Cisco is looking to better protect myriad edge-attached IoT devices with new security software that promises to protect industrial assets in one of the most disparate of network environments.\nThe company rolled out what it called an overarching security architecture for Industrial IoT (IIoT) environments that includes existing products but also new software called Cisco Cyber Vision, for the automated discovery of industrial assets attached to Cisco\u2019s extensive IIoT networking portfolio.\u00a0\n\nLast year, Cisco rolled out a new family of switches, including the Cisco Catalyst IE3x00 ruggedized edge switches, software, developer tools and blueprints to meld IoT and industrial networking with intent-based networking and classic IT security, monitoring and application-development support.\nThe new security rollout also included Cisco Edge Intelligence software to simplify the extraction of IoT data at the network edge. Together with the new software, IT and operational technology (OT) groups will be able to work together to provide advanced anomaly detection in IIoT environments, said Joe Malenfant, director of global IoT for Cisco.\n\u201cThe architecture understands what normal industrial traffic looks like, and if something is out of the ordinary, like a local industrial [programmable logic controller] suddenly starts communicating with a computer in another country, the IT and OT security folks can be notified immediately,\u201d Malenfant said.\nThe security architecture looks to address a number of challenges in the IIoT arena, wrote Vikas Butaney, vice president of product management with Cisco\u2019s Internet of Things (IoT) Business Group in a blog about the announcement which came at the Cisco Live Europe event in Barcelona.\u00a0\nIIoT projects in operational settings typically lack up-to-date asset inventories with a baseline of normal communication patterns to detect security and configuration anomalies, he stated. Flat, unmanaged, industrial-plant networks allow unfettered propagation of cybersecurity threats, threatening system downtime, and increasing risks to people and industrial processes. And while data is king, it becomes trapped in heterogeneous environments incorporating industry-specific protocols that are foreign to IT and security tool sets, Butaney stated.\nWith that in mind, Cisco Cyber Vision software embedded in Cisco\u2019s IoT networking gear works by passively discovering networked assets and decoding industry-specific process flows using passive Deep Packet Inspection (DPI) technology.\u00a0Then, using a combination of OT-specific rules and intelligence from Cisco's Talos threat-research team, it provides real-time anomaly detection and monitoring, Butaney stated.\nInformation gathered by Cisco Cyber Vision can also be used to develop segmentation policies in existing Cisco Identity Services Engine (ISE) for access control and segmentation and DNA Center for centralized management. The idea is to let IT and OT stop the unfettered propagation of threats across operational environments \u2013 a process that is a highly manual and does not keep up with changing requirements today, Butaney stated.\nCisco Cyber Vision can also pass data to third-party security information and event management platforms, such as IBM QRadar and Splunk, Cisco stated.\nCyber Vision is based on technology Cisco acquired from Sentryo last year. Sentryo technology offers anomaly detection and real-time threat detection for IIoT networks. Sentryo products include an asset-inventory, network-monitoring and threat-intelligence platform, including network edge sensors that analyze network flows.\nThe other new software, Cisco Edge Intelligence, runs on Cisco\u2019s IoT packages and gathers data from connected devices to create logical flows from the edge into private, public or third-party clouds, Malenfant said.\nFor example, if a robotic arm in a remote system needs replacement, it can send telemetry or information about the problem. Edge Intelligence extracts that data and gives the OT team information it can use to fix the problem, Malenfant said.