OT monitoring is one of the essential cybersecurity controls for OT environments. It supports organizations in multiple cybersecurity domains, namely asset management, vulnerability management, and security monitoring. Products within the OT monitoring space have matured immensely over the past few years. These products typically rely on passive network monitoring, and most also utilize some sort of active scanning (although the latter is being masked under different names for marketing purposes). There are multiple vendors in the market, and it is difficult for organizations to select the ‘right’ one.
To devise a repeatable methodology that helps organizations assess the major players in the OT monitoring space, our first step was to create a testbed by means of an OT lab environment. Using different types of devices, including OT, IIoT, and IT, various industrial systems were built to simulate real-life processes. Additionally, the selection of the devices was diversified in terms of technology, vendor, make and model, protocols, and deployment architecture. We then devised a methodology that assesses candidate tools across the following functional areas:
- IT Asset Detection
- OT Asset Detection
- IT Asset Identification
- OT Asset Identification
- IT Vulnerability Detection
- OT Vulnerability Detection
- Threat Detection
- User Interface
- Integrations
Applying a methodology to our testbed environment, over 4 weeks of a PoC, generated interesting and insightful results (as well as questions). The various candidate tools, namely Claroty, CyberVision, Defender for IoT, Nozomi, Tenable.ot, performed to varying degrees, some excelling significantly in certain domains over others. The PoC validated that the methodology used was a practical framework that is customizable for organizations’ needs. Since then, this PoC methodology has been adapted and applied to multiple organizations in various industries.
Join this session as Raphael explains the PoC methodology that helps organizations choose the ‘right’ OT monitoring tool.