Overview

Digital transformation has replaced air-gapped operational technology (OT) environments with a boundaryless mix of OT and IT-based systems. Once isolated, ICS and SCADA devices are now connected to IT networks and even exposed to the public internet, further expanding the attack surface. Many were designed with little regard for security in a connected world, and are ill-prepared to withstand today’s threats. Identifying and mitigating ICS and SCADA vulnerabilities is vital, yet the approach traditionally used in IT environments – active vulnerability scanning – is a non-starter with sensitive OT assets, because such intrusive probing can impact their performance or even knock them offline.

To combat this, Tenable partnered with OT leader, Siemens, to develop Industrial Security, a solution that delivers continuous asset discovery and vulnerability detection for safety-critical operational networks. Purpose-built for ICS and SCADA systems, the solution uses passive network monitoring, not active scanning, to provide safe and reliable insight into both ICS/SCADA and IT-based system present on OT networks. This allows energy, utilities, manufacturing and other companies to mitigate threats and help ensure no disruptions to production cycles. Recently, Tenable announced an increase of several thousand new detections for OT devices covered by Industrial Security, including Honeywell, Rockwell and Mitsubishi.

Continuous asset discovery identifies new devices, software, ports/protocols, and connections, so security teams can investigate any unexpected additions. Passive vulnerability detection uses deep packet inspection to safely detect a wide range of OT vulnerabilities.

The solution delivers central visibility across multiple sites/plants by managing and consolidating data from multiple instances. As a result, IT and OT security, plant operations, and compliance teams enhance security, improve asset protection, and strengthen regulatory compliance.