Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable OT Security: 2023 Year in Review

A look back on the year in OT security from Tenable

As we reflect on the many accomplishments Tenable OT Security achieved in 2023, one thing is clear: we couldn’t have done it without the support and collaboration of our customers and partners.

As we bid farewell to 2023, these end-of-year days are a perfect opportunity to look back and summarize this incredible year. I can easily say 2023 was a good year for Tenable OT Security. We worked hard, we’ve accomplished a lot and we were fortunate enough to enjoy the fruits of our efforts. It was a year in which our operational technology (OT) security offering gained significant traction with customers, prospects and partners and earned market recognition from analysts. We also brought a number of important product updates to market with the aim of helping organizations reduce their cyber risk and protect their operational uptime.

We couldn’t have done it without our amazing customers, partners and channels, and for that, we are extremely grateful.

At Tenable, we believe the conventional approaches to securing OT environments are not serving to reduce risk in essential sectors, such as manufacturing, transportation, food and pharmaceutical supply chains, and power and water utilities. Beyond the much-discussed concepts of IT/OT convergence lurks a deeper need for organizations to have the ability to comprehend the full scope of their vulnerabilities and risks across the attack surface. Whether an attack originates within the IT or the OT infrastructure is almost beside the point; what matters is that any cyberattack has the potential to disrupt business operations. We believe all cyber risk needs to be viewed, ultimately, as operational risk. And OT security needs to be viewed, first and foremost, as the way to protect an organization’s operational uptime.

One mistake we see organizations make is managing OT security in a siloed process focused on finding and fixing vulnerabilities in specific OT devices. That’s where OT security might start, but in order to devise an actionable cybersecurity strategy that effectively reduces cyber risk and protects operational uptime, organizations need full visibility into all elements of the attack surface. They need access to the full range of data points about their environments, including their IT, OT and internet of things (IoT) assets. They need visibility into everything that is running in the environment, how it is deployed, how each asset communicates with others, what apps are being run on each asset and how user privileges are configured — all mapped to the full infrastructure.

Let’s use a factory as an example. In order to truly protect a factory’s assembly line controllers, an organization needs to be able to properly patch its IT assets and the human-machine interface (HMI) technology used to manage the infrastructure. Further, an organization needs the ability to tighten the user permissions granted on any applications running on any machine.

In our view, protecting your OT environment requires a holistic view of all parts of the infrastructure. To truly reduce risk and protect operational uptime in OT environments, organizations need visibility into the vulnerabilities and misconfigurations that exist across the full spectrum of their IT and OT assets.

In an example which highlights the risks to operational uptime posed by third-party software, a ransomware attack against DNV’s ShipManager software reportedly disrupted operations for 70 of the company’s clients, and is said to have affected as many as 1,000 vessels. In my view, these incidents need to be classified as OT cybercrimes because of the disruption they caused to operations.

Our perspective on operational technology — as the means by which organizations achieve operational uptime — informed the updates we made to Tenable OT Security in 2023.

Tenable OT Security: 2023 product updates

Tenable OT Security gives companies the ability to see and secure any digital asset on any computing platform.

In March 2023, we announced new capabilities within Tenable OT Security, providing broader protection for critical infrastructure and industrial control systems, regardless of the size or configuration of the environment. The new functionality enables CISOs to secure and maintain governance of the entire attack surface, using the same tools and processes across the infrastructure, be it OT, IT, internet of things (IoT), cloud or other platforms.

Also this year, Tenable OT Security embedded the latest version of Nessus into its user interface, thus enabling users to perform high-speed asset discovery, target profiling, configuration auditing, malware detection and sensitive data discovery, with restrictions to scan just the IT assets on the OT network.

Other significant updates to our product this year included:

  • A new management interface for granular control of active queries for IT and OT devices
  • An improved the built-in intrusion detection system (IDS) engine with automated signature updates
  • Expanded coverage for OT vendors and protocols
  • Increased vulnerability coverage for IT and OT devices
  • Enhanced vulnerability descriptions and plugin outputs
  • Streamlined the software upgrade process

Tenable OT Security’s innovations would not be possible without input from our many valued strategic partners, and below we’re pleased to highlight several key initiatives of 2023.

Celebrating Tenable OT Security’s strategic collaborations

In April, Tenable became a founding member of the vendor-agnostic initiative ETHOS community, alongside 10 other vendors. As my colleague Marty Edwards, Tenable Deputy CTO - OT and IoT, stated at the time: “A big challenge for the OT industry is differentiating which threats pose an actual risk to an organization and where they are exposed to such risk … By working together, the OT security community is stronger and more cyber resilient.”

In September, we shared an update on the longstanding collaboration between Tenable OT Security and IBM QRadar which saw our technology on display at the IBM Watson Center in Munich. With the integration of Tenable OT Security and Tenable Security Center in IBM QRadar, our combined approach transcends mere threat reaction; it proactively establishes a fortified defense against OT and IT threats. This ensures that vulnerabilities in the OT environment are illuminated and secured, giving us a vantage point from which to survey the digital terrain and ensure that dynamic assets are visible and protected.

In October, we announced an expanded partnership with Siemens Energy to further secure OT environments in the energy sector. Siemens Energy announced it would integrate Tenable OT Security into its Omnivise T3000 control system as a network intrusion detection system (NIDS). The integration of Tenable OT Security is expected to come in the next Omnivise T3000 service pack update for Release 9.2.

These are just some of the many developments that made 2023 a remarkable year for Tenable OT Security. And we were pleased to see industry analysts taking note. Our OT capabilities were among the many Tenable product offerings highlighted in several analyst reports.

While we’re wrapping up these last few days of the year, I’d like to take this opportunity to thank you, our customers, for trusting us with your OT security needs, and thank you, our partners, for the collaborations that are helping to keep industrial environments secure.

We look forward to working together in the year to come. 

Happy New Year.

Learn more

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.