supported the protocols of the OT companies like Rockwell, Siemens and Schneider Electric, but having partnerships with them is less important, for the same reason that you don’t have to partner with HPE to secure HPE servers,” Neray said. “IT partnerships are more important because of the integration that’s required.”

Palo Alto Networks was already an important strategic partner for CyberX.

“We were the first vendor in OT security for their Application Framework,” Neray indicated. “We announced it just before their Ignite event last year, and we were onstage with them at the event.”

While Palo Alto Networks have some native support for industrial protocols, CyberX’s focused expertise lets them go much deeper here.

“Supporting the industrial protocols is just the first step,” Neray said. “We identify devices on the OT network to provide asset discovery, and provide monitoring and vulnerability risk management, specifically for these machine-to-machine environments.”

For Palo Alto Networks’ channel partners, this kind of solution offers many advantages.

“For the Palo Alto Networks channel, the OT security market is a huge green field opportunity, because so few security products have been deployed,” Neray said. “In the same way that resellers leverage Palo Alto Networks to implement zero-trust security  on the IT side, they can use us to provide zero-trust on the OT network side. It also gives them an opportunity to sell more firewalls, and provide segmentation. Cortex is important in facilitating this because it provides a way to share across applications, and will make incident response and threat hunting much more rapid.”

The CyberX IIoT/ICS Asset Visibility and Threat Monitoring App is available as a cloud-based service integrated with Cortex, through the Cortex hub. It can also be purchased as an on-prem solution which is integrated with other Palo Alto Networks solutions like Panorama, the company’s centralized management system.