Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
December 2, 2022 - Tech Evangelist
When it comes to the Industrial Internet of Things (IIoT), the legacy Purdue model no longer provides adequate levels of security projection – as newer IIoT devices are added to the model.
IIoT gateways, connections to external cloud analytics platforms, and 5G network connectivity extend more unique capabilities while possibly more exposure to cyber criminals and hackers. A more recent approach to IIoT architecture, called the Gartner model, has grown in popularity and makes up for much of what the Purdue model lacks.
In this blog post, we’ll explore the different risks to IIoT architecture, how the Gartner model can be applied, and how organizations can automate vulnerability patching within the Gartner framework to minimize risk.
Most operational technology (OT) and industrial control systems (ICS) architectures are flat networks with exposed areas from a security standpoint. The attack space covers the entire range of potential attacks against an IIoT platform. These include both internal and external attacks.
Internal attacks may come from insiders who have access to the technology, such as employees, contractors, partners, and customers. External attacks may come from rogue connected devices and outside sources, including hackers, criminals, terrorists, and nation-states. Besides these two categories, there are also physical attacks involving equipment or facilities damage.
The Gartner model incorporates several integrated security controls built into each layer:
Edge: The edge extends to the location of the IIoT devices, sensors, cars, windmills, valves, etc. The IoT gateway will execute connectivity between the edge layer and the platform.
Platform: The platform layer accepts connections from the edge layer through a series of edge device authentication security functions. The platform includes patch management, edge device management, orchestration, automation, and data analytics within the platform layer. Data, device, and host security is critical in this layer.
Enterprise: The platform layer communicates through the API gateway into the enterprise segment. Within the enterprise layer, you’ll find classic and next-generation IT applications, data warehousing, data lakes, and business automation.
An organization perceives the risk management team and the operational technology team differently. Balanced considerations are essential to ensuring the reliability of IIoT systems. The controls and flow of information may cross multiple intermediaries. Trust must also permeate the entire system production process lifecycle, including actors and functional entities.
From a technical perspective, the Gartner IIoT model focuses on analyzing and evaluating technical aspects of an IIoT system, including its benefits, risks, and costs. It then maps these technical considerations to the underlying system capabilities.
The Gartner IIoT framework is a comprehensive model for better security for IIoT deployments, introducing the criticality of continuous monitoring, patching, and remediating the various systems to maintain the highest state of readiness, safety, and availability.
Patching live systems without taking them out of production is essential to maintaining the continuous uptime of these components with the Gartner framework. While the framework promotes resilience, each element’s reliability is critical to maintaining the expected security posture.
TuxCare, a global leader in live patching critical components and overall security patching for end-of-life distributions and languages, aligns with several of the domains within the Gartner IIoT security model:
Operations domain – TuxCare live patches Linux OS kernels, libraries, and other critical components across all three layers without needing to reboot or schedule downtime.
Application domain – TuxCare live patching extends into this domain by automatically patching vulnerabilities in several Linux distros and providing ongoing security updates for end-of-life versions of Python and PHP applications.
Business domain – TuxCare live patching extends into many Linux hosts, along with application support for open support databases (MySQL, Maria, PostgreSQL, etc.) and Python and PHP-based applications deployed within this domain.
Control domain – KernelCare for IoT is a solution for updating critical hosts and IoT devices within the edge, platform, enterprise layers, and control domain. TuxCare live patching extends into IIoT-specific devices supporting Raspberry Pi, Yocto, Ubuntu Core, AlmaLinux, and ARM64.
Particularly in IIoT environments, waiting to apply security patches until you’re ready to restart systems and devices leaves your organization vulnerable and risks your compliance posture. TuxCare’s live patching solutions protect your Linux systems by rapidly eliminating vulnerabilities without waiting for maintenance windows or downtime. With TuxCare, IT teams can automate taking new patches through staging, testing, and production on all popular Linux distributions.
TuxCare features flawless interoperability with vulnerability scanners, security sensors, automation and reporting tools, and our ePortal management platform. This dedicated private patch server runs inside your firewall on-premises or in the cloud. TuxCare is the only provider that can live patch virtually all vulnerabilities in kernels, shared libraries, virtualization platforms, and open-source databases across all popular distributions.
Contact a TuxCare Expert
Learn About Live Patching with TuxCare
Regulations and standards guide companies toward a consistent cybersecurity response....
Anyone that’s committed to a five-nines mandate will dread the...
Hackers frequently target payment card industry (PCI) data. To help...
Cybersecurity insurance policies are considered by many to be a...
It’s the making of a horror film: a cyberattack that...
As expected, 2022 was a tough year for cybersecurity, with...