Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cracking the Code on OT Security

We see a lot of confusion and misinformation in the market when it comes to understanding active technologies for OT. Here’s what you need to know.

“Active” is a big buzzword in industrial cybersecurity these days. But what is it? How does it work? Is it safe? Do you even need it?

“Active,” in terms of device queries, means you query a device in its native communication protocol, which is an important distinction when considering an industrial cybersecurity solution. In fact, there are two key questions to ask about any cybersecurity solution you're considering for your operational technology (OT) environment:

  • Is the solution’s approach best-suited for your industrial control environment?
  • Is it passive, active or hybrid?

To unpack the nuances of the terminology, let’s look at this analogy:

Imagine you’re in a restaurant in a foreign country where you do not speak the native language. 

Even though you can’t speak the language, you still glean some information from other patrons. You can make an educated guess about a person’s age, for example, and maybe you may even look at facial expressions to determine an individual’s mood or disposition.

That’s similar to the behavior we expect from firewalls and network monitoring solutions that are not specific to industrial control systems (ICS) when they're placed in industrial networks. These types of solutions will spot MAC addresses, associate network protocols with ports, etc. However, harvesting information this way doesn’t give you enough detail for comprehensive asset tracking or vulnerability management.

Now, getting back to our foreign country restaurant analogy: let’s assume you understand the language and you can listen to conversations. You hear people talking about what they eat and their favorite foods in general or perhaps they’re comparing their experience to other restaurants they’ve recently visited. 

That’s like parsing network traffic. You understand everything being said but you are not interested in most of these conversations. What you really want to know is where each person lives, what school they attended, when they were born, etc. You want specific details about specific people. 

These details are elusive even under the best circumstances and it takes time to get the information you want just by listening. Typically, the exact information you want won’t come up naturally or spontaneously.

When dealing with ICS, industrial control vendors use different communication protocols or “languages.” Typically, vendors even have different protocols based on the specific device model, but let's say you’ve figured that out. You understand every bit and byte of industrial communication protocols. Turns out, that only gets you halfway to where you want to be. 

To secure all the information you want, you need to “actively” ask. And that's the secret sauce. 

Returning to our restaurant analogy: if you want to find out specific information about someone, you ask them questions. You might pointedly ask someone their age (uptime), where they attended school (firmware versions), where they live (hardware configuration), etc. 

And while you probably wouldn’t go up to random patrons in a restaurant and start asking them personal questions, you can query industrial control systems because they don’t typically use encryption or authentication.

What do we mean when we talk about active technologies for OT?

We see a lot of confusion and misinformation in the market about active technologies for OT. Active, in this context, is about querying devices using their native communication protocols. It’s not port scanning, knocking, banner grabbing, exploiting or leveraging vulnerabilities of any sort, It’s not querying devices in a way that can make them unstable.

Tenable is unique because our technology listens on the network and speaks, at the device level, the native communication protocols ICS vendors’ engineering stations use. 

Why do we do it? How do we leverage the collected data? How do we know which dialect of a certain protocol should be used? And how do we address the devils in the tech details of this groundbreaking technology? For answers to these and other OT-related cybersecurity questions, watch our webinar, Tenable and Indegy: the First Unified, Risk-Based Platform for IT and OT Security.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.