OT is Different.
The purpose of operational technology (OT) is different than that of information technology (IT). IT focuses on the ‘CIA triad’ of data. That breaks down to confidentiality, integrity, and availability. OT networks control our physical world and essential processes, so uptime and reliability are vital to OT – but with new threat exposure and emerging security compliance requirements, the CIA triad is becoming ever more important as well.
PacketViper’s OT360 family of cybersecurity solutions provide an array of security capabilities that actively defends OT with wire-speed contextual filtering, deception-enabled threat detection, and automated response to both external and internal threats.
OT360 helps organizations seeking to cost-effectively defend OT networks without unplanned downtime or a costly ‘rip and replace’.
Addressing OT Specific Issues
An agentless, multi-context, deception-enabled approach creates an automated moving target defense (AMTD) capability that can help owner/operators address OT/ICS and Cyber-Physical Systems security issues without threatening overall equipment effectiveness (OEE).
OT360 addresses OT specific requirements at primary and unattended remote facilities in a manner that builds trust and delivers meaningful and measurable security outcomes.
The complex nature of OT networks, and the lack of tolerance for disruption, requires that OT cybersecurity solutions support the following key criteria:
- Provide compensating controls for dated systems
- Configurable to match any type of device
- Support asset discovery
- Provide a vendor-agnostic approach
- Active Cyber-Physical Systems Security
- Reporting for security and compliance requirements
- Integrate OT and IT environments
- Evolve from mirror mode to in-line security as teams develop trust and seek active threat response
- Cost-effectively scale throughout the enterprise
- Easy to use security tool for operators and technicians
- North-South-East-West visibility
- Active prevention and response capability.
Agentless Alignment of OT & IT Security
The agentless nature of OT360 makes it ideal for OT. Networks can be passively monitored with no false- positives and without unplanned downtime. The solution monitors activity on OT & IT networks without scanning.
This improves visibility while gathering intelligence on active network threats performing reconnaissance and moving laterally, all while preserving options to respond to attacks at wire speeds within a segment or across the enterprise.
Next-gen OT/Cyber-Physical Systems Security
OT or IT networks and environments are built to operate in relatively static configurations that therefore makes those services fixed focal points in a globally connected environment. Services which never or rarely move offer unlimited opportunities to probe, to wait until mistakes are made, or new vulnerabilities are identified.
PacketViper automated moving target defense (AMTD) capability makes practical sense. Deception is an important tactic and strategy in an attackers’ arsenal used to trick us into revealing information that increases their probability of success. Operators are defenseless against a well-orchestrated attack. Our AMTD technology turns the tables on threats at the earliest stages of their attack cycle, greatly increasing the difficulty of their attack starting with initial reconnaissance. Dynamically moving threat detection and prevention is equally effective against known and unknown threats.
Other solutions are costly and complex while only offering the single use of internal (on-network) threat detection. Alternative technologies like firewalls, SIEM and endpoint solutions are necessary but insufficient for keeping up with threats.
OT360 adds a needed layer to the security stack that can effectively communicate with OT teams tasked with securing operations.
Measurable Security Outcomes
Operators will regularly see the measurable impact of the context filtering and AMTD-enabled approach to network defense. Users typically identify, harvest, and apply active defenses for thousands of newly detected threats per month as part of the applied threat intelligence capability. Organizations typically experience boundary traffic reductions up to 70%, while firewall utilization percentages decline, and SIEM noise levels decrease, all of which generate operational efficiencies and budget savings.
Easily Secure Primary and Remote OT/ICS & SCADA Environments
PacketViper OT360/OTRemote Solution
PacketViper OTRemote is a system of security software and hardware components that enables critical infrastructure and industrial organizations to secure and protect OT/ICS and SCADA assets, networks, and environments at local and remote locations.
- Provides granular real-time visibility, monitoring and management of network communications between local and remote locations.
- Utilizes interactive security components including contextual filters, decoys, sensors, and sirens that detect unauthorized devices or network communication.
- Employs easy to understand interactive dashboards that display network traffic context to quickly identify threats and anomalies without the need for extensive security expertise.
- Includes a Centralized Management system to configure and manage remote locations, monitor network communication, and identify anomalies.
- Contains an Enterprise Management interface to configure, manage and protect remote locations Equips supervisors and operators with real-time alerting and reporting, with the option to enable automated defense of the network. Creates a secure compute environment at remote locations that eliminates the need for security tool server deployments at unattended facilities.
PacketViper OT360 and OTRemote enable organizations to protect OT/ICS and SCADA networks from threats originating from external sources or from within the network. Our OT security technology provides better security, broader visibility, and granular network control without the risk of interfering with normal industrial control processes or communication channels. OT360 and OTRemote give operators a simple method of identifying anomalies without any prior network or security knowledge.
PacketViper OT360 appliances consist of a family of hardened, industrial, metal-cased, rack-mount appliances designed for critical infrastructure applications in harsh and space constrained environments. PacketViper OTRemote location appliances consist of DIN rail mount fanless metal-cased devices designed for critical infrastructure applications in harsh and space constrained environments. These models all provide the highest levels of threat detection, prevention, and response to protect industrial control systems and critical infrastructure facilities from remote on-site online attacks. High availability (HA) and Bypass-enabled configurations are available, as well as a variety of other deployment options including custom NEMA-Rated outdoor enclosures.
Effective and Easy-to-use OT/ICS Security
Securing Operational Technology (OT) and Industrial Control System (ICS) assets requires more than visibility of unpatched devices or mere detection of anomalies. Effective cybersecurity depends on providing front line operators the required information to act quickly when potential threats are in motion. PacketViper OT360 removes the complexity from securing critical operations and provides operators with an easy-to-use, industrial-grade defense and protection tool. Our unique approach ensures that sensitive and complex devices are not disrupted.
Rapidly Monitor, Detect, and Prevent Threats in Critical Operations Networks
Operational technology (OT) and Information Technology (IT) systems have converged to optimize production, drive innovation, and increase efficiency. However, that convergence increases the attack surface by connecting network segments that had previously been air-gapped and exposing them to broader networks and the Internet. Detecting complex and evolving cyber threats requires advanced tools, knowledge, and training. The PacketViper OT360 Solution utilizes easy to understand interactive dashboards that allow operators to monitor status in real time, without the need for advanced cyber security knowledge or experience.
Purpose-Built OT/ICS and SCADA Security
We understand security, and the many differences between IT and OT/ICS/SCADA networks. We also know that effective cybersecurity requires a layered approach in any environment. Our mission is to provide effective, easy-to-deploy, and affordable solutions that defend and maintain the availability of ICS and OT networks, including how they interface and connect with IT infrastructure. Finally, you have a security solution for your critical infrastructure that protects your OT Network and its many components, including HMIs, PLCs, RTUs, SCADA assets, Historians, and more.
Enterprise-wide Visibility, Management, and Control
Whether your organization is a small two-site facility or large, multi-node distributed network environment, detecting and then stopping an attack is difficult without the correct tools. PacketViper OT360 combined with OTRemote provides end-to-end control system visibility, security device management, threat mitigation and containment in a single solution. The OTRemote solution eliminates blind spots and network risk in either flat or segmented environments. Dashboards provide granular and easy to understand, real-time views of devices. Operators can rapidly identify threats, weakness, and risks from potentially vulnerable devices within critical networks
Meaningful Cybersecurity Results and Benefits
PacketViper OT360 and OTRemote enable essential two-way communications with connected remote assets while delivering critical security, visibility, and compliance benefits.
- Provides active network visibility and security for primary and secondary critical infrastructure facilities.
- Enables wire-speed prevention and detection response capabilities across the entire OT/ICS environment.
- Prevents external threats from taking control of remote OT assets
- Limits loss of revenues from unplanned downtime
- Detects and reduces dwell-time of internal threats
- Stops internal threats from establishing outbound connections
- Confines local threats to the impacted location
- Enhances cybersecurity without unplanned downtime
- Enables 2-way communication and supports active alerting into DI/DO and serial connected systems
- Supports compliance with multiple standards
- Establishes a compensating control for vanishing air gaps
- Facilitates active vendor monitoring and risk management
- Delivers threat detection and response without complex and costly orchestrations
- Ensures protection of public health and safety
- Mitigates attack-related outages and damages
- Provides Real-time protection against active threats
OT360 & OT Remote deployments can evolve from mirror mode to in-line security. When inline, operators can act on threats directly from the solution, up to and including blocking. Operating inline, the solution also harvests and immediately applies new machine-readable threat intelligence (MRTI) at wire-speed to continuously protect the network. OT360 & OTRemote provide a proactive way of detecting and identifying threats to external and internal networks before they become a full- fledged attack. Prevention of attack progression through the kill chain provides a robust defense for critical assets.
Addressing Security Controls
OT360 & OTRemote uniquely support many important NIST, NERC CIP, and emerging CISA Critical Industry security controls that may not have previously been addressed with a multi-context deceptive-enabled approach but doing so will dramatically help achieve the actual intended goal of the control.