Tenable OT Security

Deploy and License Tenable OT Security

To deploy Tenable OT Security:

1. Install the Tenable OT Security appliance according to the steps outlined in the Tenable OT Security User Guide.

2. (Optional) If you want to pair your sensors with the Industrial Core Platform (ICP), install the OT Security Sensor according to the steps outlined in the Tenable OT Security User Guide.

To license Tenable OT Security:

Follow the OT Security License Workflow outlined in the Tenable OT Security User Guide.

Link Tenable OT Security to Tenable One

Once you have downloaded and licensed Tenable OT Security, you can link the application to Tenable One.

1. Generate a Tenable OT Security Linking Key and determine your Cloud Site according to the steps outlined in the Tenable Vulnerability Management User Guide. Copy and save this information to link the connector to Tenable One.

2. Integrate your Tenable OT Security appliance with Tenable One according to the steps outlined in the Tenable OT Security User Guide.

You can expect to see your Tenable OT Security data in Tenable One within the following timeframes:

• It can take up to 2 hours to see your OT data in Tenable Inventory.

• It can take up to 4 hours to see your OT data in Lumin Exposure View.

Once the initial sync completes, Tenable OT Security automatically syncs OT data with Tenable One every hour.

Onboarding Milestones

Tenable suggests you complete the following milestones to ensure your success before proceeding with your Tenable One deployment process:

• In Lumin Exposure View, reveal converged risk levels and uncover hidden weaknesses across the IT-OT boundary. You can continuously monitor and track potential vulnerabilities with enhanced OT data:

  • Review the Global exposure card to understand your holistic score. Click Per Exposure to understand what factors are driving your score, and by how much.

  • Review the Operational Technologies exposure card.

  • Configure the exposure view settings to set customized card target, and to configure your Remediation SLA and SLA Efficiency based on your company policy.

  • Create a custom exposure card based on business context, and include the new tag you created in Tenable Inventory.

• In Tenable Inventory, enrich asset discovery with OT-specific insights, such as firmware versions, vendors, models & operational states. Access OT intelligence that standard IT security tools cannot provide:

  • Review your OT assets to understand the strategic nature of the interface. This should help set your expectations on what features to use within Tenable Inventory, and when.

  • Review the Tenable Queries that you can use, edit, and bookmark.

  • Familiarize yourself with the Global Search query builder and its objects and properties. Bookmark custom queries for later use.

    Tip: To get a quick view of what properties are available:

    • In the query builder, type has. A list of suggested asset properties appears.
    • Customize the list by adding a column. A list of available columns/properties appears.
  • Drill down into the asset details page to view asset properties and all associated context views.

  • Create a new dynamic tag for your OT assets, where:

    • Operator = Host System Type

    • Value = PLC

  • (Optional) Create a tag that combines different asset classes.

• In Attack Path Analysis, expose vulnerable network paths that could disrupt key operations like production lines or data centers. You can track OT communication paths and unauthorized changes:

  • View the Attack Path Analysis Dashboard for a high-level view of your vulnerable assets such as the number of attack paths leading to these critical assets, the number of open findings and their severity, a matrix to view paths with different source node exposure score and ACR target value combinations, and a list of trending attack paths.

    • Review the Top Attack Path Matrix and click the Top Attack Paths tile to view more information about paths leading to your “Crown Jewels”, or assets with an ACR of 7 or above.

    You can adjust these if needed to ensure you’re viewing the most critical attack path data and findings.

  • On the Findings page, view all attack techniques that exist in one or more attack paths that lead to one or more critical assets by pairing your data with advanced graph analytics and the MITRE ATT&CK® Framework to create Findings, which allow you to understand and act on the unknowns that enable and amplify threat impact on your assets and information.

  • On the Mitre Att&ck Heatmap, select the ICS heatmap option to focus on ICS (Industrial Control Systems) tactics and techniques.

  • On the Discover page, generate attack path queries to view your assets as part of potential attack paths:

    • Generate an Attack Path using a Built-in Query

    • Generate an Asset Query using the Asset Query Builder

    • Generate an Attack Path Query using the Attack Path Query Builder

    Then, you can view and interact with the Attack Path Query and Asset Query data via the query result list and the interactive graph.

What to do next

Realize the Value of Your Data within Tenable One.