Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cracking the Code on OT Security

We see a lot of confusion and misinformation in the market when it comes to understanding active technologies for OT. Here’s what you need to know.

“Active” is a big buzzword in industrial cybersecurity these days. But what is it? How does it work? Is it safe? Do you even need it?

“Active,” in terms of device queries, means you query a device in its native communication protocol, which is an important distinction when considering an industrial cybersecurity solution. In fact, there are two key questions to ask about any cybersecurity solution you're considering for your operational technology (OT) environment:

  • Is the solution’s approach best-suited for your industrial control environment?
  • Is it passive, active or hybrid?

To unpack the nuances of the terminology, let’s look at this analogy:

Imagine you’re in a restaurant in a foreign country where you do not speak the native language. 

Even though you can’t speak the language, you still glean some information from other patrons. You can make an educated guess about a person’s age, for example, and maybe you may even look at facial expressions to determine an individual’s mood or disposition.

That’s similar to the behavior we expect from firewalls and network monitoring solutions that are not specific to industrial control systems (ICS) when they're placed in industrial networks. These types of solutions will spot MAC addresses, associate network protocols with ports, etc. However, harvesting information this way doesn’t give you enough detail for comprehensive asset tracking or vulnerability management.

Now, getting back to our foreign country restaurant analogy: let’s assume you understand the language and you can listen to conversations. You hear people talking about what they eat and their favorite foods in general or perhaps they’re comparing their experience to other restaurants they’ve recently visited. 

That’s like parsing network traffic. You understand everything being said but you are not interested in most of these conversations. What you really want to know is where each person lives, what school they attended, when they were born, etc. You want specific details about specific people. 

These details are elusive even under the best circumstances and it takes time to get the information you want just by listening. Typically, the exact information you want won’t come up naturally or spontaneously.

When dealing with ICS, industrial control vendors use different communication protocols or “languages.” Typically, vendors even have different protocols based on the specific device model, but let's say you’ve figured that out. You understand every bit and byte of industrial communication protocols. Turns out, that only gets you halfway to where you want to be. 

To secure all the information you want, you need to “actively” ask. And that's the secret sauce. 

Returning to our restaurant analogy: if you want to find out specific information about someone, you ask them questions. You might pointedly ask someone their age (uptime), where they attended school (firmware versions), where they live (hardware configuration), etc. 

And while you probably wouldn’t go up to random patrons in a restaurant and start asking them personal questions, you can query industrial control systems because they don’t typically use encryption or authentication.

What do we mean when we talk about active technologies for OT?

We see a lot of confusion and misinformation in the market about active technologies for OT. Active, in this context, is about querying devices using their native communication protocols. It’s not port scanning, knocking, banner grabbing, exploiting or leveraging vulnerabilities of any sort, It’s not querying devices in a way that can make them unstable.

Tenable is unique because our technology listens on the network and speaks, at the device level, the native communication protocols ICS vendors’ engineering stations use. 

Why do we do it? How do we leverage the collected data? How do we know which dialect of a certain protocol should be used? And how do we address the devils in the tech details of this groundbreaking technology? For answers to these and other OT-related cybersecurity questions, watch our webinar, Tenable and Indegy: the First Unified, Risk-Based Platform for IT and OT Security.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until December 31st.
Buy a multi-year license and save more.

Add Support and Training