The Claroty Blog

Debunking OT Security

| Dave Weinstein

Effective operational technology (OT) security is a necessity for industrial enterprises, critical infrastructure operators, and the countless other types of organizations that have OT networks. Achieving effective OT security, however, is often hindered by myths about what it entails, how it compares to its information technology (IT) counterpart, and why it’s so important. 

Having long been dedicated to helping our customers secure their OT networks, our team here at Claroty wanted to share—and debunk—some of the most common myths we hear.

 

Myth: OT networks exist in isolation and aren’t vulnerable to external threats

 

Fact: Fully air-gapped OT networks, though once the universal standard, have quickly become relics of the past. There are two main reasons for this. First, OT assets are typically maintained by the vendors that manufactured them. In most cases these third-party vendors rely on remote connections via the internet to do so, exposing assets and the OT networks on which they are present to the open internet. This is largely why remote access is a common OT attack vector.

Second, enterprises continue to embrace digital transformation for reasons ranging from greater efficiency and scalability to reduced costs. But despite its benefits, digital transformation can also increase exposure to external threats and the risks they pose because it increases connectivity between IT and OT networks. If the proper security controls are not in place, this connectivity gives threats that originate in one network a direct pathway into the other.

 

Myth: Traditional IT security tools are perfectly suitable for OT networks

 

Fact: Most traditional IT security tools are completely incompatible with OT networks. A key reason for this is that unlike the standardized protocols utilized by IT networks, those utilized by OT networks are proprietary and thus largely unrecognizable by IT security tools.

However, there is one important caveat to note. At Claroty we realize the last thing most security teams need is to add yet another tool to their already massive tech stack. This is why we designed the Claroty Platform to integrate fully and seamlessly with our customers’ IT security infrastructure—including SIEM, SOAR, firewall, network access control, and CMDB solutions, among many others. As a result, our customers can easily use their existing tools to achieve and maintain effective OT security.

 

Myth: OT protocol coverage is black and white

 

Fact: There are many different OT security vendors, including Claroty, that offer solutions marketed as compatible with a wide range of OT protocols. But while breadth of coverage is crucial—especially for widely dispersed OT networks with many different types of assets and protocols—depth is also crucial, particularly for OT asset discovery and change management. Just because a vendor claims to cover a certain protocol, this doesn’t guarantee they’re able to provide sufficient details about the assets utilizing that protocol. 

For example, let’s say you’re looking to inventory all of your OT assets to determine which ones exactly match with a series of newly-identified common vulnerabilities and exposures (CVEs). Insufficiently deep protocol coverage can mean that rather than being able to identify the specific firmware version, serial number, configuration, and other details required in order to accurately match an asset with a CVE, you’re only able to identify each asset’s vendor and model. This information alone won’t tell you which specific assets you actually have, which CVEs are actually present in your assets, and thus which CVEs in which assets you need to remediate in order to reduce risk.

 

Myth: OT networks don’t need an OT-specific solution for remote access

 

Fact: It is common for enterprises to utilize the same remote access solution across their IT and OT networks, but this can be risky and present various structural and operational challenges. In terms of risks, IT remote-access solutions are often agent-based and/or utilize jump servers to connect to OT networks. Agents require OT downtime, while jump servers expand the attack surface by perforating the firewall and increasing unsecured connectivity between IT and OT.

In terms of structural and operational challenges, these arise largely because IT solutions simply aren’t designed to support the unique requirements of OT remote-access. Specifically, OT personnel typically (and understandably) prioritize OT availability, reliability, and safety above all else. As such, they need a remote access solution that is suitable for their often-widely distributed OT networks, simple to use, and secures and controls OT remote access without downtime or impeding workflows. IT solutions cannot meet these needs.

 

Myth: Securing an OT network requires downtime

 

Fact: Downtime is an extremely common—but completely avoidable—side-effect of OT security initiatives. The culprit is often the usage of agent-based security tools, which usually necessitate downtime in order to be installed or updated.

The entire Claroty Platform—including Continuous Threat Detection (CTD), Secure Remote Access (SRA), and the Enterprise Management Console (EMC)—is agentless. It leaves no footprint on the network, poses no risk to OT availability, reliability, or safety, and requires absolutely zero downtime.

 

To learn more about the Claroty Platform and how it provides comprehensive OT security, request a demo.

 

 

Subscribe to the Blog