Skip to main content
close search
site logo
Sponsored

Managing the attack surface of OT systems

Published June 13, 2024
By Matt Kraning, CTO of Cortex, Palo Alto Networks
A business professional stands in a modern factory environment, surrounded by robotic arms, while holding a digital tablet

alamy/Wirestock, Inc.

Matt Kraning is the Chief Technology Officer of Cortex at Palo Alto Networks, and was previously Chief Technology Officer and co-founder of Expanse, which was acquired by Palo Alto Networks. Matt is an expert in large-scale optimization, distributed sensing, and machine learning algorithms run on massively parallel systems. Prior to co-founding Expanse, Matt worked for DARPA, including a deployment to Afghanistan. Matt holds bachelor’s, master's, and doctorate degrees from Stanford University.

Most organizations don't have any idea about the number of internet-connected assets they have. When you really start to think about just how many of these exist in your organization, do you have any idea how many of them are truly secured?

You’re not alone if you can't immediately answer this question. The volume and variety of these assets go well beyond what most organizations can comprehend. Most couldn't begin to tell you how many routers they have or how many Operational Technology (OT) systems are running. Even organizations that think they have an idea of their OT assets actually don’t, as assets typically exist in overlooked areas (e.g. the building control systems in your office).

Why don’t organizations know what they own? There are a couple of main reasons:

  • Large amounts of legacy systems/technology – Many OT systems are made up of legacy technology that predate today’s sophisticated security technologies. As a result, there are unanticipated blind spots in terms of identifying these systems and the hazards they bring to the larger ecosystem.
  • Mergers and acquisitions – The convergence of different IT and OT infrastructures, technologies and digital assets is often challenging. Legacy systems don’t often integrate well with newer ones, nor do the various data silos that may exist. These factors create a complex visibility problem.

Managing the attack surface

There's a need for a fully deployed central visibility system. That’s what attack surface management (ASM) is, and it’s a key part of the overall solution for businesses to safeguard their OT systems. ASM gives organizations the ability to see what's exposed and what exists in order to secure it.

Attack surface management helps to automatically discover, assess and remediate exposures. ASM can assist organizations in actively identifying, understanding and addressing risks in all exposed services and publicly connected systems, which can be what saves your company from a serious attack.

Let’s look at three reasons why OT systems are challenging to protect, and how ASM can help in each instance.

If you don't know about it, you can't secure it

ASM capabilities may find hidden systems as well as actively monitor every endpoint throughout the ecosystem. This makes it possible for security and IT teams to create a robust security and defense plan, particularly in terms of prioritizing and fixing any vulnerabilities.

Systems are created without considering security

The majority of OT systems don’t support most modern security systems yet are connected to the internet. This makes them highly vulnerable. These systems frequently consist of aging hardware like PLCs, which were designed to last a company for decades. As a result, they don’t have the cutting-edge security measures that can find and prevent current attacks. 

Consequently, IT and security departments must be very careful to understand which systems are involved and how to secure them. These teams can do so by putting ASM to use, which will give them the needed continuous visibility capabilities to spot and manage security issues throughout their OT environments.

Whose job is security, anyway?

Historically, IT and OT were managed by separate groups within an organization. IT and OT didn’t share interdependencies. However, in recent years, the paradigm has shifted.

OT devices are often purchased and maintained by plant managers, with the help of OEMs, but security responsibility falls on the network security teams who don’t understand the functioning or the right security policy for these critical devices. Sometimes the plant managers implement OT security, but they don’t know the network security policies. That can lead to security gaps.

Use ASM to help identify these gaps and then decide who is responsible, at what level, and what kinds of access they should have across the system. These steps help facilitate a phased progression towards implementing a dynamic Zero Trust security posture for the entire organization.

Reducing OT risk

It may appear difficult, but safeguarding OT systems is not insurmountable. Attack surface management is an important piece of the puzzle for locating and securing assets throughout your company. By joining the capabilities of ASM with a policy-driven security model like Zero Trust, organizations can proactively defend critical and legacy systems against the ever-evolving threat landscape.

Filed Under: Operations

Editors' picks

Editors' picks
Latest in Operations
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.