How Inductive Automation’s endpoint security strategy makes manufacturing more secure

The world’s leading healthcare, utility, pharmaceutical manufacturing and energy (including nuclear power) companies rely on Inductive Automation’s Ignition platform to power, protect and preserve the health and wellbeing of the millions of people they serve. Getting cybersecurity and endpoint security right are table stakes to their core businesses. 

These companies need to take bold steps to harden endpoints before the new generation of AI-driven threats escalates. This trend has become clear as software providers to manufacturers, utilities and critical infrastructure have been revising their endpoint strategies to overcome resource bottlenecks amid unprecedented attacks on the manufacturing industry.

Customers in over 90 countries integrate their operations technology (OT) and IT systems with real-time sensor data using Inductive Automation’s Ignition platform to accurately measure the heartbeat of their businesses. Keeping the Ignition platform source code, DevOps and SDLC processes safe is a high priority. 

Jason Waits, CISO at Inductive Automation, told VentureBeat, “As the company continues to scale, naturally, our attack surface scales as well. This growth and increasing customer base in critical sectors worldwide demand increased investment in cybersecurity. The shift to remote work also necessitates a heavy focus on identity and endpoint security.

“We recognize our software’s critical place in the supply chain,” he added, “and my mission is to build a world-class cybersecurity program.” 

Inductive Automation customers tell VentureBeat that the Ignition platform is a crucial component of their IoT and IIoT infrastructure. They say it helps them rapidly deploy new applications into products. Infrastructure providers, including utilities, oil and gas producers, and process manufacturers use supervisory control and data acquisition (SCADA) software to gain the visibility and control they need to keep operations on track, often integrating their existing industrial control systems (ICS) with the Ignition platform.

Gartner provides peer insights into the Ignition platform and the company’s SCADA solution.

Defending global infrastructure when manufacturing is under siege

Manufacturing is the most attacked industry because attackers know that if they can disrupt these companies’ supply chains, operations and customer shipments, they can demand ransom payments well above industry averages. IBM Security’s 2023 X-Force Threat Intelligence Index found that manufacturing accounted for 61% of all breach attempts aimed primarily at OT systems and 23% of all ransomware attacks. The industry was the victim in 58% of the incidents X-Force helped remediate.

Backdoor attacks aimed at manufacturers’ ICS and SCADA systems are commonplace because those are among the manufacturer’s most unprotected OT assets. Last year the Cybersecurity and Infrastructure Security Agency (CISA) warned that advanced persistent threat (APT) criminal gangs are targeting many of the most popular ICS and SCADA devices.

Inductive Automation anticipated the growing severity of cybersecurity risks in manufacturing and has hardened its platform with each release. Security is part of the company’s development DNA, and replacing 500 endpoints was necessary to keep its DevOps, engineering and SDLC processes secure. 

Security’s importance to the company is evident in its customer support. Its Ignition Security Hardening Guide and Security Best Practices for Your Ignition System articles and its guidance on how to define security levels in the application all reflect how ingrained cybersecurity is in the platform’s design. The company provides a secure portal accessible to all customers with the current status of access control, application security, endpoint security, network security, access control and several other factors. 

How Inductive Automation turned endpoints from a challenge into a strength 

“We consider ourselves a crucial part of the supply chain for customers in the world’s most critical sectors,” said Waits. “So, we must invest, and invest early, to ensure that we are never the cause of a security issue.”

Inductive Automation’s security infrastructure is cutting-edge. Still, a legacy package that protected the company’s endpoints — a combination of products acquired by the parent company — slowed down its IT systems. And keeping the legacy endpoint protection platform current took an inordinate amount of time with patches and updates.

Endpoints were becoming a processing power bottleneck

The legacy endpoint protection software drained the company’s processing power when it was needed most to keep on schedule with new releases, critical to the company’s growth. In a recent interview with VentureBeat, Waits said, “Our previous solution was heavy on resource usage and prone to false positives. The agent also became unstable over time. This led to much wasted time writing exclusions, reinstalling agents or otherwise trying to keep the service up and functioning without incurring the wrath of our users.”

Developing SCADA applications and their supporting platform requires a lot of processing power. Members of the DevOps teams complained that the systems on which they developed code were slow-running and that something needed to be done. The endpoint protection software also started to produce an exceptionally high number of false positives, resulting in wasted time and effort for the security team.

To support the company’s continued growth and ever-changing business model, any security solution had to be flexible, adaptable and scalable.

The stronger the endpoint, the more strategic it becomes

Inductive Automation’s results in replacing its legacy endpoint protection system, which was draining valuable processing power and jeopardizing release dates, reflect a core principle about endpoint security. This principle is that the stronger the endpoint, the more strategic value it delivers.

Starting with the key criteria of having an endpoint solution with minimal CPU demand and a negligible impact on system performance, Waits and his team evaluated a series of endpoint protection system providers, all leaders in the market.

“After a proof-of-concept, CrowdStrike proved lightweight yet effective at stopping the tests we threw at it,” Waits said. “To the best of our abilities, we stress-tested the agent and couldn’t create a scenario in which resource utilization on the machines was hindered. Numerous other security tools we use had integrations with CrowdStrike, which allowed us to take advantage of some synergy across our stack.”

Waits and his team decided to perform a real-world scenario and have one of the more outspoken developers participate in a beta test. Waits observed with amusement that the engineer quickly forgot the endpoint solution under test was even running. (The solution turned out to be CrowdStrike’s Falcon Insight XDR.)

Consolidating endpoints to reduce costs and increase visibility

Waits told VentureBeat the company had to find an endpoint solution that would alleviate the processing power bottleneck while providing higher-fidelity detection and accuracy. In short, the team wanted to consolidate functions and reduce costs and processing power drain while reducing the false positives the previous endpoint system produced.

“One of our key goals was to consolidate vulnerability scanning and endpoint firewall management into a single endpoint agent, removing two separate security tools. Reducing the number of agents we need to install and maintain significantly reduces IT administration overhead while enhancing security,” he told VentureBeat. “We also took advantage of other modules like USB Control, Identity Protection, and Attack Surface Management to further consolidate our security infrastructure while improving detection accuracy.

“There’s a very measurable operational cost to individually picking and managing every discrete piece of an endpoint solution,” he added, “but when you consolidate onto a single platform, you reduce overhead.”

Bottom line: An endpoint security solution needs detection accuracy, performance and consolidation to reduce costs

“We don’t waste our time chasing red herrings (or false positives), and we’re achieving greater consolidation by having a single agent handle multiple tasks,” Waits said. Inductive Automation finds that aggressively consolidating previously separate functionality into a single endpoint is also helping to better protect all customer-facing functions, including product activation, ticketing and licensing.

He explained how Inductive Automation has all customer-facing services beyond web applications and network firewalls. “We have a very aggressive identity security strategy, heavily using hardware-backed MFA and strict role-based access control (RBAC). Administrative access is short-lived and authorized by MFA on dedicated privileged access workstations.” And finally: “We undergo annual penetration testing from third parties to validate the controls we’ve implemented.”