Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Debunking the Most Dangerous Myth in Industrial Security

Active monitoring is not only safe and reliable – it's the only way to capture a full view of every connected asset across your industrial network.

Organizations involved in industrial or critical infrastructure are faced with a security challenge like never before. Whether it is the traditional hack, the insider threat or an accidental security lapse, what was once an isolated and fully secured operational technology (OT) infrastructure is more at risk than ever before. This inflection point has heralded a new industrial cybersecurity initiative which includes many new security vendors (as well as much noise and confusion).

Why passive detection is no longer enough

For the past several years, new entrants with limited experience have downplayed the benefits of “active” detection. The truth is that active detection is important because it provides detection of threats that do not run over the network, such as a technician that physically connects to the network. Furthermore, active querying digs deeper including the ability to track configurations down to an extremely granular level; it can find code changes and even check dormant devices that do not regularly communicate on the network. Active threat hunting provides a crucial view into the OT environment that passive detection simply cannot perform.

Some of the newbies to the industrial control system (ICS) security market have even said that active querying is harmful because it can “destabilize” the OT environment. This is the type of misinformation that confuses the market and ultimately does a disservice to organizations looking to properly secure their OT environments. It is in fact possible and preferred to query each asset without affecting the network, by querying devices through their native protocol. Industrial controllers expect these types of queries and are more than suited to responding to them without any of the supposed “dangers.” So, device querying (or “active detection”) is not only preferred from a security perspective – done properly, it is also completely safe.

What should you look for when it comes to active technology? 

In order to separate the myths from reality, here a few things to consider when launching your own active monitoring efforts.

Query depth variance and configuration
It is essential that administrators have the power to create the depth of the query as well as its configuration such that you can decide which queries are run at which time. Furthermore, you should have the option to perform on-demand queries to validate the details that are important. This yields the most security, power and control when implementing active detection in your OT environment. For example, an administrator should be able to automatically map the controller’s physical module connections to show full paths of configurations and architectures, as well as query over serial networks to get to the deepest devices.

Holistic approach
Administrators can extend the use of active querying beyond basic asset discovery and details. A holistic approach should enrich alerts and check configurations after changes are detected. This gives the user the most comprehensive and deep understanding of what is happening on the industrial network.

Validation
Active querying also provides the administrator with an additional security check. In the case of a variance or change there is a second virtual “set of eyes” that can verify that these changes are expected and/or not harmful. These validations should include:

  • Performing code validation and comparison after observing a code download in the network.
  • Periodically probing assets to validate that the physical configuration has not changed and no modules on the programmable logic controller (PLC) backplane were physically removed or damaged. 

After years of leading the way and gaining experience in the active querying field, Tenable has the knowledge and battlefield experience in providing the most robust, safe and deep active component on the market. The peace of mind that Tenable provides to top manufacturing and critical infrastructure companies activates the right security to keep top organizations safe from unacceptable security threats. And that is no myth.

To learn more about the industrial security benefits of proactive monitoring, check out the Tenable.ot guide to active querying.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.