Skip to main content
close search
site logo
Sponsored

Visibility: The baseline to securing manufacturing operation

Manufacturers face four major challenges in gaining the visibility needed to secure OT

Published Dec. 11, 2023
By Navneet Singh, vice president of marketing, network security, Palo Alto Networks
A robot arm holding a microchip
Andriy Onufriyenko via Getty Images

I love visiting factories and seeing larger-than-life machines and robots in action. But because I work in security, I know that seeing these same devices from a security perspective can be hard.

Industrial manufacturers have invested a lot in digital transformation to create business agility and improve competitiveness in today’s rapidly changing global marketplace. At the same time, all of this technological transformation is creating an expanded attack surface – that is, the number of all possible points or vectors where an unauthorized user can access a system and exfiltrate data.

Core to addressing this challenge is gaining comprehensive visibility of operational technology (OT) assets. So, how do you do that? Read on.

An expansion of connected devices

As manufacturing facilities have expanded in both size and volume, so has the OT infrastructure, leading to the addition of assets and equipment that are unaccounted for by the security team, as well as a lack of sufficient OT network security controls. Not only are there more assets, but now they’re connected to the network, creating security challenges.

Dave Gruber, principal analyst at Enterprise Strategy Group, has noted: “As industrial OT systems and IT systems become more interconnected, so does the size of the attack surface available to the adversary.”

The lack of visibility and concise inventory of an industrial organization’s network can present a huge barrier to implementing cybersecurity. Companies can’t secure what they don’t know about, and a lack of visibility makes it harder for any cybersecurity deployment to deliver effective segmentation and granular least-privilege security. Manufacturers need total awareness of assets, their vulnerabilities, communications flows and roles within industrial processes to establish security posture and segmentation and to apply the appropriate security policies across all IT, OT and industrial IoT devices.

Security has become a business imperative, and not having accurate visibility to effectively secure industrial infrastructure exposes companies to increased risk of cyber threats. This can ultimately result in major financial impact due to a loss of production, reputation damage, and regulatory fines.

Exploring four primary challenges  

Getting the right level of visibility into OT assets means overcoming these four issues:

  • Outdated systems: Many OT systems still run on antiquated hardware and software that weren’t created with contemporary cybersecurity in mind. These systems frequently don’t have monitoring and logging features.
  • Proprietary protocols: These are frequently used by OT devices and systems and might not be well-documented or easy to access for monitoring and analysis.
  • Bandwidth and IT tools: Many IT tools can initiate verbose queries to discover and monitor endpoints. For older OT devices this can impact their network stack, cause confusion, and swamp the network.
  • Limited expertise: There's often a shortage of cybersecurity experts with specific knowledge of OT environments, which can hinder the implementation of effective monitoring solutions or adequate security controls.

Regaining control

I’ve spoken with manufacturers around the world and these conversations have helped identify three ways industrial organizations can deliver the visibility they need to secure their OT operations:

  • Use a tool that speaks OT: Manufacturers need tools that can combine machine learning with crowdsourced telemetry to identify the company’s IT and OT assets, apps and users. These tools need to recognize both standard asset types and OT/ICS applications.
  • Identify applications at level 3 and below: Manufacturers must have the ability to identify assets. This includes OT assets that are mission-critical, such as distributed control system (DCS), ICS, human-machine interface (HMI), PLCs, remote terminal units (RTUs), supervisory control and data acquisition systems (SCADA) and jump servers. It also includes premises management like heating, ventilation, air conditioning, lighting, and sprinkler and fire alarm systems. 
  • Find a comprehensive toolset: You need a toolset that delivers seamless security with the rest of the enterprise and avoids gaps that come from stitching together different solutions. Most OT attacks come in through IT, so having a seamless approach is critical.

By adopting these three techniques, manufacturers can position themselves to deliver the visibility that can help secure their OT infrastructures. Once they achieve visibility, they can then focus on Zero Trust to optimally manage risk and work to simplify their operations.

Filed Under: Technology

Editors' picks

Editors' picks
Latest in Technology
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.