SaaS-Based Security for Industrial Operations Can Be Done but Requires OT Expertise: Armis Acquires OTORIO to Fill the Gap

Armis, which emerged in 2017 with a focus on Operational Technologies (OT) and Internet of Things (IoT) network security, recently announced the acquisition of OTORIO, another OT and IoT security company. Both companies are known in the industrial cybersecurity space, although they have been tackling the issues from different angles. Armis offers cloud-centric solutions focused on passive network traffic inspection, while OTORIO has been working on active querying for ICSs and CPSs. With the acquisition, Armis will be able to offer a more holistic approach to OT security, expanding its target market to include those industrial organizations that have not yet migrated (or can’t migrate) to the cloud. OTORIO’s ICS/CPS expertise in addressing air-gapped, on-premises, and strict segmentation requirements will enable Armis to expand its current target market.  

While digital transformation and cloud migration continue to be hot topics for industrial organizations, the pace of adoption remains fairly slow. Much of the focus is still on network segmentation and network security for OT environments. The benefits of using cloud-based approaches (scalability, adaptability, automation, and Artificial Intelligence (AI)), such as those offered by SaaS models, are intriguing, but, so far, they don’t outweigh the risks for those industrial organizations with strict data sovereignty and network isolation requirements. While companies like Armis have made great strides in many IoT markets, its appeal is limited in heavy industry and especially in critical infrastructure.

The acquisition of OTORIO allows Armis to tap into this air-gapped security market. Integration of OTORIO technologies (such as the Secure Remote Access (SRA) and full attack mapping) provides an opportunity to also tie that into Centrix, Armis’ cloud-based platform. Centrix can provide exposure of its SaaS-based model to organizations that have not yet made the migration to the cloud and are still very focused on on-premises. Key to targeting this market is the ability to retain the offer of on-premises solutions, while advocating for the option to migrate to cloud when the user is ready, with a minimized learning curve.

Beyond that, augmenting the OTORIO assets with Armis’ other recent acquisitions, such as Silk Security, which focused on risk prioritization and remediation, and CTCI, an AI-based startup with a proprietary threat hunting intelligence database, Armis can start to tap into the incident response market for OT. Proactive remediation and automated incident response are sorely lacking in the industrial cybersecurity space. Today, the majority of response processes are done manually. But there is a growing need to improve remediation as the threat landscape becomes more aggressive and ransomware successfully leaps that air-gapped barrier. This is where automation, AI, and proactive security can significantly enhance remediation processes.

In order to successfully drive adoption of SaaS-based models in highly regulated industrial environments, security vendors need a different approach than focusing on their security expertise. While many security vendors do well in offering reactive and passive security solutions, not many have successfully penetrated the remediation and incident response markets. Automation often only goes as far as alerting, with the response phase handed off to dedicated security analysts. To better break into this market requires vendors to fully understand the prerogatives and limitations of OT environments, which differ vastly from Information Technology (IT) ones. The use of automation and AI/Machine Learning (ML) processes is not viewed as reliable or trustworthy enough to replace the human element by many industrial organizations, and until it can be shown otherwise, the market for automated or AI-powered incident response is unlikely to take off. Vendors looking to challenge this perception must show that they have the requisite knowledge, dedicated Research and Development (R&D), and experience of OT and, in particular, ICS and CPS. Best-in-breed security is not enough in these cases; there must be a high degree of OT expertise in order to convert this highly risk-averse target market.