www.paloaltonetworks.com
Open in
urlscan Pro
2600:141b:1c00:208c::c3a
Public Scan
URL:
https://www.paloaltonetworks.com/blog/2024/12/securing-remote-ot-operations/
Submission: On December 27 via api from TR — Scanned from US
Submission: On December 27 via api from TR — Scanned from US
Form analysis 2 forms found in the DOM
Name: Unit42_Subscribe — POST https://www.paloaltonetworks.com/apps/pan/public/formsubmithandler.submitform.json
<form action="https://www.paloaltonetworks.com/apps/pan/public/formsubmithandler.submitform.json" method="post" novalidate="" class="subscribe-form clearfix" name="Unit42_Subscribe" id="subscribe_form1">
<input type="hidden" name="emailFormMask" value="">
<input type="hidden" value="subscribe-unit42" name="FormName">
<input type="hidden" value="1086" name="formid">
<input type="hidden" value="531-OCS-018" name="munchkinId">
<input type="hidden" value="19887" name="lpId">
<input type="hidden" value="4357" name="programId"> <input id="field14" type="hidden" name="Qualifying_Campaign__c" value="70170000000lBnb"> <input type="hidden" value="1086" name="formVid">
<input type="hidden" name="mkto_opt-in" value="true">
<input type="email" name="Email" aria-label="Signup Newsletter" placeholder="Enter your email" id="input-newsletter-signup" class="subscribe-field rounded business_email" autocomplete="off">
<img class="d-none sub-ajax-loader" alt="spinner" src="https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif">
<button type="submit" class="btn btn-primary" value="Subscribe" disabled="disabled" aria-label="Subscribe Newsletter"> Sign up </button>
<div class="email_invalid_msg">Please enter a valid email.</div>
</form>Name: footer_form_manage_subscriptions — POST https://www.paloaltonetworks.com/apps/pan/public/formsubmithandler.submitform.json
<form id="footer_form_manage_subscriptions" name="footer_form_manage_subscriptions" class="form d-flex flex-wrap" action="https://www.paloaltonetworks.com/apps/pan/public/formsubmithandler.submitform.json" method="POST" novalidate=""
data-lang="en_US">
<input type="hidden" name="mkto_opt-in" value="true">
<input type="hidden" name="Qualifying_Campaign__c" value="70170000000lBnb">
<input type="hidden" name="emailFormMask" value="">
<input type="hidden" name="Company" id="Company" value="">
<input type="hidden" name="FormName" value="subscription-blog">
<input type="hidden" name="formid" value="1086">
<input type="hidden" name="formVid" value="1086">
<input type="hidden" name="munchkinId" value="531-OCS-018">
<input type="hidden" value="19887" name="lpId">
<input type="hidden" value="4357" name="programId">
<div class="footer-form-input-container d-flex flex-column">
<div class="d-flex">
<label class="form-field" aria-label="Enter your email now to subscribe!" for="PAN_FOOTER_EMAIL_FIELD">
<span class="sr-only" style="display: none;">Enter your email now to subscribe!</span>
<input type="text" name="Email" required="" class="mb-md-3 body-serif-1 text-white" placeholder="Enter your email now to subscribe!" id="PAN_FOOTER_EMAIL_FIELD" pattern="[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}$">
<div class="form-validation validation body-serif-4"></div>
<div class="validation-icon"></div>
</label>
<div class="actions d-none d-md-block">
<button type="submit" class="btn btn-primary flex-grow-0 flex-shrink-0 ml-md-4" disabled="" data-page-track="true" data-page-track-value="en_US:footer:Sign up">Sign up <i></i></button>
</div>
</div>
<div id="PAN_FOOTER_CAPTCHA_HOLDER" class="mb-2">
<div class="g-recaptcha" data-expired-callback="recaptchaExpired" data-callback="captchaComplete" data-sitekey="6Lc5EhgTAAAAAJa-DzE7EeWABasWg4LKv-R3ao6o"></div>
</div>
<div class="legal">
<p class="label-3 text-400 text-white form-legal"> By submitting this form, you agree to our
<a class="text-white" href="https://www.paloaltonetworks.com/legal-notices/terms-of-use" data-page-track="true" data-page-track-value="en_us:footer:terms-of-use">Terms of Use</a> and acknowledge our
<a class="text-white" href="https://www.paloaltonetworks.com/legal-notices/privacy" data-page-track="true" data-page-track-value="en_us:footer:privacy">Privacy Statement</a>. </p>
</div>
<div class="mobile-actions d-block d-md-none">
<button type="submit" class="btn btn-primary flex-grow-0 flex-shrink-0 ml-0" disabled="" data-page-track="true" data-page-track-value="en_US:footer:mobile:Sign up">Sign up <i></i></button>
</div>
</div>
</form>Text Content
* Get Started
* Contact Us
* Resources
* Get Support
* Under Attack?
Blog
* Corporate
* Products and Solutions
* Network Security
* Secure Access Service Edge
* Cloud Native Security
* Security Operations
* Unit 42 Threat Research
* Partners
Blog
Blog
* Corporate
* Products and Solutions
* Products and Solutions
* Network Security
* Secure Access Service Edge
* Cloud Native Security
* Security Operations
* Unit 42 Threat Research
* Partners
RECOMMENDED FOR YOU
DEFEND. SECURE. SIMPLIFY
AI accelerates your attackers. Outsmart them with Precision AI. Unveiling the
Future of AI & Cybersecurity
Get ready for Precision AI
* Blog
* Palo Alto Networks
* Points of View
* Securing Remote OT Operat...
SECURING REMOTE OT OPERATIONS:
Link copied
By Qiang Huang
Dec 26, 2024
5 minutes
129 views
Points of View
OT operations
BUILDING A RESILIENT FRAMEWORK FOR THE CONNECTED AGE
As OT environments become more interconnected, organizations can manage
operations remotely, enhancing efficiency and enabling greater oversight even
from a distance. However, these advancements come with heightened security
risks. A recent report from Palo Alto Networks and ABI Research found that 74%
of respondents noticed an increase in remote access, creating more entry points
for attackers. This expanded attack surface has made OT systems a prime target
for cyber threats, underscoring the need for a robust security framework
tailored to remote OT environments.
To build a resilient OT security framework, organizations need protections that
go well beyond connectivity. Securing all access points, whether cloud-based,
on-premises or hybrid, ensures safe and reliable operations in any environment.
This comprehensive approach is critical, as 80% of respondents in a recent
report believe that cloud technology and other digital tools will be vital to OT
over the next three to five years. Without strong security foundations across
these access points, organizations face increased risks of operational
disruptions, safety incidents and financial losses. Three-quarters of surveyed
companies have already encountered these challenges due to OT-targeted
cyber-attacks.
CORE COMPONENTS OF A RESILIENT OT SECURITY FRAMEWORK
Securing remote OT operations starts with building a foundation of clear
visibility into both OT and IT activity so that critical traffic can be
effectively monitored and understood. This visibility allows organizations to
make informed security decisions, detecting anomalies and responding to
potential threats with speed. However, visibility alone is not enough. To create
a resilient and layered defense against evolving threats, security must be
consistently integrated throughout the network.
By applying the principle of least privilege, organizations can reduce potential
security risks by restricting remote access to the minimum necessary for each
task. This approach minimizes exposure, limiting each user’s access to essential
systems only. Additionally, defining and communicating clear remote access
procedures ensures that everyone within the organization understands and follows
the same security protocols. Transparent processes are critical for maintaining
consistency, especially in complex OT environments where operational safety and
continuous uptime are paramount. Ensuring that these protocols support secure,
uninterrupted access is essential to keeping critical systems running smoothly.
Establishing secure temporary access is also crucial in OT settings, where
unique credentials should be used for each session, and access should be
promptly removed once tasks are complete. Temporary connections, whether through
VPNs, SSH, or other secure channels, like privileged remote access, must be
tightly controlled to prevent unauthorized access. Layering remote access with
multi-factor authentication (MFA) offers additional protection, reinforcing
security by requiring multiple forms of identity verification before access is
granted.
BUILDING A RESILIENT ACCESS INFRASTRUCTURE
A resilient security framework for remote OT environments must address the
unique conditions and constraints of OT networks, especially where legacy
equipment and older operating systems are prevalent. For example, encrypting
remote sessions is essential to safeguarding data confidentiality and integrity,
particularly for older OT devices that may lack built-in encryption
capabilities. However, regular software and firmware updates may not be feasible
in systems designed for continuous uptime, safety and availability.
In such cases, compensating controls, like time-limited access, manual
authentication processes, or specific verification steps can provide additional
security where standard measures are challenging to implement. These controls
help maintain secure access without disrupting operational continuity.
Similarly, avoiding default configurations and routinely reviewing system
settings are crucial steps. Customizing configurations not only addresses
specific vulnerabilities but also adapts the security framework to meet the
unique demands of OT environments.
INTEGRATING IT AND OT SECURITY STRATEGIES
A robust security framework for remote OT operations requires thoughtful
integration of IT and OT practices. Rather than simply adapting IT solutions for
OT, a holistic approach that respects the unique demands of OT environments is
essential. Designing dedicated workflows that prioritize OT requirements, such
as just-in-time access, helps maintain security without hindering operational
efficiency.
When IT and OT strategies are aligned with care, the resulting security posture
becomes stronger. However, integrating IT best practices with OT networks
demands sensitivity to differences, as IT’s rapid update cycles and security
protocols may clash with OT’s need for continuous uptime and legacy system
stability.
Involving OT personnel directly in remote access planning is also vital. With
visibility into upcoming activities, OT teams can respond to incidents
effectively, ensuring secure and reliable operations. Education further
strengthens this framework by equipping OT teams with the knowledge needed to
support security goals and avoid actions that might increase risk.
BUILDING RESILIENCE FOR THE FUTURE
Securing remote OT environments is an ongoing process that must evolve alongside
technology and emerging threats. A unified security platform provides the
adaptability required to meet these changing demands. Such a platform can
consolidate capabilities like asset discovery, network segmentation, and
advanced threat detection under one system, reducing complexity and streamlining
protection across both IT and OT environments.
Automation is another key to resilience, as it allows for adaptive security
policies that evolve based on traffic patterns. Automated policy recommendations
lower the chance of human error and ensure that protection remains consistent
across OT assets. With this framework in place, organizations can focus on
creating a secure, efficient environment that enables continuous operations
while managing risks in today’s interconnected world.
By prioritizing visibility, proactive threat prevention and the thoughtful
integration of IT and OT strategies, organizations can build a resilient
framework for remote OT security. This approach not only safeguards critical
infrastructure but also prepares companies for the cybersecurity challenges of
tomorrow’s connected landscape.
This post was originally published on Cybersecurity INSIDERS.
--------------------------------------------------------------------------------
RELATED BLOGS
AI SECURITY, POINTS OF VIEW
HARNESSING AI TO STRENGTHEN OT SECURITY AGAINST MODERN CYBER THREATS
MUST-READ ARTICLES, POINTS OF VIEW, PREDICTIONS
SECURITY OPERATIONS IN 2025 AND BEYOND
AI SECURITY, COMPANY & CULTURE, NEXT-GENERATION FIREWALLS, POINTS OF VIEW,
PREDICTIONS
8 TRENDS RESHAPING NETWORK SECURITY IN 2025
COMPANY & CULTURE, INTERVIEW, POINTS OF VIEW, PREDICTIONS, UNIT 42
AXIOS AND UNIT 42’S SAM RUBIN DISCUSS DISRUPTIVE CYBERATTACKS
CLOUD SECURITY, POINTS OF VIEW, PREDICTIONS
FORECASTING THE 2025 CLOUDSCAPE
POINTS OF VIEW, THREAT PREVENTION
STOKED — MANIFESTING INNOVATION IN SHARED THREAT INTELLIGENCE
SUBSCRIBE TO THE BLOG!
Sign up to receive must-read articles, Playbooks of the Week, new feature
announcements, and more.
Sign up
Please enter a valid email.
By submitting this form, you agree to our Terms of Use and acknowledge our
Privacy Statement. Please look for a confirmation email from us. If you don't
receive it in the next 10 minutes, please check your spam folder.
GET THE LATEST NEWS, INVITES TO EVENTS, AND THREAT ALERTS
Enter your email now to subscribe!
Sign up
By submitting this form, you agree to our Terms of Use and acknowledge our
Privacy Statement.
Sign up
PRODUCTS AND SERVICES
* Network Security Platform
* CLOUD DELIVERED SECURITY SERVICES
* Advanced Threat Prevention
* DNS Security
* Data Loss Prevention
* IoT Security
* Next-Generation Firewalls
* Hardware Firewalls
* Strata Cloud Manager
* SECURE ACCESS SERVICE EDGE
* Prisma Access
* Prisma SD-WAN
* Autonomous Digital Experience Management
* Cloud Access Security Broker
* Zero Trust Network Access
* Code to Cloud Platform
* Prisma Cloud
* Cloud-Native Application Protection Platform
* AI-Driven Security Operations Platform
* Cortex XDR
* Cortex XSOAR
* Cortex Xpanse
* Cortex XSIAM
* External Attack Surface Protection
* Security Automation
* Threat Prevention, Detection & Response
* Threat Intel and Incident Response Services
* Proactive Assessments
* Incident Response
* Transform Your Security Strategy
* Discover Threat Intelligence
COMPANY
* About Us
* Careers
* Contact Us
* Corporate Responsiblity
* Customers
* Investor Relations
* Location
* Newsroom
POPULAR LINKS
* Blog
* Communities
* Content Library
* Cyberpedia
* Event Center
* Manage Email Preferences
* Products A-Z
* Product Certifications
* Report a Vulnerability
* Sitemap
* Tech Docs
* Unit 42
* Do Not Sell or Share My Personal Information
* Privacy
* Trust Center
* Terms of Use
* Documents
Copyright © 2024 Palo Alto Networks. All Rights Reserved
*
*
*
*
*
* EN
Select your language
This site uses cookies essential to its operation, for analytics, and for
personalized content and ads. By continuing to browse this site, you acknowledge
the use of cookies. Privacy statement
Manage My Cookie Settings
Your Opt Out Preference Signal is Honored
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information on cookie consent
Allow All
MANAGE YOUR CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices