US cybersecurity company Tenable has updates its Teneable.sc solution to include a single view of cyber risks across both information technology (IT) networks and operational technology (OT). It claims it is the first to achieve this “integrated” risk assessment of both IT and OT worlds, which are being increasingly joined together by the rise of industrial IoT and the Industry 4,0 movement.
The company has effectively pooled its security platforms for both spheres, and re-presented them under its main Tenable.sc brand. It said the combined solution covers industrial IoT risks in everything “from enterprise applications to industrial control systems”.
“Organisations are shifting responsibility for OT security to the chief information security officer. Yet traditional IT security solutions lack the ability to continuously discover and assess sensitive OT assets. Conversely, most OT security solutions don’t translate to the world of IT,” the company said in a statement.
“This lack of holistic visibility creates security blind spots and increases the chances of mission- and safety-critical systems being compromised or taken offline. An attack on a high-value OT asset, for example, may begin by compromising a traditional IT asset and then moving laterally.”
Hackers are finding gaps between these newly connected IT and OT networks. Cyber operatives have already been successful playing between the lines, as with Russian attacks on the US electric grid have showed, reported in the Wall Street Journal reported last month.
Tenable.sc leverages an open-source network vulnerability scanner from Nessus to gather security-related information from IT-based assets on OT and IT networks. This information is combined in the new solution with passively collected asset and vulnerability data from the Industrial Security engine, which was designed to identify and prioritise risks in critical OT systems.
The combined solution also expands OT asset coverage, to include “several thousand” new industrial devices from manufacturers like as Yokogawa and Emerson. These new manufacturers join the likes of Siemens, Schneider, Rockwell, Honeywell, Mitsubishi and other
The system has also been integrated with Tenable’s wider ‘cyber exposure’ technology ecosystem, covering the makers of widely deployed security and IT technologies, including SIEM, IT Ticketing and Configuration Management Database (CMDB) solutions.
Renaud Deraison, co-founder and chief technology officer at Tenable, commented: “The interconnectedness of digital infrastructure today means the security of IT directly impacts OT, and vice versa. Without a single, unified view into converged IT/OT environments, CISOs are basically being asked to defend their organisations blindfolded and with one arm tied behind their backs. It’s bad cyber strategy and it places the business at serious risk.
“Tenable.sc is a platform used and loved by thousands of CISOs and security teams for on-premises vulnerability management and the integration with Industrial Security for comprehensive IT/OT visibility is a natural and obvious extension of our leading vulnerability management capabilities.”
