Introducing AI/ML Powered Industrial OT Security

This post was authored by Qiang Huang and contributed to by Minakshi Sehgal.

I lead product management for Palo Alto Networks IoT and OT security products. Over the past few years, I've worked with customers in just about every vertical to help secure their IoT and OT devices. In that time I've come to understand the unique challenges facing industries that rely on OT devices. For example, manufacturing was the industry most impacted by cyberthreats in 2022, with a 50% increase in ransomware attacks. This is because the threat surface is rising exponentially as digitization initiatives lead to more vulnerable legacy and newer types of OT assets connecting to the IT network, cloud, and Internet. And the attackers know that many vulnerable OT assets are not patched, giving them an easy way in. Cyber attacks are increasingly disrupting manufacturing production, and CXOs are realizing that their current security measures are simply not enough to cope with changes in the OT network at their production facilities. 

CxOs need comprehensive cybersecurity that protects OT networks at all times against all threats without impacting operations. 

Today, Palo Alto Networks is excited to announce Industrial OT Security, part of our comprehensive Zero Trust OT Security solution. Industrial OT Security is a new service that provides the most comprehensive Zero Trust security for OT assets. This new solution was purpose-built to address three key challenges faced by CxOs in asset intensive industries.

Getting clear visibility into OT assets, their communications, and risk factors.  Their current lack of visibility leads to ineffective segmentation and security as the OT boundaries are no longer static due to digitization and remote operations trends.

Keeping up with the evolving and increasingly sophisticated threats. Many connected OT assets are vulnerable, exposed, and difficult to patch, making them a great entry point for attackers to infiltrate.

Meeting stringent operational requirements. OT organizations have important operational considerations, such as stringent change management procedures to avoid downtime and complex device ownership with OEMs and SIs. This challenges existing security measures, such as patching, vulnerability scanning, and endpoint security. As a result, many OT assets are not up-to-date and secured, even if they are known to be vulnerable.

Securing increasingly dynamic OT networks and ensuring ongoing operations requires adopting a Zero Trust approach. 

Rooted in “never trust, always verify,” Zero Trust is designed to protect modern industrial and enterprise networks. As OT environments are becoming increasingly dynamic with regard to OT assets and network communications, the principles of Zero Trust  provide an effective framework for security systems and processes. Given that most OT processes are purpose-built with predictable network traffic, Zero Trust principles are ideal for securing OT assets to prevent damage to the assets and downtime for critical services while preserving human health and safety.

Key steps to leverage Zero Trust to improve security in OT environments, include:

Comprehensive and ongoing visibility of the OT assets, their communications, and risk factors, such as CVEs and other vulnerable postures. Visibility is the foundation for prioritizing which surfaces to protect and for architecting Zero Trust for OT networks. 

Contextual segmentation to partition vulnerable OT networks and assets from IT and cloud assets. Critical OT processes can be further segmented based on risk prioritization and mission criticality (e.g., leverage IEC 62443 security levels and zoning best practices). Least privilege access can also be used to control external communications for legacy and vulnerable OT assets that are hard to patch.

Continuous verification of trust for OT asset identity, behavior, and risk conditions and combined with adjustments made to security policies to reflect known risks. 

Continuous security inspection of all traffic at the segmentation boundary - even for allowed communications, to detect and prevent malicious activities and ensure OT process integrity from attacks.

These steps can also help you to simplify the implementation and compliance reporting required for OT industry standards, such as IEC 62443.

Only Palo Alto Networks provides complete Zero Trust security so you can focus on uninterrupted operations and continued modernization of your production facilities.

Most vendors out there today stop at step one. With the new Industrial OT Security service on Palo Alto Networks NGFWs and Prisma® Access, Palo Alto Networks is the only true Zero Trust security solution that provides comprehensive visibility and security for your OT assets. Industrial OT Security covers all connected assets in plants and remote substations and sites, enabling your digital transformation while maintaining uninterrupted operations.

Palo Alto Networks Industrial OT Security solution allows you to achieve unprecedented levels of protection with:

1. Comprehensive visibility across OT and IT asset identity, communications and risk factors using machine learning (ML) with crowdsourced telemetry. Industrial OT Security, when combined with our NGFW, recognizes hundreds of unique OT asset profiles and 1000+ OT/ICS applications. It then establishes a comprehensive inventory of OT assets, visually maps their transaction flows in the context of the OT Purdue model, and provides insights into their risk exposure (e.g., CVEs, unsupported OS, connections to risky destinations). You can leverage this new ongoing visibility to establish protection surfaces, discover segmentation gaps, and prioritize your risk remediation. Unlike some traditional approaches, the asset visibility is non-intrusive to your OT processes, meaning no disruptions.  

2. Zero Trust Security for OT assets and networks. Based on OT and IT asset visibility and risk assessment, our solution establishes and enforces Zero Trust security with these capabilities:

• Contextual segmentation secures your OT perimeter with effective segmentation of your OT networks from the corporate IT and the Internet. Further zoning and microsegmentation secures OT processes based on your OT assets, the criticality of OT processes, and risk contexts.- Dynamic least privilege access policy with elegant policy constructs of  Device-ID, App-ID, and User-ID, natively on the NGFW. This helps to secure legacy, vulnerable, and hard-to-patch OT assets that need to communicate to external networks. Industrial OT Security also establishes baseline OT asset behavior to help you eliminate error-prone and time-consuming manual policy creation.
• Continuous trust verification with real-time OT asset identity, behavior, and risk condition monitoring. With Device-ID, your security policy can be dynamically updated based on the latest trust verification. 
• Continuous security inspection with threat prevention of IT exploits and OT-specific threats based on advanced ML and 600+ OT-specific threat signatures,and behavior anomaly detection for zero-day threats. It also monitors your OT process integrity with customized alerts and policy actions for events, such as PLC stop and program download.
• Simplified operations with the most comprehensive unified platform that is equipped with playbook-driven, native integrations with your back-end systems. Industrial OT Security is flexible and easy to deploy, across hardware, virtual and cloud-deployed NGFW form factors, without requiring multiple sensors and network redesign. It also supports partially air-gapped to fully connected architectures. Industrial OT Security is available as a cloud-delivered service with ML-powered NGFWs  and with Prisma® Access. 

Industrial OT Security delivers high ROI with less complexity than other solutions.

In addition to lowering the risk for industrial OT environments, the solution has been shown to provide a 351% return on investment (ROI) with up to 95% lower complexity than alternative OT security solutions. Find out how you can improve the security of your OT ecosystem and simplify operations. Read the latest Economic Impact Report from Enterprise Strategy Group (ESG).

Find out more: Palo Alto Networks Zero Trust OT Security.