Manufacturers are the most popular corporate targets for Ransomware attacks and identity and data theft. With customer orders and deliveries at stake, they can only afford to suspend their product lines for a short time. Thus, attackers know that if they can disrupt manufacturing operations, they can force a large ransom payment.
pella Company approach zero trust provides a pragmatic and useful roadmap for manufacturers looking to modernize their cyber security. Pella is a leading manufacturer of doors and windows for residential and commercial customers, and has been in business since 1925.
VentureBeat recently had the opportunity to interview John Baldwin, Senior Director, Cybersecurity and GRC at Pella Corporation. He described Pella’s progress toward a zero-trust mindset, starting with improving the security of 5,200 endpoints and 800 servers enterprise-wide, and refining its governance framework. Pella uses CrowdStrike Falcon Complete managed detection and response (MDR) And Falcon Identity Threat Protection for endpoint security to reduce the risk of identity-based attacks. The systems protect 10,000 employees, 18 manufacturing sites and numerous showrooms.
Baldwin told VentureBeat that the company’s approach to zero trust is “an overlapping mindset and set of controls. CrowdStrike won’t be the only players in my zero-trust rollout, but they will of course be a key part of it. Endpoint visibility and protection, you need to start there. And then build the governance framework down to the next layer, making it part of the identity, making sure all of your agile DevOps become agile DevSecOps.
Manufacturing lives and dies by availability
Manufacturers are prime targets for attackers because their businesses are the most time-sensitive and their IT infrastructures are the least secure. Baldwin told VentureBeat that “like most just-in-time manufacturers, we are quite sensitive to disruptions. So that was an area of particular interest for us. We want to make sure that as orders come in, products come out as quickly as possible so we can meet customer demands. It was a challenge. We’ve seen a lot of other organizations in our industry and across the Midwest…just trying to spend the day being targeted because as manufacturers or just-in-time service providers they’re very sensitive to things like a ransomware attack. ”
IBM X-Force Threat Intelligence Index 2023 found that manufacturing continues to be the most attacked industry, and by a slightly larger margin than in 2021. The report found that in 2022, backdoors were deployed in 28% of incidents, beating ransomware, which appeared in 23% of incidents fixed. by X-Force. Data extortion was the top impact on manufacturing organizations in 32% of cases. Data theft was the second most common at 19% of incidents, followed by data breaches at 16%.
Baldwin de Pella told VentureBeat that the threat landscape for manufacturing has shifted from opportunistic ransomware attacks to attacks by organized criminals. “It’s not a question of if they come, but when and what we can do about it,” he said. “Otherwise, we could experience a systems outage lasting several days, which would disrupt production and be very expensive, not to mention delays impacting our customers and business partners.
Manufacturer systems are down mean five days After a cyberattack. Half of these companies said they respond to outages within three days; only 15% said they responded in a day or less.
“Manufacturing lives and dies by availability,” Tom Sego, CEO of BlastWave, VentureBeat said in a recent interview. “Computing revolves around a technology renewal cycle of three to five years. OT is more like 30 years old. Most HMIs (Human Machine Interface) and other systems run versions of Windows or SCADA systems that are no longer supported, cannot be patched, and are perfect bridgeheads for hackers to cripple an operation Manufacturing.
Pella’s pragmatic vision of zero trust
Lessons learned from planning and implementing a zero-trust framework anchored in strong governance form the foundation for Pella’s continued accomplishments. The company shows how zero trust can provide the necessary safeguards to synchronize IT, cybersecurity and governance, risk and compliance (GRC). Most importantly, Pella protects every identity and every threat surface using automated zero-trust workflows that free up valuable time for their many teams. “The way I envision zero trust is that it works and nobody has to spend a lot of time validating it because it’s automatic,” Baldwin told VentureBeat.
“The main appeal of a zero-trust approach, from my perspective, is that if I can standardize, then I can automate. If I can automate, then I can make things more efficient, potentially less expensive, and most importantly , much, much easier to audit.
“Before,” he continued, “we had a lot of manual processes, and the results were okay, but we spent a lot of time validating. It’s not really valuable in the grand scheme of things. [Now] I can get my team and other technical resources to focus on projects, not just making sure everything is running smoothly. I guess most people are like me in that sense. It’s much more rewarding.
Double Identity and Access Management (IAM) First
Baldwin told VentureBeat that “identity permeates zero-trust infrastructure and operations because I need to know who is doing what. ‘Is this behavior normal?’ So visibility with identity is key.
The next thing to do, he said, is to get privileged account access credentials and secure accounts. “Privileged account management is one of them, but identity is probably even higher in the hierarchy, so to speak. Locking down identity and having that visibility, especially with the Pre-emption product [now Identity Protection Service], it was one of our greatest victories. If you don’t fully understand who is in your environment, then [problems become] much more difficult to diagnose.
“Merge these two together [securing accounts and gaining visibility] game changer,” he concluded.
All-in, early, on least privilege access
“Pella has a long history of, we’ll call it, the least privilege approach. This allowed us to isolate areas that had accrued additional privileges and were causing more problems. We started recalling those privileges, and you know what? The problems also disappeared. So that was very helpful,” Baldwin said. “Another thing that I was very pleased with is that it gives us a better idea of where devices are dropping off our domain.”
Establishing endpoint visibility and control early on in any zero-trust roadmap is a key challenge in building a solid foundation that can support advanced techniques, including network and identity microsegmentation. Pella realized how important it was to get it right and decided to delegate it to a 24/7 managed security operations center operated by CrowkdStrke and its Falcon Complete Service.
“We are extremely satisfied with it. Then I was an early adopter of the identity protection service. It was still called Preempt when we bought it from CrowdStrike. It’s been fantastic to have this visibility and understanding of what is normal identity-based behavior. If a user regularly logs in to those same three devices, that’s fine, but if the user suddenly starts trying to log in to an Active Directory domain controller, I’d like to know about it and maybe shut it down.
Know What Zero Trust Success Looks Like
Pella’s approach to zero trust centers around actionable information it can use to anticipate and stop any type of attack before it begins. Among the many manufacturers VentureBeat talked about zero trust, nearly all say they need help coping with their growing number of devices and identities as their manufacturing operations evolve to support more relocation and proximity. They also told VentureBeat that perimeter-based cybersecurity systems have proven too rigid to keep pace.
Pella overcomes these challenges by taking an identity-centric approach to zero trust. The company reduced obsolete and overprivileged accounts by 75%, significantly reducing the company’s attack surface. It also reduced its incident resolution from days to 30 minutes and reduced the need to hire six full-time employees to run a 24/7 Security Operations Center (SOC), now that CrowdStrike handle it for them.
Pella’s tip: Think zero trust like TSA PreCheck for identity-based access
Baldwin says his favorite approach to explaining zero trust is to use an allegory. Her favorite is, “So when people ask me, what do you mean by zero confidence? I say, “You’ve experienced zero trust every time you walk into a commercial airport.” You must have identity information provided in advance. They need to figure out why you’re there, what flight you’re on… Don’t bring those things to the airport, three-ounce bottles, whatever, all TSA rules. Then you go through a standard security check. So you… behave as expected. And if you misbehave, they will intervene.
He continued: “So when people say, ‘Oh, that’s what zero trust is,’ I think, yeah, I’m trying to build that experience at the airport, maybe with a better atmosphere and a better user experience. But in the end, if you can follow all these rules, you should have no problem moving from development, to testing, to QA, to deployment in production, and to use by folks. If you’re, say, a security practitioner, good at your stuff, maybe you can sign up for this TSA PreCheck, and you can get a fast pass.
Pella’s zero-trust vision is to deliver PreCheck to every system user globally, not slowing down production, but delivering identity-based security at the scale and speed needed to keep manufacturing and… fulfillment of customer orders.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.