What is operational technology (OT)?

1. OT Overview

---

What is operational technology (OT)?

Operational technology (OT) keeps critical infrastructure and industrial environments functioning. OT is made up of software and hardware used to manage, secure and control industrial control systems (ICS) systems, devices and processes in your OT environment. OT devices are commonly found in manufacturing, transportation, oil and gas, electricity and utilities and other similar industries.

What’s an OT device?

OT devices are devices used in industrial environments as well as within critical infrastructure. For example, you may see OT devices in a manufacturing setting, such as the pharmaceutical industry or for vehicle manufacturing, or in industrial settings, like oil production.

Here are a few examples of OT devices:

• Programmable logic controllers (PLCs)
• Remote terminal units (RTUs)
• Industrial control systems (ICS)
• Distributed control systems (DCS)
• Human machine interfaces (HMIs)
• Supervisory control and data acquisition system (SCADA)
• Internet of things (IoT) devices
• Industrial internet of things (IIoT) devices, also known as Industry 4.0

OT devices are generally controlled by either distributed control systems (DCS) or programmable logic controllers (PLCs). During the more than seven decades of existence, most OT devices were protected by air-gapping — physical isolation of the device from external networks. By not connecting these devices to outside networks, the goal was to keep them safe from external risks.

That worked well for decades, but today, more industrial environments are experiencing a convergence of both IT and OT. That means there are new risks and air-gapping is no longer effective. Modern industrial and critical infrastructure environments need operational technology security that can protect both IT and OT simultaneously.

What is operational technology security?

Operational technology security consists of the processes to protect all of the hardware, software and devices within your OT infrastructure. OT security encompasses all of the steps you take to manage and monitor these devices from attacks (both internal and external) as well as other cyber risks.

During early emergence of OT devices in the 1960s through recent times, OT devices were generally closed systems — meaning they were off network and didn’t communicate with other on-network devices. This is called air-gapping because the devices were physically separated from the unsecured networks. That was the primary mode of OT security for many decades.

But today, more OT devices are coming online and even in operations where they’re not, it’s getting increasingly challenging to maintain truly sterile OT environments. Even in facilities where convergence is not a strategic imperative, there’s a chance OT devices may (accidentally) connect with devices that are (or have been) online. Whether it’s intentional or accidental, IT and OT are increasingly more converged within industrial environments. That means air-gaps are no longer sufficient for true OT security.

Modern OT environments need more comprehensive operational security. For industrial control systems, for example, if you’re just using network monitoring to discover vulnerabilities or other security issues, you’re probably only seeing about 50% of your converged IT-OT attack surface. And, the more infrequently you’re checking those devices for issues, the longer you have for a threat actor to be present in your environment for weeks — maybe even months — before you know they’re there.

Your OT security should include continuous, passive and active monitoring, IT/OT threat detection, detailed asset inventory, configuration control and risk-based vulnerability management. Used in combination, these measures help keep a pulse on your OT environment cyber risks without disrupting day-to-day operations.

How can I actively monitor my OT devices without disruptions or downtime?

With the right tools, you can continuously monitor your OT devices without disruptions.

OT device-based security is an important part of comprehensive OT security, but unfortunately some organizations are hesitant to actively monitor or patch these devices. Why? Because traditional methods have often meant disruptions and downtime. Or, worse yet, what happens if you install a patch and one of the primary pieces of equipment you use goes down and can’t function? It could be a death-knell for business.

That’s where Tenable OT Security's active device querying comes in.

Tenable’s active querying is patented and communicates with your OT devices, such as PLCs, HMIs and DCSs, in their native language. That means you can get detailed information about your device — down to a granular level — with disrupting operations.

Tenable OT Security conducts read-only queries of your devices using native communication protocols and can’t make changes to your devices. This allows you to gather deep details about each of your assets safely and without disruption. Tenable’s active querying will not impact your controllers.

Once you’ve discovered all devices within your network, including dormant assets, you can classify each asset and then take a deep dive into device information.

Tenable’s active querying gives you insight into:

• Metadata
• Configuration information
• Hotfix insight
• Firmware versions
• User information
• Back plane information
• Vulnerabilities
• Others security issues

If Tenable OT Security detects an issue, you can set it to send an alert to the relevant responder on your team.

By understanding the full context of everything on your network, including device level information, you get a more comprehensive look into your OT infrastructure so you know where you have risks so you can make plans to remediate the most critical issues first.

Active querying also eliminates blind spots caused by passive network monitoring alone. How? With device querying, you can get non-disruptive, detailed device information even if a device is dormant or infrequently connects to your network. That means you know when any change that happens, even those changes that occur directly on a device, so you can respond swiftly and effectively.

How are information technology (IT) and OT different?

There are differences between IT and OT. First, let’s look at information technology (IT) and what it is.

Information technology is used to process, manage, store and protect information in what is generally a stable environment. The focus in IT is on security. IT has a short lifecycle and standard operating systems that require frequent updates.

Now, let’s explore operational technology a little more in comparison. OT is used to monitor, manage and control physical devices and related processes. Unlike IT, OT devices can be in adverse situations where the core focus is on uptime. Also different from IT, OT generally has a long lifecycle. Updates, which can cause disruptions, are infrequent, and many OT devices have proprietary operating systems, not the standard, more common ones often seen in IT.

A simple way to consider some of the key differences between the two is: IT is about data and OT is about processes.

Historically, IT and OT devices have been separated from one another in most environments. However, today, IT and OT are converging faster than ever before. This interconnectivity creates new attack surfaces. Security measures traditionally used for each independently often don’t work well for this converged environment. Instead, you need new security measures and combinations to protect both as they exist together.

What is IT-OT convergence?

IT-OT convergence happens when IT and OT devices connect or interact with one another within the same environment. This can happen intentionally, for example, when your OT device is connected to an outside network, or accidentally when someone connects a laptop (that has been connected to an outside network) to your OT device for updates.

For decades, to protect OT devices, most organizations kept them physically separated from outside networks, which is known as an air-gap. But, the increasing number of benefits for connected OT devices is moving many organizations away from that practice. For example, a converged IT/OT environment can help you get the most out of your production processes and promote sustainability, but unfortunately those benefits also bring increased cyber risks.

This convergence also creates new challenges for security professionals. Threats to OT devices are different from those for IT, and finding and remediating them is harder. While threats that begin in your IT environment can move laterally over to your OT environment, security is further complicated because many traditional IT professionals are not familiar with the complexities of OT devices. Add to that expanding attack surfaces and more potential attack points for bad actors. The result? Increasing opportunities for your OT environment to come under attack.

A converged IT-OT environment requires enhanced visibility for complete security including passive network detection and active device querying, detailed inventory of all of your assets and real-time data about all your assets and threats. Without this, you’ll have blind spots that continually put your organization at risk.

2. OT Environments

---

What is OT infrastructure?

Operational technology infrastructure includes all of the processes and equipment you use to manage, control and monitor your operational technology.

OT infrastructure is at the heart of most industrial and critical infrastructure industries, including oil and gas, electric, aviation, manufacturing and transportation. OT infrastructure includes the OT devices mentioned earlier and the processes and policies you use to control and protect those devices.

There are a number of devices that can make up your OT infrastructure. Here are a few examples:

• Programmable logic controllers (PLCs)
• Remote terminal units (RTUs)
• Human machine interfaces (HMIs)
• Distributed control systems (DCSs)
• Internet of things (IoT) devices
• Industrial internet of things (IIoT or Industry 4.0) devices
• Pumps
• Switches
• Fans
• Industrial robots
• Pumps
• Valves
• Sensors

What risks and challenges exist for OT security?

There are a number of risks and challenges for OT security. Some of these risks come from internal sources, while others are external. Here’s a look at the top four pressing issues facing OT security professional today:

1. Intentional IT-OT convergence:

More industrial and critical infrastructure organizations are accepting risks associated with converging both IT and OT in their environments. That’s because convergence creates a number of operational benefits, efficiencies and cost savings; however, an expanding attack surface increases attack vectors and creates more opportunities for lateral movement of attacks between assets.

2. Unintentional IT-OT convergence:

Even if your organization doesn’t openly adopt IT-OT convergence, unintentional convergence can still happen. For example, let’s say someone connects a laptop that has been on an external network to your off-network OT device. If that laptop is compromised with malware your OT device can get infected, too.

3. Industry 4.0:

The industrial internet of things (IIoT) is also referred to as Industry 4.0, which is the fourth evolution within the manufacturing industry. This evolution has introduced new internet of things (IoT) devices into OT environments, creating new and increasing risks for OT security.

4. Insider risks:

Statistics clearly show there’s an increasing number of cyber-attacks focused on today’s OT infrastructure, but that doesn’t mean the only threats to your OT security come from the outside. Insider threats remain significant risks. Since many OT devices lack authentication controls, an insider with access and malicious intent can be just as destructive for your operations as an outside attack. There’s also always a chance for human error or other mistakes that compromise your OT devices.

What roles do vulnerability assessment and vulnerability management play in OT security?

Vulnerability assessment and vulnerability management play important roles in OT security for modern attack surfaces.

Most industrial networks don’t have automated asset or vulnerability discovery or management. Instead, teams use manual processes — like notes on paper and spreadsheets. The challenge? Not only is it incredibly time consuming, it’s also inefficient and prone to human errors. And, if not updated routinely, it becomes impossible to have comprehensive insight into your OT infrastructure, especially if your infrastructure scales and changes over time.

If you don’t know which assets exist in your industrial environment, and you don’t know current state of all those devices, it’s difficult to protect them. It’s even more complicated to discover any of the growing list of vulnerabilities that affect your converged IT-OT environment, making it almost impossible to prioritize which of those vulnerabilities you should remediate first.

That’s where automated vulnerability assessment and vulnerability management come in. And, no other technology has the combined IT-OT detection, prioritization using VPR scoring across IT and OT, and threat detection experience as Tenable OT Security.

With Tenable OT Security you can automatically find all the assets within your OT environment. The technology even maps out their communication flow, so you can see potential lateral movements through IT and OT devices in your network.

Tenable OT Security continuously monitors your network providing you up-to-date information about every device as well as the devices on your network. It also generates risk levels for all the assets in your network.

Here are some of the highlights of the reports:

• Communications amongst devices
• Risk scoring
• Detailed insight into all of your assets
• Trending over time
• Alarms of policy violations and anomalous events
• Recommendations for mitigation

Tenable OT Security provides deep situational awareness that provides intelligence and insight into:

• Product model
• Firmware versions
• Patch levels
• Relevant CVEs
• Open ports
• Installed hotfixes
• Backplane data
• Insight from Tenable Research

You can even use the solution to help ensure your industrial infrastructure is compliant to a range of industry security standards including the National Institute of Standards and Technology (NIST), the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), Federal Drug Administration (FDA) for medical devices and many others.

3. OT Components: IoT and Industry 4.0

---

What is IoT?

IoT stands for internet of things. IoT consists of a variety of interconnected devices that can collect and send data to other devices over your network. These data transfers generally happen without any human interaction. It’s essentially machine-to-machine communication over a network.

These days, you can find IoT devices just about anywhere — in your home, your car, your office and stores. Basically, any electronic device with sensors and network connections could be considered an IoT device. Think smart watches and other wearable devices, the thermostat or electric plugs in your home, lights, locks and more.

What is IIoT?

IIoT stands for the industrial internet of things and refers to the use of IoT devices within industrial environments.

Used in industrial settings, IoT devices help provide telemetry data and leverage the cloud rather than require manual intervention, thereby increasing efficiencies and reducing the chance of errors. However, the more IoT devices in industrial and critical infrastructure environments, the broader your attack surface becomes, introducing new and more ways for hackers to infiltrate your network.

There are an increasing number of IIoT devices used in industries such as manufacturing. For example, IIoT devices can be used for production and to manage inventory or other logistical processes. IIoT devices are also used in other industries, such as monitoring pumping stations.

Here are a few examples of other ways IIoT is used in industrial settings:

• Safety monitoring
• Quality control
• Logistics monitoring
• Supply chain management
• Inventory management
• Routine maintenance
• Operational insight
• Performance benchmarking
• Process management

What is Industry 4.0?

Industry 4.0 refers to the Fourth Industrial Revolution, which we are a part of now. Industry 4.0 encompasses the digitization and increasing automation in industrial settings today.

The First Industrial Revolution, which happened in the late-1700s through the mid-1800s, reflected the introduction of new, more efficient manufacturing processes. Think of it as the movement from hand-based manual processes to machine-driven manufacturing.

The Second Industrial Revolution, which was from the mid-1800s through the early 1900s, represented further evolution of these manufacturing processes. Think introduction of rail lines, electric lines, telephone systems, water and sewer systems and electric-powered production lines in manufacturing, like automobiles.

The Third Industrial Revolution began in the 1950s, and is marked primarily by the introduction of computers into manufacturing. Industry 3.0 is considered the digital revolution, which set the stage for the emergence of IoT and IIOT devices in today’s Industry 4.0.

In addition to IoT and IIoT devices, cloud computing, machine learning and artificial intelligence are fueling industry changes for Industry 4.0.

What’s an air-gap?

For decades, an air-gap has been the primary means of protecting OT devices within critical infrastructure and industrial environments. Also known as an air-wall, air gapping is the process of physically isolating your OT devices — and in many cases your entire OT environment — from external networks and the outside world. This worked well for OT security for many years. Since air-gapped devices weren’t connected to external networks, no data could come in from the outside world to the device and no device data could go outward across a network.

As more IoT and IIoT devices become critical components of these environments, air-gapping alone is no longer an efficient means for OT security.

4. Understanding Industrial Security

---

What is industrial security management?

Industrial security management encapsulates all of the processes, hardware and tools you use to manage and keep your industrial control systems secure. This includes your plans to minimize risks for your converged IT-OT infrastructure and employ detection and remediation measures that don’t disrupt your OT assets or related functions.

Every OT environment has unique components and industrial security management processes can be customized to meet your specific needs. Your goals, however, should include the ability to manage your industrial security without decreasing performance, emphasizing the importance of uptime while decreasing downtime and disruptions, while securing your network and devices.

What is an industrial control system (ICS)?

Industrial controls systems (ICS) are the heart of operational technology. An ICS can be made up of:

• Controls
• Networks
• Systems
• Devices

Basically, your ICS includes all the components (hardware and software) to manage your industrial processes.

Unfortunately, cyberattackers are increasing their focus on industrial controllers, and in many cases it’s no longer just about holding these devices ransom for big payouts, but instead ne’er-do-wells want to disable some of these critical components altogether. Doing so can shut down entire manufacturing realms and put critical services, like electricity, at risk. In some cases, it can even result in loss of life.

What is ICS security and how does it work?

ICS security includes all of the tools, processes and procedures you use to keep your industrial control system secure.

For many decades, ICS was protected simply by air-gapping, meaning ICS devices were physically isolated and not connected to external networks. But today, more IT and OT devices are converging in ICS environments and that’s creating new and increasing risks and challenges for ICS security.

Passive network monitoring is one way many organizations attempt to discover vulnerabilities and issues across their ICS environments. The problem with passive monitoring only is that it focuses only on traffic that is traversing the network. It misses potential risks created by assets that are “dormant” and do not communicate over the network. Dormant devices can easily be up to 30% of the devices in an OT environment.

Without a current and accurate inventory of all of your ICS devices, you can’t effectively manage risks or secure your environment. So what do you do?

Effective ICS security requires more than just passive network monitoring. You also need insight into all of your devices and what’s happening within those devices.

• Have configurations changed?
• What’s the latest firmware version?
• Does the device need patching, and if yes, is a patch available?
• What potential impact would patching have on the device?
• Will it require downtime?
• Could it render your model inoperable?

With ICS security from Tenable OT Security, you can get the deep situational awareness you need to find risks within your network. How? Tenable OT Security has patented active querying for OT devices. Unlike other querying tools, Tenable OT Security actively queries devices in their native language. This provides you with detailed device information — all the way down to a granular level, such as configuration settings and back plane information.

In simple terms, Tenable OT Security eliminates blind spots so you can see data that’s not on your network, for example, device information and locally-made changes, even on dormant devices. The best part? You can get comprehensive, reliable asset detail with complete situational awareness to ensure the visibility, security and control of your industrial control systems.

Tenable OT Security also has snapshot information so you always have a record of your PLC’s last known good state. That means, should you have an attack or other issue, you can always revert back to the last known good state for that PLC.

What are the top threats for ICS?

Industrial controllers are at the core of all industrial control systems, and they’re facing an increasing number of cyber-attacks. Those attacks are also growing in complexity, spanning both IT and OT assets.

When industrial controllers are targeted and fail or are disrupted, it can cause widespread damage. And, because they are the “brains” of interconnected critical infrastructure, these attacks can even put lives at risk.

Historically, ICSs haven’t had basic security controls or related protections. While they’re under increasing attacks from external bad actors seeking to exploit vulnerabilities, they’re also at risk from insider threats and human errors, such as control misconfiguration.

What’s an industrial control plane?

An industrial control plane is a component of the PLC used within ICS networks. There are two protocol types:

• Control plane protocol: Used to manage engineering functions such as programming, configuration and updates for firmware.
• Data plane protocol: Used to manage physical parameters of ongoing processes such as process parameters like set points and tags.

If a control plane is disrupted or affected by a cyberattack, it can cause a myriad of problems, including failure of critical services, like power, or development of defective products.

Industrial control planes are generally vendor-specific and they’re proprietary. It’s why they can be so hard to monitor and protect. This is also where privileged activities take place, and since most ICSs don’t have controls like encryption for these actions, it’s difficult to secure who makes changes like control logic or firmware.

Essentially, without appropriately safeguarding controls, anyone with network access could make privileged changes without authentication. This is another reason why OT-focused security is so important. Without it, it’s difficult to discover, manage or prevent unauthorized changes.

To remain secure, you should employ real-time monitoring of all of your control plane protocols. This way you’re always aware of questionable behaviors and/or traffic on the backplane, as well as possible threats and vulnerabilities in your OT environment.

5. OT Components: SCADA

---

What is a supervisory control and data acquisition (SCADA) system?

A supervisory control and data acquisition system (SCADA) is a control system used to communicate and collect data from industrial machines, including sensors and other end devices.

SCADA represents the protocols used to manage and monitor equipment in a variety of industrial and critical infrastructures including manufacturing, transportation and energy production and distribution. It's a system to help monitor and collect data from a variety of machines and equipment. When a SCADA collects data from a device, it sends it to a computer for processing. That data is then available for analysis so you can make informed business and operational decisions.

SCADA systems are often found in critical infrastructure such as power, telecommunications, water and other critical services.

What is SCADA security?

Like other OT devices and networks, SCADA systems are targets for hackers looking to disrupt or disable operation of these critical services. SCADA faces a variety of risks, from denial of service attacks to issues with programming code to vulnerabilities of being connected on an exposed or unsecured network.

One of the challenges for SCADA systems, as we mentioned earlier with some of the older OT devices in use, is they are not always routinely updated with the latest OS or other patches. For example, some older SCADA systems could still use a Windows operating system that’s no longer supported, but the SCADA still operates effectively and hasn’t been upgraded. Often that’s a result of the need for SCADA to operate continuously, all day, every day, making downtime for updates unlikely.

Effective SCADA security employs both smart scanning and passive network monitoring. Continuous network monitoring, through a platform like Tenable, can give you insight into your SCADA including active services, security threats, vulnerabilities and network traffic, without disrupting your system.

What are some examples of SCADA attacks?

SCADA systems can be subject to a variety of attacks. Here are a few examples:

Control center attacks: The attacker gets access to your SCADA with the intent of changing information in the control center. This can happen through an internal threat or an external threat, like an exploited vulnerability.

Command center exploits: If an attacker gains access to your SCADA, it’s possible to take over the entire SCADA network, including the command center. Once gaining command center access, the attacker can access documentation and see procedures to gain an understanding of how the SCADA works.

Process disruptions: An attacker can exploit vulnerabilities and then power off or shut down connected equipment, including the ability to override commands to restart machines.

Equipment damage: In addition to disrupting or shutting down operations, a successful attack could lead to permanent equipment damage. This can happen when an attacker affects safety controls and other physical processes, for example, speeding up or slowing down a process to the point it damages equipment or disabling temperature controls to cause equipment failure.

6. OT Solutions

---

Why is OT security important?

OT security is important because it helps you identify all of your IT and OT assets, understand how they communicate with one another and how data flows between them, discover risks within your infrastructure, and make plans to prioritize and mitigate those issues before a breach occurs or an insider threat becomes a critical issue.

According to a report conducted by the Ponemon Institute, sponsored by Tenable, these key issues undermine an organization’s ability to protect its OT infrastructure:

• Lack of visibility into the entire attack surface
• Too much reliance on manual processes
• Not enough security staff

Only 20% of survey respondents said they agree/strongly agree their organization has sufficient visibility into their attack surface. This creates significant security issues because your security controls and related processes are directly tied to insight into all of your assets — including software and hardware.

And, if you don’t have a current, accurate asset inventory, it’s impossible to know which vulnerabilities exist within your environment. If you can’t see those vulnerabilities and threats, you have no idea which ones pose an actual risk to your organization. Without that, you can’t make effective plans to prioritize and remediate those risks.

Threat detection is also critical for OT security. You also need policy, anomaly and signature-based detections. Don’t forget the value of actively monitoring your OT devices and network. With Tenable OT Security you can actively monitor your OT devices and query them in their native communication protocols without fear of downtime or disruption.

Also, patching your OT devices introduces another level of complexity. Traditionally, organizations rarely (if at all) patched their ICS devices. It’s a mix of availability issues, potential downtime and related functionality concerns that patches create for industrial devices.

Without OT security to inventory your assets and discover related vulnerabilities, it’s difficult to know which devices need patches, which patches are available and if the risk level is high enough to move forward with that patching, based on your OT devices and organization’s critical functions and services.

OT security can help you implement other security controls such as more restrictive policies, rules, anomaly detection and signature based detection more comprehensive access controls.

OT security gives you complete visibility, security and control over your OT network, and that includes all of your OT and IT devices. Without this insight, an attack or compromise on your IT side can easily traverse into your IT environment, and vice versa.

A lack of visibility also makes it increasingly challenging to meet compliance and regulatory standards such as NIST, NERC CIP and CIS.

Remember, traditional OT security methods of air-gapping devices from external networks just don’t work anymore. If you’re using device-by-device physical isolation as your primary OT security method, you’ll likely have gaps ripe for attackers to pick.

Because of the increasing number of risks that now exist within OT environments, coupled with the growing number of cyber attacks, to keep your infrastructure safe — and all of your devices operational as needed — employ OT security with a risk-based focus to keep your enterprise safe.

Choosing an operational technology (OT) solution

The reality is, in critical infrastructure and industrial environments, IT-OT convergence will continue to increase. Even those who have been hesitant to adopt it, over time, will find it creeping into their infrastructure, with the benefits soon outweighing the fear and risk.

There has never been a better time to start developing your operational technology security program. But where do you begin?

The tools, equipment and processes you use will be the foundation of your OT security program, but it’s much more than that. As your attack surface expands, organizations can no longer manage OT security with a clipboard or spreadsheet. Instead, you need a OT cyber security solution that gives you comprehensive insight into all of your assets, vulnerabilities, security issues and network information — all in a single pane of glass.

Here are a few important questions to ask vendors when evaluating an OT security security solution:

• Will the solution meet your organization’s specific needs and requirements?
• Will the solution scale with your organization as you grow and change over time?
• Will the solution support all of your OT assets? In other words, is it vendor-agnostic?
• Can the solution discover all assets on your network (even dormant ones) without causing any operational interruptions or downtime?
• Does the solution cover both your network and all your devices?
• Will the solution issue alerts when critical vulnerabilities are discovered?
• Does the solution include known CVE discovery and critical vulnerability research into your secure policies?
• Does the solution support asset and vulnerability assessment and management for both IT and OT in your converged infrastructure?
• Does the solution integrate with your existing IT security products such as your next-generation firewalls (NGFWs), your security information event management system (SIEM) or your security operations center (SOC)?
• Can you configure the solution to meet your organization’s specific architecture and network requirements?

Do you need help choosing the right OT security solution for your organization? Connect with a Tenable advisor today or request a demo of Tenable OT Security to see it in action.

7. OT processes

---

Implementing an operational technology (OT) security program

With the convergence of IT-OT and ever-expanding attack surfaces within industrial and critical infrastructure environments, now is the time to adopt a comprehensive exposure management platform for your IT-OT environment.

An exposure management platform is a critical part of your overall ICS security strategy. It can help you protect both your IT and OT devices from threats.

When evaluating your ICS security solution, here are a few key areas to consider:

• Automated asset discovery and management
  • Discovers level 2 control devices: operator stations, engineering workstations, and servers (Windows/Linux-based)
  • Discovers level 1 control devices: PLCs, RTUs, DCS controllers
  • Discovers level 0 devices (I/Os)
  • Discovers non-communicating assets
  • Provides detailed information for asset types, specific models, OS and firmware versions, and more (for level 1 and level 2)

• Continuous network activity monitoring, anomaly and threat detection
  • Detects threats and anomalies by monitoring device communications and protocols (both external and internal)
  • Out-of-the box security policies for threat and anomaly detection
  • User-friendly granular policy customization engine for threat and anomaly detection
  • OT data-plane protocols coverage
  • OT control-plane engineering protocols coverage

• Controller integrity validation
  • Identifies changes to controllers made over your network, including configuration changes, code changes and firmware downloads
  • Identifies changes made to controllers by physically connecting to the devices (via serial cable or USB device)

• Vulnerability assessment and risk management
  • Risk score by device
  • Vulnerability assessment for all control devices

• Incident detection and response
  • Real-time alerts on suspicious activities and threats detected in ICS networks
  • Full audit trail of ICS activities
  • Historical controller information to support backup and recovery

• Architecture and enterprise readiness
  • Both hardware and software-only implementations available
  • Quick deployment, no training required
  • Centralized solution management, data aggregation, alerts and reporting
  • Out-of-the-box integration: active directory, SIEM, Syslog, REST API, data exports

OT security best practices

Because of the increasing convergence of IT and OT in industrial and critical infrastructure environments, the old way of protecting your OT infrastructure by physically isolating devices from external networks is no longer effective for OT security. Neither is passive network monitoring alone, which leaves you with an incomplete asset inventory and blind spots throughout your converged environment.

So what can you do? Here are a few recommendations for OT security best practices:

• Leverage a solution that can provide visibility of both IT and OT assets
• Use automated tools that continuously tracks all assets, including dormant devices and devices that rarely connect to your network
• Utilize threat detection and mitigation practices that involve both your policy-based rules and behavioral anomalies
• Go deep on your asset tracking, down to a granular level, such as configurations and backplane protocols
• Adopt a risk-based approach to your vulnerability management practices, including tracking, patching, scoring, and risk levels for all of your IT and OT devices
• Implement configuration control with tracking so you always have insight into any changes to firmware, OS, code, etc.
• Track changes done both through the network and locally at the device level
• Employ a cyber security solution that integrates with your existing and already deployed security, and enables you to have enterprise-wide visibility into all of your assets, vulnerabilities and other security issues — all in a single pane of glass