Operational Technology is a branch of cybersecurity that focuses on securing systems and devices that are networked with physical machines. The need for OT Security increases as organizations leverage more IoT-based devices and rely on technology such as Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) to enhance their business.
When many people hear about the Internet of Things, they may think about their smart speakers or internet-connected light bulbs. OT Security is responsible for much more sensitive devices such as fuel pumps, electrical control switches, sewage treatment plants, and even the electrical grid. A failure or cyber-attack on these systems could cause widespread effects on everyone who relies on these services, and even a loss of life in the worst possible situations.
Here’s our shortlist of the seven best OT Security vendors:
- Forcepoint EDITOR’S CHOICE – A cloud-based system that plans and then implements a secure overlay network, integrating underlying infrastructure into a universal addressing, security management, and monitoring system. Access a demo.
- SCADAfence – Uses non-intrusive deployments requiring zero downtime.
- SIGA – Monitors electrical signals rather than packets for wider monitoring abilities.
- Honeywell – Assigns risk scores for easy threat prioritization.
- Kaspersky Industrial CyberSecurity – Provides holistic monitoring and end-user education.
- Darktrace – Leverages artificial intelligence to secure any protocol or technology.
- Dragos – Can be used as a managed service and features 21+ partnerships.
With the stakes so high, OT Security vendors not only have to stop attacks but also have a set of automated procedures to isolate other systems and ensure any damage done can be quickly stopped and reversed.
How is OT Security Different From IT Security?
IT Security heavily focuses on securing information systems, databases, and user access through networks using internet protocol. Traditionally businesses have allowed information in and out of their network through the placement of firewalls that are sometimes paired with a proactive system such as a SIEM.
OT Security is primarily used to secure industrial systems and networks from cyberattacks or internal threats from rogue employees. This industrial IoT usually includes ICS and SCADA networks that may now have internet-facing access to remotely monitor or control physical systems on the plant floor. In the past industrial systems operated primarily on an intranet and did not have connectivity to the outside world.
While IT and OT security may seem similar, they are significantly different. One of the biggest differences is that OT Security covers networks and devices that used to be part of a closed system, and never accessible to the outside world. In IT Security a breach may result in the loss of information, whereas a breach of an industrial system may cause a pipe to burst, or a centrifuge to spin out of control.
As these physical devices become internet-accessible both IT and OT security need to be applied harmoniously in a way that secures the industrial network and ensures no unauthorized changes can be made either internally, or externally.
What Are Some Features Of OT Security?
OT Security has many layers, but most often starts with analyzing the industrial networks’ traffic. From a network perspective, these systems are isolated from everything else, lowering the total volume of network traffic that needs to be inspected and analyzed.
With less traffic, baselines can be created faster and monitors can be set to alert to suspicious activity or changes. Many OT Security vendors use a combination of behavioral analytics and baseline analysis to alert and sometimes even deploy automation to rectify an issue.
For example, these two technologies can detect if specific employees are accessing machines in a way they shouldn’t, or attempting to modify controls they are not authorized to change. If these actions are detected an alert can be sent immediately to a supervisor and their account can be temporarily locked until a more thorough look is taken into the situation.
Much of this automation and monitoring is designed to alert to an attack that may be in its early stages, giving you a chance to stop it before it is completely underway. In addition to this monitoring, many OT Security solutions come with tailored access control solutions that cater to ICS and SCADA systems.
These security features can monitor and directly communicate with industrial control systems allowing for in-depth access control, policy-based rulesets, and reports for auditing. Many of these OT Security vendors have scalable solutions that can secure a few dozen, to a few thousand sensors and industrial machines.
If you’re looking for OT Security vendors it’s important to look for solutions that can be implemented without causing downtime or risking non-compliance. Managing the jump from a closed industrial system to an internet connection one requires a vendor or tool that has the ability to provide IT and OT security convergence seamlessly.
The best OT Security vendors
What should you look for in an operational technology security system?
We reviewed the market for OT security tools and analyzed the options based on the following criteria:
- Interoperability with industrial systems
- Risk scoring for headless devices
- Zero trust access
- Traffic tagging
- Behavioral analysis for anomaly detection
- A free trial or a demo system to get a way to assess the package before paying
- Value for money from a reliable service at a fair price
Using this set of criteria, we looked for protection systems for industrial devices that quite often don’t have native security or user accounts.
Let’s now take a look at some of the best OT security vendors and see exactly how their solutions can help secure IoT and industrial systems.
Forcepoint offers a suite of security services that encompass OT Security as well as user, data, and edge protection. Within this suite, Forcepoint offers specialized security for critical infrastructure and IoT environments.
- Seamless IT/OT integration.
- Byte-level content inspection.
- SIEM integration.
The critical infrastructure service enables companies to enable OT security quickly whether the environment is already networked, or in a transitional stage. The service works to map out and create network boundaries and plan how cloud and remote access controls will work for your critical systems.
Through Forcepoint’s Data Guard, you can connect older devices and industrial machines to your private network to enable information sharing and the creation of insights that weren’t otherwise possible. Data Guard uses byte-level content inspection and data validation to ensure data is secure and untampered while in transit.
Data pulled from lower-level network devices can be aggregated into a single environment for security monitoring and management. If your organization already uses a SIEM platform, this data can be pulled quickly into the system for auditing and alert purposes. Forcepoint allows you to bring both IT and OT security together in a way that gives you a single pane of glass to view all of your physical and digital assets.
The methodology behind the technology involves creating layers of security and separating the IT network from operation controls without impacting productivity or limiting operators from doing their jobs.
- The interface is simple and easy to learn
- Utilizes a combination of fingerprinting and behavioral analysis to stop threats
- Can contain threats through a cloud-based sandbox environment
- Offers robust SIEM integrations
- Must contact sales for pricing
Pricing for Forcepoint’s Infrastructure OT Security services is not available on its site. You can schedule a demo or request pricing on its website.
Forcepoint is our top pick for an OT security vendor because it offers ways to plan and implement the implementation of hybrid networks that include traditional office systems with IoT and industrial devices. Create your network across sites through internet links but ignore the underlying medium and apply consistent security measures across environments. Wrap your entire business IT system with a defined boundary and patrol it with edge services. The package provides ongoing performance and security monitoring with alerts.
Official Site: https://www.forcepoint.com/form/sase-demo-request-b
SCADAfence focuses on providing cybersecurity for critical infrastructure by protecting both OT and IoT assets. Through continuous software-based monitoring, behavioral analytics, and threat detection, SCADAfence is able to provide full coverage of industrial networks while providing visibility into security events and infrastructure insights.
- Non-intrusive deployment.
- Deep Packet Inspection.
- Adaptive baseline analysis.
Implementing OT security into a network with existing firewalls and security features can be challenging. SCADAfence acknowledges this problem by complimenting these security measures with internal visibility, monitoring, and alerting. During installation, SCADAfence uses port mirroring in networked switches to provide a non-intrusive deployment so there is no impact to productivity or downtime on any of the target machines.
With the scale in mind, the SCADAfence platform can provide coverage for even the largest and most complicated network architecture with deep packet inspection and filtering. Once packet inspection is in place, SCADAfence recognizes assets on the network and begins monitoring for anomalous behavior, areas of non-compliance, and potential threats in progress.
All assets on the network are mapped out to create a virtual inventory of the entire IoT environment. During this time an adaptive baseline is created to better identify abnormalities, as well as insure a performance gauge against the network’s current state.
- Specializes in secure physical infrastructure
- Supports highly complex network designs and access controls
- Can support IoT implementations
- Uses packet inspection and behavior analysis to detect threats
- Best suited for enterprise networks supporting critical infrastructure
SCADAfence is available for demo upon request.
SIGA creates visibility into IoT networks and IT devices using accurate real-time sensors combined with a centralized monitoring and security platform. SIGA not only uses this information to provide OT security, but to reduce the need for human intervention by automating security responses.
- Sensors supported by 10+ integrations.
- Electrical signal monitoring.
- Regulatory reporting.
SIGA is flexible and can be used in any industry such as energy, manufacturing, water treatment, or building management. The platform is designed to cover OT security as well as provide real-time business intelligence, reporting, and asset management all in as a single service.
Rather than using packet inspection, SIGA monitors raw electrical signals in the physical process to help support visibility into devices and pair that information with security insights for a deeper understanding of how the industrial side of your network is operating.
Currently, SIGA uses ICS and sensor technology that is supported by Honeywell, Siemens, GE, Schneider, and six other companies. These sensors can help close the gap between OT and IT by networking them through an alert control system. This system monitors for abnormal fluctuations or suspicious events that may signal a cyber attack is underway.
Alerts can create tickets for a security team, or deploy automated responses. In addition to real-time alerts, regulatory reporting and asset performance insights can be saved or sent out automatically depending on your needs.
- Supports automation across complex critical infrastructure
- Provides regulatory monitoring and security automation
- Supports enterprise integrations
- Better suited for industrial IoT networks
You can view a demo of SIGA in action upon request.
Honeywell Forge Cybersecurity platform works to secure every endpoint in the IoT chain and bring that data together in a way that makes business safer and more efficient. Honeywell offers solutions for virtually any sized business or level of cybersecurity maturity.
- Follows NIST and industry-standard guidelines.
- Features risk scoring.
- Real-time and historical data collection.
With scalability in mind, Honeywell uses NIST SP 800-82 and other leading international standards to ensure your company is within compliance and leveraging best practices against OT security threats.
At a glance, Honeywell Forge provides insights into your network by creating events paired with a risk score. From this score, you can drill down and identify exactly what your risk factors are, and see what predetermined security policies may be in violation. This methodology helps IT security teams quickly view and prioritize assets that may be the most vulnerable.
Remote access into your industrial network can be standardized and audited through role-based and device-specific privileges. This extends into securing OT-centric files or data with built-in threat detection that inspects and monitors files in transit.
Proactive monitoring allows for both real-time alerting and historical data collection that can be integrated into a SIEM product. Different alerts can be set up depending on the type of event. For example, security events can be routed to the security team, where maintenance events such as a low oil level can be routed to a maintenance team member.
- Excellent user interface – great for NOC dashboards and teams
- Offers NIST standard reporting and vulnerability prioritization
- Supports real-time data collection – great for enterprises using SIEM products
- Provides a variety of integrations for alerting and notifications
- Is a better general OT vendor
Pricing and further information can be provided by the Honeywell sales team.
Kaspersky is known for its suite of security products that cover dozens of different threats and business needs. Industrial CyberSecurity aims to connect processes, people, and technology in a way that is both safe and easy to manage.
- Education for in-house teams
- SCADA specific monitoring and protection.
- Holistic monitoring based on the sensor.
With over a dozen integrations and partnerships, Kaspersky Industrial CyberSecurity offers OT security for enterprise-level industrial businesses. The platform holistically uses sensors and systems to monitor key assets as well as provide business intelligence.
Designed to secure every layer of the industrial network, Kasperksky has security solutions for monitoring and protecting SCADA servers, human interface machines, programmable logic controllers and endpoint workstations.
Through industrial endpoint protection on each sensor, Kapsersky can monitor for breaches, anomalous behavior, and insider threats. Outside of the OT security service, Kaspersky also provides training for IT, OT, and C-level members for your organization to increase cybersecurity awareness and assist teams in-house.
- Supports industrial endpoints and IoT infrastructure
- Great for smaller OT networks
- Has a vast repository of tools for new users
- Could use a more visual interface
You can reach out to the Kaspersky team for a demo of their platform.
Darktrace is a cloud-based OT security platform that uses self-learning artificial intelligence to cover entire networks, including IoT assets. For industrial security, the Darktrace Industrial Immune System works by monitoring the baselines of hundreds of networks in the industrial space to see what “normal” looks like.
- Leverages artificial intelligence.
- Integrates with older technology.
- Provides a suite of additional security features.
It uses this information to track and detect anomalous behavior as it plays out. Each time an attack is found and stopped the system learns what to look for next time, remembers how it operated, and how it can defend against it.
The system takes this same learning approach for every device, controller, and user. A pattern of life is recognized over time by the Darktrace system, and deviations are alerted to. Outside of cyberattacks, the system can also identify internal threats, operator error, and mechanical malfunctions.
Since Darktrace uses AI to recognize and understand patterns, the entire platform is protocol agnostic, meaning that it can be used to monitor virtually any protocol or technology. The platform can fully support any business looking to increase its security posture and can integrate with old PCLs or devices without current sensor support.
Outside of OT security, Darktrace can offer security services for email, cloud-based applications, and standard IT network security monitoring.
- Offers great data and threat visualizations
- Leverages artificial intelligence to monitor complex networks
- Uses baseline analysis to detect threats and other anomalous behavior
- Better suited for enterprise networks
You can test out Darktrace through a free 30-day trial.
Dragos is a robust OT/ICS cybersecurity platform designed to provide professional OT security services as well as platform and threat intelligence training. Designed by ICS practitioners, the Dragos platform starts with best practices out of the box and works to constantly protect and monitor your IoT environment.
- Global intelligence sharing.
- Managed service option.
- 21+ partnerships.
While some platforms just provide alerts to OT security events, Dragos takes it a step further by providing step-by-step instructions on exactly how to handle a threat or security incident. These are called Key Takeaways and are designed to give your security team actionable items to complete to rectify any issues.
There are also labeled Indicators of Compromise (IoC) which are forensic breadcrumbs that can be traced to help identify malicious behavior. IoCs are important when not only documenting threats but also building a legal case against an attacker.
IoCs along with detailed reporting gives you an inside look into adversary behavior and the techniques that were attempted on your network. This information can be used to correct vulnerabilities, and identify other possible avenues of attack.
- Uses simple yet intuitive graphics to display network information
- Offers over 21 partnership integrations
- Uses global intelligence sharing to power their threat detection
- Offers tools that provide documentation for legal and forensic investigations
- Better suited for enterprise networks
Dragos provides powerful OT security by not only leveraging its global intelligence sharing but through its 21+ strategic partnerships. For companies who are looking to manage their OT Security off-site, Dragos provides OT security as a managed service through its Neighborhood Watch program. This lets the Dragos team manage and stop security threats, update and patch endpoints, and conduct threat hunting on your network.
OT Security FAQs
What is OT cybersecurity?
OT security, or OT cybersecurity, defines a range of technologies, processes, and best practices that combine to protect office and industrial systems and the connections between them. Inputs to the security management service can also include sensor and video detection systems that enable physical protection to be woven into the security system.
What is OT and IoT security?
OT security is designed to protect premises and industrial equipment as well as office networks and their attached devices. Premises equipment extends to IoT devices, so IoT and OT security measures are very closely linked.
What is OT in NIST?
The National Institute of Standards and Technology (NIST) in the USA has created a Special Publication that is entitled Guide to Operational Technology and this explains to businesses how to go about implementing OT security. The code for the publication is SP 800-82r3.