Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens and Tenable Partner to Protect Industrial Networks

Siemens and Tenable Partner to Provide Asset Discovery and Vulnerability Management For Industial Networks

Siemens and Tenable Partner to Provide Asset Discovery and Vulnerability Management For Industial Networks

Worsening geopolitical tensions and increasing awareness of the potential harm caused by cyber attacks against the operational technology (OT) networks of critical industries has made industrial control systems (ICS) a focus of cybersecurity attention. But protecting ICS remains problematic as it emerges from its pre-internet security-unaware origins into the modern internet-connected world: it now has to add remaining secure to remaining operational.

“Organizations running operational technology face a foundational security challenge — the need to understand the entirety of their cyber exposure in the context of a modern attack surface that is constantly evolving,” explains Amit Yoran, CEO of Tenable. “We’ve seen the rise of cloud, mobile and IoT and now the convergence of IT with OT, which have made critical systems vulnerable to increasingly aggressive adversaries and attacks.”

OT, however, remains behind IT in its security defenses. A study by Ponemon in February 2017 highlighted the dire state of security awareness (in this case, specifically the oil and gas industry) in OT. It found that 46% of cyber attacks were thought to go undetected; that 61% of respondents believe their organization’s industrial control systems protection and security is not adequate; and that less than half of the respondents believe they have the internal expertise needed to manage cyber threats in the OT environment.

Improved visibility into existing vulnerabilities within the OT environment will improve OT security staff’s ability to defend against cyber attacks. “Cyberattacks against the O&G and utilities sector are on the rise and growing more sophisticated and aggressive by the day,” comments Leo Simonovich, VP and global head of industrial cyber and digital security at Siemens Energy. “Passive monitoring of all assets in these systems is critical to detecting and addressing vulnerabilities before they can be exploited and lead to disruption of essential public services like electricity, gas, and water.” 

Tenable and Siemens have now partnered to provide this passive visibility. Siemens is a major provider of ICS. Tenable owns one of the world’s most-used vulnerable scanning engines — Nessus. Announced today is the new Industrial Security provided as a security service by Siemens, and based on Tenable’s Nessus. 

It provides, says Tenable, “safe, reliable asset discovery and vulnerability detection purpose-built for ICS and supervisory control and data acquisition (SCADA) systems.” Key to this solution is the passive nature of Nessus which is used to detect vulnerabilities without affecting operational functionality. “Joining forces with Siemens is a natural next step,” says Yoran. “Together we provide a way for organizations to monitor and address their attack surface in totality, so they can see where they are vulnerable and protect those systems — and the people who depend on them — from threats.”

Siemens AG is a major provider of ICS equipment. It generated €79.6 billion in 2016, and employs more than 350,000 people around the world.

Advertisement. Scroll to continue reading.

Tenable raised $50 million in 2012, and followed this with a massive $250 million Series B funding round in November 2015. Its customers include more 50% of the Fortune 500, the ten largest U.S. technology companies, and 8 of the 10 largest U.S. financial companies.

Related: DHS, FBI Warn of Ongoing APT Attack Against Critical Infrastructure 

Related: U.S. Oil and Gas Industry Lagging in Security

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.