Solution Architecture

OT Security Components

Note: In this document, the OT Security Appliance is referred to as ICP (Industrial Core Platform).

The OT Security solution is composed of these components:

Tenable OT Security Enterprise Manager (OT Security EM) — This component collects data from OT Security at multiple sites, enabling you to configure, manage, control, and report on everything that happens across your OT enterprise. The OT Security EM can be deployed on premises as part of your NOC/SOC on a dedicated appliance (same model as the on-site OT Security appliance), or it can be deployed on a private or public cloud such as a virtual machine or AWS cloud service.
ICP (OT Security Appliance)— This component collects and analyzes the network traffic directly from the network (via a span port or network tap) and/or using a data feed from the Tenable OT Security Sensor (OT Security Sensor). The ICP appliance executes both the Network Detection and Active Query functions.
OT Security Sensors — These are small devices deployed on network segments that are of interest, up to one sensor per managed switch.OT Security sensors provide full visibility into these network segments by capturing all the traffic, compressing the data and then communicating the information to the OT Security appliance. You can configure Sensors version 3.14 and later to send out active queries to the network segments on which they are deployed.

OT Security supports interaction with the following network components:

OT Security user (management) — You can create user accounts to control access to the OT Security Management Console. You can access the Management Console through a browser (Google Chrome) via a secure socket-layer authentication (HTTPS).

Note: You can only access OT Security user interface from the latest version of Chrome.

SIEM— Send OT Security Event logs to a SIEM using Syslog protocol.
SMTP Server —OT Security sends event notifications by email to specific groups of employees via an SMTP server.
DNS Server — Integrate DNS servers into OT Security to help in resolving asset names.
Third-party applications — External applications can interact with OT Security using its REST API or access data using other specific integrations1 For example, OT Security supports integration with Palo Alto Networks Next Generation Firewall (NGFW) and Aruba ClearPass, enabling OT Security to share asset inventory info with these systems. OT Security can also integrate with other Tenable platforms such as Tenable Vulnerability Management and Tenable Security Center. Integrations are configured under Local Settings > Integrations, see Integrations..