Story image

Tenable solution secures converged IT/OT environments

28 Feb 2019

Tenable has announced a Cyber Exposure solution to provide a unified view of cyber risk spanning information technology (IT) networks and operational technology (OT), from enterprise applications to industrial control systems.

This allows security leaders to use a single platform to measure, manage and reduce cyber risk across both IT and OT environments with Tenable Industrial Security which is integrated with Tenable.sc (formerly SecurityCenter) for vulnerability management on-premises.

Digital transformation means that the days of fully air-gapped OT assets are largely gone.

Modern OT environments increasingly interconnect with IT, resulting in a complex, sensitive and expanded attack surface.

As effective risk management is built on a unified understanding of the entire IT/OT attack surface, organisations are shifting responsibility for OT security to the Chief Information Security Officer (CISO).

Yet traditional IT security solutions lack the ability to continuously discover and assess sensitive OT assets.

Conversely, most OT security solutions don’t translate to the world of IT.

This lack of holistic visibility creates security blind spots and increases the chances of mission- and safety-critical systems being compromised or taken offline.

An attack on a high-value OT asset, for example, may begin by compromising a traditional IT asset and then moving laterally.

When used with Industrial Security, Tenable.sc aims to solve this problem by delivering clarity into an organisation’s converged IT/OT environments. Tenable.sc leverages Nessus scanners to gather security-related information from IT-based assets on OT and IT networks.

Tenable.sc combines that information with passively collected asset and vulnerability data from Industrial Security, which provides asset discovery and vulnerability management purpose-built for OT environments.

Designed for critical systems that require a non-intrusive approach to vulnerability management, Industrial Security is an OT-native solution that helps identify and prioritise OT risks so organisations can keep safety-critical production assets secure and fully functional.

The integration of Tenable.sc and Industrial Security provides a complete picture of IT and OT assets together, identifying exposures and vulnerabilities across the entire enterprise and helping organisations prioritise and manage cybersecurity against business risk.

Additional enhancements to the Tenable.sc and Industrial Security integrated solution include:

  • Integration with Tenable Cyber Exposure Technology Ecosystem to improve remediation and response processes for both IT and OT environments. Tenable’s market-leading integration partners span Security and IT technologies, including industry-leading SIEM, IT Ticketing and Configuration Management Database (CMDB) solutions. Together, these solutions accelerate the time-to-detect and remediate issues through a greater breadth of visibility across the modern attack surface, depth of analytics, and integrated data and workflows, fostering better collaboration across Security and IT Operations teams.

  • Expanded OT asset coverage which includes wider and deeper coverage of several thousand new devices from leading industrial manufacturers, such as Yokogawa and Emerson. These new manufacturers join the top 10 leading industrial manufacturers — including Siemens, Schneider, Rockwell/Allen-Bradley, Honeywell, Mitsubishi and others — whose devices are already covered by Industrial Security.

Tenable co-founder and chief technology officer Renaud Deraison says, “The interconnectedness of digital infrastructure today means the security of IT directly impacts OT, and vice versa.

“Without a single, unified view into converged IT/OT environments, CISOs are basically being asked to defend their organisations blindfolded and with one arm tied behind their backs, he says.   

“It’s bad cyber strategy and it places the business at serious risk.”

Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure.