OT is different
The purpose of operational technology (OT) is different than that of information technology (IT). IT focuses on the ‘CIA Triad’ of data. That breaks down to confidentiality, integrity, and availability. OT networks control our physical world and essential process, so uptime and reliabilitiy are vital to OT - but with new threat exposure and emerging security compliance requirements, the CIA Triad is becoming ever more important as well.
PacketViper’s OT360™ family of cybersecurity solutions provide an array of security capabilities that actively defends OT with wire-speed contextual filtering, deception-enabled threat detection, and automated response to both external and internal threats.
OT360 helps organizations seeking to cost-effectively defend OT networks without unplanned downtime or a costly a ‘rip and replace’.
Addressing OT specific issues
An agentless, multi-context, deception-enabled approach to OT security can help owner/operators address OT security issues without threatening overall equipment effectiveness (OEE).
OT360 addresses OT specific requirements in a manner that builds trust and delivers meaningful and measurable security outcomes.
The complex nature of OT networks and lack of tolerance for disruption requires OT cybersecurity solutions support the following key criteria:
- Provide compensating controls for dated systems
- Configurable to match any type of device
- Support asset discovery
- Provide a vendor-agnostic approach
- Segment-specific flexibility
- Function across both OT and IT environments
- Evolve from mirror mode to in-line security as teams develop trust and seek active threat response
- Cost-effectively scale throughout the enterprise
Agentless alignment of OT & IT security
The agentless nature of OT360 makes it ideal for OT. Networks can be passively monitored with no false-positives and without unplanned downtime. The solution monitors activity on OT & IT networks without scanning.
This improves visibility while gathering intelligence on network threats actively performing reconnaissance and moving laterally, all while preserving options to respond to attacks at wire speeds within a segment or across the enterprise.
Our deception-enabled approach is disruptive and makes practical sense. Deception is a dynamic mainstay for attackers who use it to trick us into revealing information that increases their probability of success. In turn, we respond with mostly static, insufficient defenses.
Next-gen OT cybersecurity
PacketViper’s deception technology turns the tables on threats at the earliest stages of their attack cycle, greatly increasing the difficulty of their attack starting with initial reconnaissance. Threat detection is equally effective against known and unknown threats.
Other deception solutions are costly and complex while only offering the single use of internal (on-network) threat detection. Alternative technologies like firewalls, SIEM and endpoint solutions are necessary but insufficient for keeping up with threats.
OT360 adds a needed layer to the security stack that can effectively communicate with OT teams tasked with securing operations.
Operators will regularly see the measurable impact of the context filtering and deception-enabled approach to network defense. Users typically identify, harvest, and apply active defenses for thousands of newly detected threats per month as part of the applied threat intelligence capability, while experiencing boundary traffic reductions of up to 70%, while firewall utilizations stabilize, and SIEM noise levels decline.
Measurable security outcomes
OT360 uses multiple contextual filters, an array of network sensors and proprietary and agentless Decoys, Sirens and deceptive elements for network obfuscation, threat detection without false positives and the ability to automatically respond to threats across both Primary and Remote OT networks.
How it works
Decoys are highly believable targets for threats actively scanning a network to potentially exploit or attack. Sirens emulate specific OT Asset network traffic communications as if they were fully functioning systems to lure passively listening, deeply embedded Advanced Persistent Threats (APTs). Sensors provide a transparent mechanism to broadly monitor visible control network traffic for anomalies, behavior variations, and emerging patterns. All three capabilities combine together to support proactive threat hunting without the need for highly specialized and hard-to-find threat intelligence personnel and expensive, defined - purpose tool kits.
PacketViper deceptive elements are completely agentless, entirely software-based and vendor agnostic. Decoys and Sirens can be configured to match any type of OT device and are engineered to enable network segment saturation without load.
The solution can evolve from mirror mode to in-line security. When inline, operators can act on threats directly from the solution, up to and including blocking. Operating inline, the solution also harvests and immediately applies new machine-readable threat intelligence (MRTI) at wire-speed to continuously protect the network.
OT360 provides a proactive way of detecting and identifying threats to external and internal networks before they become a full-fledged attack. Prevention of attack progression through the kill chain provides a robust defense for critical assets.
OT360 uniquely supports many important NIST, NERC CIP, and emerging CISA Critical Industry security controls that may not have previously been addressed with a multi-context deceptive-enabled approach, but doing so will dramatically help achieve the actual intended goal of the control.
Addressing security controls
Getting started is easy
A proof-of-concept (POC) clearly demonstrates measurable outcomes and benefits. PacketViper regularly supports customized lab and production environment POCs in as part of ongoing efforts to demonstrate commitment to keeping the brand promise of OT360 and delivering unsurpassed cybersecurity value to clients across multiple critical infrastructure industry segments.