Look before you leap is excellent advice for security leaders to heed before they select security solutions to reduce Cyber Exposure in Operational Technology (OT) environments. And, who is better qualified to deliver that advice than Gartner?
Gartner recently published a research note, 7 Questions SRM Leaders Aren’t Asking OT Security Providers During Technology Selection, to help you define important requirements for OT security that you might have overlooked. I’ll outline how Tenable Industrial Security can help you address each question Gartner asks in the research report.
#1. “Is the solution vendor-agnostic?”*
Supporting a variety of Industrial Control System (ICS) assets requires an understanding of a variety of protocols. Tenable Industrial Security monitors a wide variety of protocols commonly used by OT devices, including BACnet, CIP, DNP3, Ethernet/IP, ICCP, IEC 69-0870-5-104, IEC 60850, IEEE C37.118, Modbus/TCP, OPC, openSCADA, PROFINET, Siemens S7 and more.
However, protocol support is just the start – support for your specific OT devices is also required. Industrial Security supports systems from dozens of manufacturers, including Siemens, ABB, Emerson, GE, Honeywell, Rockwell/Allen-Bradley and Schneider Electric. Additionally, Tenable commonly works with customers to add support for specific devices, as needed.
#2. “Does the solution provide asset discovery to enable operational continuity and system integrity?”*
Asset discovery is core to virtually all OT compliance requirements and best practices. Asset discovery is challenging in IT environments. It’s even more difficult in OT environments because actively scanning OT networks can disrupt or degrade operations. Therefore, Gartner recommends, “Ensure the solution passively scans and analyzes industrial network communications, provides information about network assets, provides advanced anomaly detection, and alerts in real time for any threat to operational continuity and system integrity.”*
Industrial Security includes Nessus Network Monitor passive sensors, which safely and continuously monitor OT networks to detect and identify assets active on the network. They detect new assets added to the network, passively determine the operating system and display machine-to-machine connections.
#3. “Does the solution detect and alert on known common vulnerabilities and exposures?”*
Gartner’s research note says, “A platform that incorporates known CVE discovery into the security policy will provide faster detection, as well as provide value from Day 1 of its deployment.”* Industrial Security patented vulnerability analysis technology identifies vulnerabilities in sensitive OT systems that cannot be actively scanned due to the risk of disruption or performance impact. Reports present the vulnerability information is a variety of formats. And alerts for critical vulnerabilities can be sent to SIEMs.
#4. “Can the solution evolve from mirror-mode to in-line security?”*
Gartner states, “SRM leaders in many industries will typically prefer to deploy their OT security systems in passive, detection-only mode (mirror-mode), while disabling active preventive capabilities, as older PLCs will stop working when any unexpected traffic touches them. This is a sensible starting point, which reduces the risk of unplanned impact on the operational technology network. However, in certain industrial control systems, as these leaders gain trust with their solution configuration, they will often want to evolve to in-line deployment, which provides some level of active prevention.”* This evolution allows you to increase the depth of detection and analysis where it makes sense.
In addition to Industrial Security passive detection and analysis, Tenable.io Vulnerability Management offers both active scanning and agents for use with IT-based and other robust assets deployed in OT environments. You can easily evolve your approach as you gain confidence.
#5. “Does your solution provide IT support in addition to OT?”*
Gartner states that, “Most OT attacks in the last 10 years started at the more accessible IT network. Security vendors that provide both IT and OT detection may detect an attack at earlier stages, before it enters the OT network, allowing more time to respond and remediate. Obviously, the solutions under consideration must support unique OT security needs, such as protecting OT protocols, supplier remote access to OT equipment and deep packet inspection (DPI). But in addition to OT detection, IT detection, monitoring, and visibility capabilities must be supported as well.”*
Tenable understands that interconnected OT and IT systems cannot be secured in isolation. Our solutions span Industrial-IoT/ICS/SCADA, the cloud and traditional IT, including network devices.
#6. “Does your solution support secure IT/OT alignment?”*
This question addresses the trend to use IT infrastructure in OT architecture layers and the potential risk of using IT security practices and technology that may not be well-suited to OT.
Tenable understands that active security technologies appropriate for IT environments may disrupt and/or degrade performance in OT environments. We’ve provided both active and passive technologies for more than 10 years, and the passive technology understands OT-related protocols.
#7. “Is the solution designed to live in an OT environment from a hardware or operating environment perspective?”*
Industrial Security can be installed on your choice of hardware, including rugged servers designed to operate in harsh conditions. Industrial Security implementations are configurable to meet your network and physical architecture requirements. For example, you can install Industrial Security at each of multiple sub-stations and roll up the results to a master instance for overall visibility.
Please take 10 minutes to read a complimentary copy of Gartner’s research note, 7 Questions SRM Leaders Aren’t Asking OT Security Providers During Technology Selection. If you’d like to discuss your OT security needs, contact us now.