The Challenge:
Active, agentless protection from threats
outside and inside the fence
Actively defend connected AND air-gapped OT assets to ensure safe, secure, and reliable operations.
Oil & gas companies have essential distributed operational technology (OT) network assets that increase their attack surface and present attractive targets for attackers. OT assets connected to corporate networks create new attack vectors that can lead to greater exposure to cyber-threats.Even air-gapped assets are at risk due to normal physical interactions. Vendors, third parties and employees frequently plug-in with external storage or internet connected devices for maintenance and monitoring, creating a vector for introduced threats.
Operators require cost-effective cyber-physical defense that supports protected, real-time, two-way data flows while preventing external threats from accessing networks and quickly identifying introduced threats that are on-network and automatically containing them to avoid excessive harm.
The Solution:
Automated threat prevention, detection, containment, and response that goes far beyond monitoring and alerts.
PacketViper OTRemote provides security outcomes that matter to OT operators. It prevents external threats from accurately identifying connected assets during reconnaissance and from using them to enable access. It detects and responds to malware including vulnerability exploits and Ransomware at wire speed, providing a compensating control for “unpatchable” assets and unsupported devices. Additionally, if threats are introduced to the network, the active and agentless technology provides automated containment that prevents proliferation and/or establishing lateral or outbound communications. Finally, it does all this while enabling protected two-way data flow, allowing real-time operational access. The solution even provides a platform for the installation of other software tools, such as vulnerability scanning, telemetry, and SCADA applications in hard-to-serve remote environments.
How it works
OTRemote is deployed at each connected OT remote site (wellheads, pump stations, storage facilities etc.) where the agentless solution works as an invisible in-line bridge. This provides the context required to take action on traffic moving to and from the site. Threats cannot detect the solution and the technology obfuscates the connected site and its assets during reconnaissance. Attackers simply cannot see the site or it’s actual assets.
For threats introduced to the network the solution provides automated containment and real-time detection. Automated two-way filtering capabilities restrict the threat from spreading and exfiltrating data while the security team gets a high-fidelity alert. Response requires no complex orchestrations and the solution is equally effective against both known and unknown threats.
OTRemote is deployed on a ruggedized DIN mounted appliance that supports bypass capability. No network level re-addressing is required for installation, and once the physical connection is established, security policies can be remotely and centrally managed.
Meaningful cybersecurity outcomes and benefits
PacketViper provides cybersecurity results not available with firewalls, unidirectional gateways, data diodes, or micro segmentation tools.
- Prevent attack-related power outages and damages
- Prevent external threats from taking control of OT assets
- Prevent loss of revenues from unplanned downtime
- Detect and reduce dwell-time of internal threats
- Contain internal threats from spreading
- Prevent internal threats from opening outbound connections
- Asset and boundary obfuscation
- Protected two-way communication
- Automated response without orchestrations
- Platform for other remotely deployed tools
