Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cracking the Code on OT Security

We see a lot of confusion and misinformation in the market when it comes to understanding active technologies for OT. Here’s what you need to know.

“Active” is a big buzzword in industrial cybersecurity these days. But what is it? How does it work? Is it safe? Do you even need it?

“Active,” in terms of device queries, means you query a device in its native communication protocol, which is an important distinction when considering an industrial cybersecurity solution. In fact, there are two key questions to ask about any cybersecurity solution you're considering for your operational technology (OT) environment:

  • Is the solution’s approach best-suited for your industrial control environment?
  • Is it passive, active or hybrid?

To unpack the nuances of the terminology, let’s look at this analogy:

Imagine you’re in a restaurant in a foreign country where you do not speak the native language. 

Even though you can’t speak the language, you still glean some information from other patrons. You can make an educated guess about a person’s age, for example, and maybe you may even look at facial expressions to determine an individual’s mood or disposition.

That’s similar to the behavior we expect from firewalls and network monitoring solutions that are not specific to industrial control systems (ICS) when they're placed in industrial networks. These types of solutions will spot MAC addresses, associate network protocols with ports, etc. However, harvesting information this way doesn’t give you enough detail for comprehensive asset tracking or vulnerability management.

Now, getting back to our foreign country restaurant analogy: let’s assume you understand the language and you can listen to conversations. You hear people talking about what they eat and their favorite foods in general or perhaps they’re comparing their experience to other restaurants they’ve recently visited. 

That’s like parsing network traffic. You understand everything being said but you are not interested in most of these conversations. What you really want to know is where each person lives, what school they attended, when they were born, etc. You want specific details about specific people. 

These details are elusive even under the best circumstances and it takes time to get the information you want just by listening. Typically, the exact information you want won’t come up naturally or spontaneously.

When dealing with ICS, industrial control vendors use different communication protocols or “languages.” Typically, vendors even have different protocols based on the specific device model, but let's say you’ve figured that out. You understand every bit and byte of industrial communication protocols. Turns out, that only gets you halfway to where you want to be. 

To secure all the information you want, you need to “actively” ask. And that's the secret sauce. 

Returning to our restaurant analogy: if you want to find out specific information about someone, you ask them questions. You might pointedly ask someone their age (uptime), where they attended school (firmware versions), where they live (hardware configuration), etc. 

And while you probably wouldn’t go up to random patrons in a restaurant and start asking them personal questions, you can query industrial control systems because they don’t typically use encryption or authentication.

What do we mean when we talk about active technologies for OT?

We see a lot of confusion and misinformation in the market about active technologies for OT. Active, in this context, is about querying devices using their native communication protocols. It’s not port scanning, knocking, banner grabbing, exploiting or leveraging vulnerabilities of any sort, It’s not querying devices in a way that can make them unstable.

Tenable is unique because our technology listens on the network and speaks, at the device level, the native communication protocols ICS vendors’ engineering stations use. 

Why do we do it? How do we leverage the collected data? How do we know which dialect of a certain protocol should be used? And how do we address the devils in the tech details of this groundbreaking technology? For answers to these and other OT-related cybersecurity questions, watch our webinar, Tenable and Indegy: the First Unified, Risk-Based Platform for IT and OT Security.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training