Performance-based OT security

Systematically raise your security posture over time without getting distracted by fearmongering, by focusing on what you can actually control. OTbase is the tool to make it happen.

Do you struggle to make progress in securing your OT infrastructure? Here’s why.

The vast majority of OT asset owners is anything but happy about their progress in reducing the OT attack surface. And it’s getting clear what the primary reason is: If you rely on threat detection products, progress just won’t happen — because threat detection is reactive by nature. Most likely you will also be frustrated by the high number of false-positive alerts.

Progress can only happen outside of the SOC, in the engineering space, where you can achieve actual and measurable reductions of the attack surface. This is the approach taken by OTbase.

Get the OT Vulnerability Management Handbook

Detailed, comprehensive OT asset inventory

You heard it hundreds of times: A solid asset inventory is the foundation for OT security, because you can’t protect what you don’t see. Your risk assessment will be vastly off if you are only looking at incomplete inventory information. You’ll miss thousands of vulnerabilities and critical systems. Strange thing is, even though this is accepted wisdom in the OT security space, very few asset owners actually have a detailed and comprehensive asset inventory. Don’t be one of them, because you would never achieve progress in your OT security efforts.

Effective OT vulnerability management

Imagine you had a reliable and detailed account of all known vulnerabilities that affect your installed base. Along with the capability to filter for geolocation, process association, required attack complexity, known exploits, device criticality, the works. Wouldn’t that be a game changer?

Well in OTbase, that’s just the start. You also get the opportunity to create remediation tasks that you can assign to individuals, along with deadlines, suggested remediation, file attachments, and more.

The foundation for the superior OT vulnerability management workflow in OTbase is an accurate and comprehensive OT asset inventory, something that OT security products don’t have — because they don’t use active discovery technology consistently.

Alert contextualization

Have you seen this: Your threat detection solution generates an alert, and the SOC team now has to figure out which device the IP address 192.168.0.4 belongs to. Or a specific MAC address, for that matter. A process that can take many hours, if not days.

If the SIEM is able, however, to contextualize basic address information with the rich asset information in OTbase, it’s a matter of minutes to identify the nature of the associated device, its location, process function, network neighborhood etc.

Standard integrations are available for Splunk and FortiSOAR.

Detection of unauthorized configuration change and new devices on the network

OTbase tracks hardware and software configurations of your OT devices with 24 hour updates. Once that a change is detected — such as a different firmware version — users will be notified accordingly. A special case if the change affects an OT system (such as a machine line) where the overall configuration was approved, now putting the system in an unapproved state (beach of system integrity).

New devices on the network will be caught and reported as well.

Data flow and network topology diagrams

Data Flow Diagram

Want to know who communicates with whom, using what protocols? OTbase tells you right away, using easy to read, contextualized diagrams. You’ll see traffic categorized in local subnet, private peer subnet, and public Internet. Even better, OTbase also creates L2 network topology diagrams for you. Let’s face it, you need to know what else is on a network where you have vulnerable and/or critical devices, or devices that have already been positively compromised.

Automated configuration policy audits

Want to set corporate configuration standards that minimize or prevent the use of insecure software products? Configuration policies are the way to go. OTbase supports configuration policies with automatic audits. Once that you have defined a policy and linked it to a set of devices, OTbase will show right away which devices are compliant and which ones aren’t.

System owners will see compliance status in their device profiles right away. A practical, proactive approach towards better OT security.

Unmatched reporting options

OT security is a numbers game, and no progress is to be made if the numbers aren’t collected, reported, and analysed properly. For this reason, OTbase includes a multitude of built-in metrics and reporting options. However, top of the line is the OTbase Connector for Microsoft Power BI, which allows you to generate game-changing dashboards and reports in the tool that the C suite loves.

Support for engineering use cases

Here’s a dirty little secret: The majority of OT security initiatives fail, and they fail for one reason: Getting sabotaged by engineering and maintenance.

This happens predictably when IT wants to enforce procedures and products that place extra demands on engineers, but don’t offer any benefits to these stakeholders. Pretty much what happens anytime an IT security product is forced onto OT.

Since this is a known fact with huge implications, OTbase puts special emphasis on catering to engineering, operations, and maintenance as well. Once that these stakeholders benefit from using the OT asset management system, they will be happy to provide data — data that is crucial for the cyber security effort to succeed.

Example engineering use cases are product lifecycle management, spare parts management, and automatic network topology diagrams.