GrayMatter's emPOWERUP Podcast Hosts BlastWave’s CEO Ahead of RSA ‘23 to Discuss OT Cybersecurity

GrayMatter's emPOWERUP Podcast recently hosted BlastWave CEO Tom Sego to discuss how the new partnership between GrayMatter and BlastWave enables industrial companies to prevent cyberattacks before they happen by making their critical infrastructure networks undiscoverable.

“This partnership came out of the belief that long-term relationships make life meaningful, both personally and in business,” said Tom Sego, BlastWave CEO and Co-Founder. “That clicked in our first meeting. We both believe in a nearly maniacal focus on the customer, and really thinking about the customer’s needs and requirements.”

Listen to the podcast to learn more, including how our CEO’s past life as a professional poker player informs his passion for protecting unpatchable legacy infrastructure. OT cybersecurity tech and strategies discussed during the podcast episode include:

- Phishing-resistant multi-factor authentication (MFA)

- Microsegmentation

- Software-defined perimeter (SDP)

- Cybersecurity assessments

BlastWave is proud to partner with GrayMatter, a company that’s helped industrial companies protect their critical infrastructure for 30 years. Stay tuned for further developments, and contact us if you’d like to meet with BlastWave at RSA ‘23 at the address below between 8:30 am-6:00 pm PST on April 25th, 2023.

Spaces at the Paramount Building
95 3rd St, San Francisco, CA 94103

BlastShield: mitigating OT cybersecurity risks

The podcast focuses on the trend of cyberattacks on unpatchable legacy infrastructure, notably manufacturing. There are many underlying factors, including the differing lifespans between IT environments and OT equipment, the inevitability of IT and OT convergence, and insecure connectivity entering OT systems due to IIoT adoption. Amid these moving parts, the statistics don’t lie. In 2022, OT vulnerabilities rose by 50 percent, compared to a 0.4 percent rise in IT vulnerabilities (IBM X-Force Threat Intelligence Index 2022). Sego describes recent research that shows manufacturing is in the crosshairs of threat actors, stating, "In 2022, manufacturing surpassed financial services to be the most attacked industry. The average ransom payment in manufacturing now exceeds $2 million, while the industry average is around $900,000."

A foundational focus on protecting unpatchable legacy infrastructure

BlastWave’s founding was based on the need to protect unpatchable legacy infrastructure, with a focus on securing the networking layer gluing critical systems and devices together. Sego stated, “This early focus on protecting critical infrastructure was based on the tsunami of cyberattacks we were seeing that targeted manufacturing, energy, and water systems. That mission hasn’t changed; the ‘why’ hasn’t changed. But the ‘how’ has.”

BlastShield™ is an OT cybersecurity solution that collapses the OT security stack to reduce security costs by up to 90 percent, replacing industrial VPNs, data diodes, jump hosts, and cloud access security brokerage (CASB) services. Unlike other OT cybersecurity approaches like anomaly detection, layered network security, and device security that are complex to manage and vulnerable to network-based attacks, BlastShield creates a simple software-defined perimeter (SDP) solution that is vendor, protocol, and network agnostic. BlastShield breaks the dependency on vendors and puts industrial operators in control of security so they can protect their unpatchable legacy infrastructure.

How BlastShield stops the ICS cyber kill chain

BlastShield helps industrial companies improve operational resilience, mitigate digital transformation risks, and facilitate compliance with standards, including SOX cybersecurity requirements for IT, OT, and IoT systems, NERC-CIP 005-6, and federal standards such as NIST 800-53. The advantage of SDP is that the control plane and data plane are split, with the SDP controller setting rules for accepting SDP hosts, ensuring that identity and policy are verified and authenticated before connection is permitted.  

BlastShield SDP even protects unpatchable legacy systems that cannot host an agent, including ICS and SCADA systems. But BlastShield takes SDP a step further and stops the ICS cyber kill chain by preventing initial access, unauthorized discovery, and lateral attacks through secure direct remote access (via phishing-resistant MFA), simplified network segmentation, and network cloaking. “We minimize unauthenticated attack surfaces,” said Sego. “We don’t have a single, public-facing TCP port, meaning that it’s extremely difficult for adversaries to breach our customers’ systems through bug exploits and zero-day viruses.”

Contact us today if you’re an industrial company that would like to learn more about how BlastShield prevents attacks before they happen while reducing security costs by collapsing the OT cybersecurity stack.