Solution Architecture
The OT Security solution is comprised of two components:
-
OT Security – this component collects and analyses the network traffic directly from the network (via a span port or network tap) and/or using a data feed from the OT Security Sensors. The OT Security appliance executes both the Network Detection and Active Query functions.
-
OT Security Sensors - small devices that can be deployed on network segments that are of interest, up to one sensor per managed switch. The sensors are available in 2 form factors: compact rack mount or DIN-Rail mount. OT Security sensors provide full visibility into these network segments by capturing all the traffic, analyzing it and then communicating the information to the OT Security appliance. Sensors version 3.14 and above can also be configured to send out active queries to the network segments on which they are deployed.
Network Components
OT Security supports interaction with the following network components:
-
OT Security user (management) – Users accounts are created to control access to the OT Security Management Console. The Management Console is accessed through a web browser (Google Chrome) via a secure socket-layer authentication (HTTPS).
Note: The UI can only be accessed from a Chrome browser. You also need to be using the latest version of Chrome.
-
Active Directory Server – User credentials can optionally be assigned using an LDAP server, such as Active Directory. In this case, user privileges are managed on the Active Directory.
-
SIEM – OT Security Event logs can be sent to a SIEM using Syslog protocol.
-
SMTP Server – OT Security Event notifications can be sent by email to specific groups of employees via an SMTP server.
-
DNS Server – DNS servers can be integrated into OT Security to help in resolving asset names.
-
Third party applications – External applications can interact with OT Security using its REST API or access data using other specific integrations1.