Preventing damaging intrusions to increasingly comingled IT and operational technology (OT) domains is the goal of security product integrations announced this week by Tenable and Forescout Technologies.
The growth of the IT/OT security segment mirrors convergence overall. Networks increasingly share data as new flows are established between connected IT devices, public and private cloud-based applications, and operational technology systems, according to Sandeep Kumar, senior director of product marketing at Forescout. A malicious intruder gaining entry can move laterally within these interconnected networks.
The results are potentially devastating. “Bad actors are actively targeting critical infrastructure by way of compromising IT assets,” said Eitan Goldstein, Tenable’s senior director of strategic initiatives. “The most eye-opening proof point was the joint DHS and FBI alert last year that warned of Russian state-sponsored cyber actors targeting IT networks, and then attempting to move laterally to compromise industrial control systems (ICS). These threats are exacerbated by new, critical vulnerabilities found in OT systems.”
The task is a bit more complex for a couple of reasons. The assets, such as industrial equipment, often are not traditional endpoints. They may be attached to the network via the IoT or industrial IoT, which is less secure than older technologies. “While the diversity of these devices is daunting, they share some common traits,” Kumar said. “These devices are not associated with users, and most of them can’t be managed by traditional methods using software agents. Hence, network-based, agentless device visibility and control techniques are required to protect these devices and mitigate cyber and operational risk.”
The importance of developing technologies, strategies, policies, and procedures for protecting such inherently diverse and vulnerable environments will grow as the reliance on these networks for mission-critical tasks becomes more common and threat actors grow more sophisticated.
While both companies’ platforms merge IT and OT security, they each take a distinct approach.
“Tenable largely focuses on vulnerability management — looking for flaws in systems that can be exploited by attackers. They have expanded their capabilities for OT security to detect vulnerable assets in those environments,” said Joseph Blankenship, a principal analyst for Forrester. “Forescout focuses more on network access control (NAC) — identifying and enforcing policies on the devices that can attach to a network. ForeScout recently acquired Security Matters, which focuses primarily on network anomaly detection to detect anomalies that may indicate malicious activity and provide visibility into OT environments.”
Tenable, which earlier this month provided a sobering look at the 2018 security landscape, is integrating Tenable.sc with Tenable Industrial Security. The goal is to provide a single platform to measure and manage risk. Teneable.sc formerly was Security Center.
Tenable.sc uses Nessus scanners to gather data from IT assets on both OT and IT networks. That data is combined with passive data collected by Tenable Industrial Security, which focuses on OT environments. The combination of the findings offers a comprehensive picture, including exposures and vulnerabilities across the enterprise, which drives security initiatives.
The platform also integrated with the Tenable Cyber Exposure Technology Ecosystem to improve remediation and response process for both the IT and OT environments. The company also has broadened the number of devices covered in the OT realm. The company says that they cover leading manufacturing companies.
Forescout this week introduced a platform that integrates technology from SecurityMatters, which it acquired last November. The additional capabilities will be available in Forescout 8.1.
In addition to overseeing OT and IT environments, the platform eventually will assess multi-cloud environments. It provides auto-classification for medical and industrial devices and automatic network segmentation controls across firewalls and SDN environments in addition to the cloud. The platform also offers what Forescout says is improved cross-domain risk assessment and incident response.
The sense is that the OT/IT sector will be one of the main battlefields in the ongoing cat and mouse game between intruders and security forces. ABI Research Principal Analyst Pierce Owen told SDxCentral that Telit secureWISE is another notable product in the space. IT/OT security tools and certifications are part of smart manufacturing platforms such as PTC ThingWorx, Siemens MindSphere, and 3DEXPERIENCE.
It’s clear that IT/OT will continue to evolve. “The next step will involve lambda hybrid architectures where historians, edge gateways, and servers process streams of data on-premise while batching results to the cloud or data center for further analysis,” Owen said. “This is about getting operational data from siloed industrial PCs integrated into at least the on-premise IT system to better deploy advanced analytics and machine learning algorithms. But yes, it is gaining enormous interest and growing at a tremendous pace, especially in the automotive industry.”