- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
This post was authored by Qiang Huang and contributed to by Minakshi Sehgal.
I lead product management for Palo Alto Networks IoT and OT security products. Over the past few years, I've worked with customers in just about every vertical to help secure their IoT and OT devices. In that time I've come to understand the unique challenges facing industries that rely on OT devices. For example, manufacturing was the industry most impacted by cyberthreats in 2022, with a 50% increase in ransomware attacks. This is because the threat surface is rising exponentially as digitization initiatives lead to more vulnerable legacy and newer types of OT assets connecting to the IT network, cloud, and Internet. And the attackers know that many vulnerable OT assets are not patched, giving them an easy way in. Cyber attacks are increasingly disrupting manufacturing production, and CXOs are realizing that their current security measures are simply not enough to cope with changes in the OT network at their production facilities.
Today, Palo Alto Networks is excited to announce Industrial OT Security, part of our comprehensive Zero Trust OT Security solution. Industrial OT Security is a new service that provides the most comprehensive Zero Trust security for OT assets. This new solution was purpose-built to address three key challenges faced by CxOs in asset intensive industries.
Getting clear visibility into OT assets, their communications, and risk factors. Their current lack of visibility leads to ineffective segmentation and security as the OT boundaries are no longer static due to digitization and remote operations trends.
Keeping up with the evolving and increasingly sophisticated threats. Many connected OT assets are vulnerable, exposed, and difficult to patch, making them a great entry point for attackers to infiltrate.
Meeting stringent operational requirements. OT organizations have important operational considerations, such as stringent change management procedures to avoid downtime and complex device ownership with OEMs and SIs. This challenges existing security measures, such as patching, vulnerability scanning, and endpoint security. As a result, many OT assets are not up-to-date and secured, even if they are known to be vulnerable.
Rooted in “never trust, always verify,” Zero Trust is designed to protect modern industrial and enterprise networks. As OT environments are becoming increasingly dynamic with regard to OT assets and network communications, the principles of Zero Trust provide an effective framework for security systems and processes. Given that most OT processes are purpose-built with predictable network traffic, Zero Trust principles are ideal for securing OT assets to prevent damage to the assets and downtime for critical services while preserving human health and safety.
Key steps to leverage Zero Trust to improve security in OT environments, include:
Comprehensive and ongoing visibility of the OT assets, their communications, and risk factors, such as CVEs and other vulnerable postures. Visibility is the foundation for prioritizing which surfaces to protect and for architecting Zero Trust for OT networks.
Contextual segmentation to partition vulnerable OT networks and assets from IT and cloud assets. Critical OT processes can be further segmented based on risk prioritization and mission criticality (e.g., leverage IEC 62443 security levels and zoning best practices). Least privilege access can also be used to control external communications for legacy and vulnerable OT assets that are hard to patch.
Continuous verification of trust for OT asset identity, behavior, and risk conditions and combined with adjustments made to security policies to reflect known risks.
Continuous security inspection of all traffic at the segmentation boundary - even for allowed communications, to detect and prevent malicious activities and ensure OT process integrity from attacks.
These steps can also help you to simplify the implementation and compliance reporting required for OT industry standards, such as IEC 62443.
Most vendors out there today stop at step one. With the new Industrial OT Security service on Palo Alto Networks NGFWs and Prisma® Access, Palo Alto Networks is the only true Zero Trust security solution that provides comprehensive visibility and security for your OT assets. Industrial OT Security covers all connected assets in plants and remote substations and sites, enabling your digital transformation while maintaining uninterrupted operations.
Palo Alto Networks Industrial OT Security solution allows you to achieve unprecedented levels of protection with:
1. Comprehensive visibility across OT and IT asset identity, communications and risk factors using machine learning (ML) with crowdsourced telemetry. Industrial OT Security, when combined with our NGFW, recognizes hundreds of unique OT asset profiles and 1000+ OT/ICS applications. It then establishes a comprehensive inventory of OT assets, visually maps their transaction flows in the context of the OT Purdue model, and provides insights into their risk exposure (e.g., CVEs, unsupported OS, connections to risky destinations). You can leverage this new ongoing visibility to establish protection surfaces, discover segmentation gaps, and prioritize your risk remediation. Unlike some traditional approaches, the asset visibility is non-intrusive to your OT processes, meaning no disruptions.
2. Zero Trust Security for OT assets and networks. Based on OT and IT asset visibility and risk assessment, our solution establishes and enforces Zero Trust security with these capabilities:
In addition to lowering the risk for industrial OT environments, the solution has been shown to provide a 351% return on investment (ROI) with up to 95% lower complexity than alternative OT security solutions. Find out how you can improve the security of your OT ecosystem and simplify operations. Read the latest Economic Impact Report from Enterprise Strategy Group (ESG).
Find out more: Palo Alto Networks Zero Trust OT Security.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
1 Like | |
1 Like | |
1 Like |