Governance & Risk Management , Healthcare , Identity & Access Management
Palo Alto Networks, Cisco Dominate OT Defense Forrester Wave
Palo Alto Reaches OT Leaderboard While Claroty, Tenable Fall to Strong PerformerCisco remained atop Forrester's OT security rankings, Palo Alto Networks climbed into the leader space, and Claroty and Tenable fell to strong performer.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
The transition from a network-centric to an asset- and data-centric security model has introduced challenges, especially with legacy equipment, according to Forrester Principal Analyst Brian Wrozek. Specifically, he said, implementing modern security measures such as digital certificates and multifactor authentication in older OT systems can be difficult.
"There's a lot of hesitancy to do things like aggressive scanning, or if you notice suspicious activity, to completely isolate a system," Wrozek said. "I do that to a salesperson's laptop all day long, but I can't do that to an electric switch or a pipeline valve or something like that."
The rise in ransomware and geopolitical threats targeting OT environments has necessitated more robust security measures and cross-domain protections, according to Wrozek. Despite the obstacles, he said, there's a clear trend toward addressing identity-based threats, adopting zero trust models and embracing both cloud-based management and cloud-delivered security solutions in OT environments.
"It's more about solving specific use cases," Wrozek said. "Not just asset discovery, but extending that out to, 'What are the threats and vulnerabilities within those assets?' And then, 'How can I implement better prioritization and protection against those specific threats?'"
Wrozek said companies such as Palo Alto Networks and Cisco have set themselves apart from traditional OT-specific security vendors by consolidating capabilities and creating offerings that address both the IT and OT security needs of industrial organizations. He praised their comprehensive protection capabilities and broad tech stacks that include asset identification, threat detection and secure remote access.
"If you think that you only have to worry about OT and IoT environment, you're missing out on a broad attack surface and other threats if you narrow your focus too much," Wrozek said.
Do Clients Want Stand-Alone OT Tools or a Broad Cyber Platform?
Smaller organizations typically prefer using a single platform for OT security to maximize simplicity, while larger organizations in critical industries might opt for best of breed solutions from specialized OT security vendors, according to Wrozek. He said vendors such as Microsoft and Honeywell have increased their presence in OT security through acquisitions and major investment (see: Microsoft's CyberX Acquisition: Securing IoT and OT).
"We're going to see additional emphasis around identity."
– Brian Wrozek, principal analyst, Forrester
The new OT security Forrester Wave replaced the ICS security one from fall 2021. Since then, Wrozek said, the market has evolved from focusing on protocol coverage to addressing specific use cases such as asset discovery, threat identification and vulnerability protection. At the same time, he said, OT security has shifted from identifying issues to implementing identity and asset protection similar to IT security.
"We're going to see additional emphasis around identity," Wrozek said. "That's been a real problem and challenge area."
There's been a sea change in Forrester's assessment of the strength of current offering, with Palo Alto Networks, Cisco, Microsoft, Fortinet and Claroty grabbing the top slots this time around. That's in stark contrast to last time, when Claroty, Dragos, Cisco, Nozomi Networks and Forescout received the five highest scores.
Evaluations were more similar from a strategy standpoint, with Palo Alto Networks receiving the highest score, Cisco and Claroty tying for second, and Tenable and Dragos tying for fourth this time around. Last time, Forrester gave the five highest strategy scores to Cisco, Tenable, Claroty, Verve Industrial Protection - which has since been acquired by Rockwell Automation - and Dragos (see: Verve Purchase Gives Rockwell Leg Up on Asset Identification).
The move to cloud solutions in OT security is driven by the efficiencies and data accessibility they offer, but it also introduces new security challenges, according to Wrozek. At the same time, he said, generative AI is expected to enhance both security and operational capabilities in OT environments, though its impact is currently behind other cybersecurity sectors.
"It's in that predictive maintenance - using AI and other solutions like digital twins to be able to model my complex industrial control processes," Wrozek said. "Then I can simulate maintenance windows and physical effects. Why not simulate a ransomware attack in that same digital environment? What would that look like, and what's the impact to our operations if that were to happen?"
Over the next few years, Wrozek expects to see an increased emphasis on identity management in OT environments, driven by the need for tighter control over human and machine identities. The increased integration of IT and OT systems will also necessitate new security approaches to address the blended threat landscape, he said.
Outside of the leaders, here's how Forrester sees the OT security market:
- Strong Performers: Claroty, Tenable, Dragos, Nozomi Networks, Forescout, Fortinet, Armis, Honeywell
- Contenders: Microsoft, Opswat, Hexagon, Industrial Defender, TXOne Networks
New Ruggedized Firewalls Transform OT Security at Palo Alto
Palo Alto Networks rolled out ruggedized firewalls in recent months. They are tailored for outdoor settings and harsh environments to better serve deep industrial control systems layers and operational technology settings, according to Senior Vice President and General Manager Anand Oswal. He said there's demand for firewalls that can withstand extreme conditions and provide robust security without requiring additional sensors or point products.
Oswal said Palo Alto Networks sets itself apart through a holistic approach to OT security, integrating visibility, segmentation, policy generation and asset utilization into a unified workflow, leading to better ease of use. Palo Alto Networks can provide seamless OT security management for various verticals, including manufacturing, healthcare and utilities, according to Oswal (see: AI and IoT Synergy for Enhancing Cybersecurity).
"Even in environments which are not ruggedized, you want to be able to deploy IoT or OT security without manual interventions," Oswal told Information Security Media Group. "You want to get the visibility on the fly. And then once you get visibility, you want to be able to set all the segmentation rules and policies to a single unified flow."
Forrester criticized Palo Alto Networks for not supporting a broader set of OT devices and for lacking a comprehensive compliance workflow and corresponding dashboard that would show overall compliance posture to regulations. Oswal acknowledged these critiques and said Palo Alto Networks will address support for legacy OT devices and compliance needs based on customer input.
"Our job is to ensure that customers can get IoT and OT security easily," Oswal said. "They don't need to have additional sensors or point products installed. They get full visibility accurately on all devices in their infrastructure, and we are constantly improving device coverage."
Cisco's OT Security Bets, Splunk Buy Drive More Visibility
Over the past year, Cisco has focused on unifying security information across IT and OT environments to improve visibility and automate decision-making processes, said Vice President of Product Management and Design Karin Shopen. One investment includes using Splunk to analyze network behavior and provide detailed information on specific assets, which helps with identifying abnormalities and responding to threats.
Cisco can integrate sensors within existing products, allowing for better protection given the proximity of the sensor to the protected asset and nixing the need for additional firewalls, according to Shopen. She said Cisco sets itself apart through its adherence to the Purdue model, its approach to unifying security information across IT and OT environments, and its purchase of Splunk for more data visibility and automation (see: What Cisco's Purchase of Splunk Means for Cybersecurity, AI).
"Our investment in order to deliver that type of visibility, with the ability to automate decisions, was critical for us, and it's really important for moving IT and OT forward," Shopen told Information Security Media Group. "We keep enhancing our ability to provide information from segmentation and to allow the correct segmentation as far as the remediation process."
Forrester chided Cisco for a loose cloud integration between its IT and OT domain and for lacking native regulatory compliance tracking, scoring, reporting and workflow capabilities. Shopen acknowledged this critique and said Cisco is committed to enhancing these capabilities to ensure the company can deliver comprehensive compliance tracking across both IT and OT environments.
"We're seeing more and more of the market looking for unification of security information in order to make central decisions and retrace their steps," Shopen said.