Solution Architecture
OT Security Platform Components
The OT Security solution is composed of these components:
-
ICP (OT Security Appliance)— This component collects and analyzes the network traffic directly from the network (via a span port or network tap) and/or using a data feed from the Tenable OT Security Sensor (OT Security Sensor). The ICP appliance executes both the Network Detection and Active Query functions.
-
OT Security Sensors — These are small devices deployed on network segments that are of interest, up to one sensor per managed switch.OT Security sensors provide full visibility into these network segments by capturing all the traffic, compressing the data and then communicating the information to the OT Security appliance. You can configure Sensors version 3.14 and later to send out active queries to the network segments on which they are deployed.
Network Components
OT Security supports interaction with the following network components:
-
OT Security user (management) — You can create user accounts to control access to the OT Security Management Console. You can access the Management Console through a browser (Google Chrome) via a secure socket-layer authentication (HTTPS).
Note: You can only access OT Security user interface from the latest version of Chrome.
-
Active Directory Server — User credentials can optionally be assigned using an LDAP server, such as Active Directory. In this case, user privileges are managed on the Active Directory.
-
SIEM— Send OT Security Event logs to a SIEM using Syslog protocol.
-
SMTP Server —OT Security sends event notifications by email to specific groups of employees via an SMTP server.
-
DNS Server — Integrate DNS servers into OT Security to help in resolving asset names.
-
Third-party applications — External applications can interact with OT Security using its REST API or access data using other specific integrations1.