Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Choosing an OT Security Solution? Here Are the 7 Questions to Ask

Look before you leap is excellent advice for security leaders to heed before they select security solutions to reduce Cyber Exposure in Operational Technology (OT) environments. And, who is better qualified to deliver that advice than Gartner?

Gartner recently published a research note, 7 Questions SRM Leaders Aren’t Asking OT Security Providers During Technology Selection, to help you define important requirements for OT security that you might have overlooked. I’ll outline how Tenable Industrial Security can help you address each question Gartner asks in the research report.

#1. “Is the solution vendor-agnostic?”*

Supporting a variety of Industrial Control System (ICS) assets requires an understanding of a variety of protocols. Tenable Industrial Security monitors a wide variety of protocols commonly used by OT devices, including BACnet, CIP, DNP3, Ethernet/IP, ICCP, IEC 69-0870-5-104, IEC 60850, IEEE C37.118, Modbus/TCP, OPC, openSCADA, PROFINET, Siemens S7 and more.

However, protocol support is just the start – support for your specific OT devices is also required. Industrial Security supports systems from dozens of manufacturers, including Siemens, ABB, Emerson, GE, Honeywell, Rockwell/Allen-Bradley and Schneider Electric. Additionally, Tenable commonly works with customers to add support for specific devices, as needed.

#2. “Does the solution provide asset discovery to enable operational continuity and system integrity?”*

Asset discovery is core to virtually all OT compliance requirements and best practices. Asset discovery is challenging in IT environments. It’s even more difficult in OT environments because actively scanning OT networks can disrupt or degrade operations. Therefore, Gartner recommends, “Ensure the solution passively scans and analyzes industrial network communications, provides information about network assets, provides advanced anomaly detection, and alerts in real time for any threat to operational continuity and system integrity.”*

Industrial Security includes Nessus Network Monitor passive sensors, which safely and continuously monitor OT networks to detect and identify assets active on the network. They detect new assets added to the network, passively determine the operating system and display machine-to-machine connections.

#3. “Does the solution detect and alert on known common vulnerabilities and exposures?”*

Gartner’s research note says, “A platform that incorporates known CVE discovery into the security policy will provide faster detection, as well as provide value from Day 1 of its deployment.”* Industrial Security patented vulnerability analysis technology identifies vulnerabilities in sensitive OT systems that cannot be actively scanned due to the risk of disruption or performance impact. Reports present the vulnerability information is a variety of formats. And alerts for critical vulnerabilities can be sent to SIEMs.

#4. “Can the solution evolve from mirror-mode to in-line security?”*

Gartner states, “SRM leaders in many industries will typically prefer to deploy their OT security systems in passive, detection-only mode (mirror-mode), while disabling active preventive capabilities, as older PLCs will stop working when any unexpected traffic touches them. This is a sensible starting point, which reduces the risk of unplanned impact on the operational technology network. However, in certain industrial control systems, as these leaders gain trust with their solution configuration, they will often want to evolve to in-line deployment, which provides some level of active prevention.”* This evolution allows you to increase the depth of detection and analysis where it makes sense.

In addition to Industrial Security passive detection and analysis, Tenable.io Vulnerability Management offers both active scanning and agents for use with IT-based and other robust assets deployed in OT environments. You can easily evolve your approach as you gain confidence.

#5. “Does your solution provide IT support in addition to OT?”*

Gartner states that, “Most OT attacks in the last 10 years started at the more accessible IT network. Security vendors that provide both IT and OT detection may detect an attack at earlier stages, before it enters the OT network, allowing more time to respond and remediate. Obviously, the solutions under consideration must support unique OT security needs, such as protecting OT protocols, supplier remote access to OT equipment and deep packet inspection (DPI). But in addition to OT detection, IT detection, monitoring, and visibility capabilities must be supported as well.”*

Tenable understands that interconnected OT and IT systems cannot be secured in isolation. Our solutions span Industrial-IoT/ICS/SCADA, the cloud and traditional IT, including network devices.

#6. “Does your solution support secure IT/OT alignment?”*

This question addresses the trend to use IT infrastructure in OT architecture layers and the potential risk of using IT security practices and technology that may not be well-suited to OT.

Tenable understands that active security technologies appropriate for IT environments may disrupt and/or degrade performance in OT environments. We’ve provided both active and passive technologies for more than 10 years, and the passive technology understands OT-related protocols.

#7. “Is the solution designed to live in an OT environment from a hardware or operating environment perspective?”*

Industrial Security can be installed on your choice of hardware, including rugged servers designed to operate in harsh conditions. Industrial Security implementations are configurable to meet your network and physical architecture requirements. For example, you can install Industrial Security at each of multiple sub-stations and roll up the results to a master instance for overall visibility.

Please take 10 minutes to read a complimentary copy of Gartner’s research note, 7 Questions SRM Leaders Aren’t Asking OT Security Providers During Technology Selection. If you’d like to discuss your OT security needs, contact us now.

Read Gartner's Research Note

*Gartner, “7 Questions SRM Leaders Aren't Asking OT Security Providers During Technology Selection,” Saniye Burcu Alaybeyi, 11 January 2018.

相关文章

订阅 Tenable 博客

订阅
免费试用 立即购买

选择 Tenable.io

免费试用 60 天

可全面访问基于云的现代化漏洞管理平台,从而以无可比拟的精确度发现并追踪所有资产。 立即注册并在 60 秒内运行第一次扫描。

立即购买 Tenable.io

可全面访问基于云的现代化漏洞管理平台,从而以无可比拟的精确度发现并追踪所有资产。 立即购买年度订阅。

65 资产

$2,190.00

立即购买

免费试用 立即购买

免费试用 Nessus Professional

免费试用 7 天

Nessus® 是当今市场上功能最全面的漏洞扫描器。Nessus Professional 可帮助自动化漏洞扫描流程、节省合规周期的时间,并让您调动起 IT 团队的积极性。

购买 Nessus Professional

Nessus® 是当今市场上功能最全面的漏洞扫描器。Nessus Professional 可帮助自动化漏洞扫描流程、节省合规周期的时间,并让您调动起 IT 团队的积极性。

购买多年许可证,为您节省更多

免费试用 立即购买

试用 Tenable.io Web Application Scanning

免费试用 60 天

完整享有专为现代化应用程序而设、属于 Tenable.io 平台组成部分的最新 Web 应用程序扫描功能。可安全扫描全部在线资产的漏洞,具有高度准确性,而且无需繁重的手动操作或中断关键的 Web 应用程序。 立即注册并在 60 秒内运行第一次扫描。

购买 Tenable.io Web Application Scanning

可全面访问基于云的现代化漏洞管理平台,从而以无可比拟的精确度发现并追踪所有资产。 立即购买年度订阅。

5 FQDN

$3,578.00

立即购买

免费试用 联系销售人员

试用 Tenable.io Container Security

免费试用 60 天

完整获得已集成至漏洞管理平台之唯一容器安全产品的功能。监控容器映像中的漏洞、恶意软件和策略违规。与持续集成和持续部署 (CI/CD) 系统进行整合,以支持 DevOps 实践、增强安全性并支持企业政策合规。

购买 Tenable.io Container Security

Tenable.io Container Security 经由与构建流程的集成,可供全面了解容器映像的安全性,包括漏洞、恶意软件和策略违规,借以无缝且安全地启用 DevOps 流程。

了解有关 Industrial Security 的详情