Solution Architecture

OT Security Components

The OT Security solution is comprised of two components:

• OT Security Enterprise Manager – collects data from OT Security at multiple sites, enabling you to configure, manage, control and report on everything that happens across your OT enterprise. The OT Security Enterprise Manager can be deployed on premise as part of your NOC/SOC on a dedicated appliance (same model as the onsite OT Security appliance), or it can be deployed on a private or public cloud such as a virtual machine or AWS cloud service.

• OT Security – this component collects and analyses the network traffic directly from the network (via a span port or network tap) and/or using a data feed from the OT Security Sensors. The OT Security appliance executes both the Network Detection and Active Query functions.

• OT Security Sensors - small devices that can be deployed on network segments that are of interest, up to one sensor per managed switch. The sensors are available in 2 form factors: compact rack mount or DIN-Rail mount. OT Security sensors provide full visibility into these network segments by capturing all the traffic, analyzing it and then communicating the information to the OT Security appliance. Sensors version 3.14 and above can also be configured to send out active queries to the network segments on which they are deployed.

  

Network Components

OT Security supports interaction with the following network components:

• OT Security user (management) – Users accounts are created to control access to the OT Security Management Console. The Management Console is accessed through a web browser (Google Chrome) via a secure socket-layer authentication (HTTPS).

Note: The UI can only be accessed from a Chrome browser. You also need to be using the latest version of Chrome.

• SIEM – OT Security Event logs can be sent to a SIEM using Syslog protocol.

• SMTP Server – OT Security Event notifications can be sent by email to specific groups of employees via an SMTP server.

• DNS Server – DNS servers can be integrated into OT Security to help in resolving asset names.

• Third party applications – External applications can interact with OT Security using its REST API or access data using other specific integrations1 For example, OT Security supports integration with Palo Alto Networks Next Generation Firewall (NGFW) and Aruba ClearPass, enabling OT Security to share asset inventory info with these systems. OT Security can also integrate with other Tenable platforms such as Tenable Vulnerability Management and Tenable Security Center. Integrations are configured under Local Settings > Integrations, see Integrations..