No matter the industry-be it energy, manufacturing, transportation, communications, building management, healthcare, utilities, warehousing, or others-most operational technology (OT) environments now incorporate a mix of cyber-physical systems (CPS), smart building solutions, Internet of Things (IoT), Industrial IoT (IIoT), and Internet of Medical Things (IoMT) devices.

These systems have several things in common. First, they are increasingly digitally connected to the IT network and/or the Internet. Next, most are now being monitored and managed remotely. And lastly, a defining characteristic of such systems is that they interact directly with the physical world, including dangerous environments or critical infrastructure. And as more devices are connected to these systems, this attack surface becomes wider and more vulnerable.

Staying Ahead of the Curve

As with IT networks, remaining secure requires OT networks and security to rapidly evolve to keep up with new threats and changing technology-particularly the need to connect every device. Traditionally, OT security has relied on obscurity because everything was air-gapped and nothing was connected to external systems. But this approach has changed rapidly over the last five years, resulting in nimbler, more responsive OT environments-and increased risk.

As a result, CISOs have begun taking on more responsibility for connecting and protecting OT networks, often by adopting an OT secure networking strategy. However, as OT security matures, CIOs are also taking on OT risk mitigation responsibility as they look to expand their security operations (SecOps) capabilities to include OT. But change doesn't stop there. The increased global pressure of regulation and compliance is forcing the entire C-suite to rapidly survey the evolving OT security space, looking for OT-specific solutions that work together as part of a platform. And because this market is new, it is quickly filling with unproven security start-ups, resulting in the same security sprawl, vendor overload, and siloed solutions that have plagued IT networks for years. 

Selecting an OT Security Platform

An OT security platform needs to secure devices, networks, and applications. But there are also some additional unique requirements across the OT security platform that need to be addressed, for example:

• Rugged Networking Devices:An OT platform must include a variety of ruggedized form factors to withstand harsh environmental conditions.
• OT Agents:Integrated, purpose-built tools should be designed to run on, monitor, and support OT-specific systems, including ICS.
• Secure Remote Access:An effective OT platform ensures that OT users and devices can securely connect to connected devices and external systems, including supporting zero-trust controls.

Fortinet OT Security Platform

An OT security platform needs to protect devices, employee & supply chain access, application access, the IT/OT convergence and integrated into the wider ecosystem of vendors.

Secure Networking -Secure Digital Networks

Perhaps the most visible area of OT security is Secure Networking as it enables OT systems to connect to the outside world. Some of these environments are quite harsh and so Fortinet offers a full range of hardened or rugged Firewalls, switches, access points and 5G extenders. And since its often hard to get agents on OT devices, physical microsegmentation within the network stack is offered across the entire stack.

Unified SASE -Secure Service Edge

With many more devices connecting to cloud applications, it is critical to secure application access. In addition, some sites cannot host a full security stack, hence FortiSASE can provide security in the cloud rather than on the devices themselves.

Security Operations -Secure IT/OT Convergence

Most IT Information Security Systems do not understand an OT environment. They were designed originally to understand such devices and interactions with the physical world. Fortinet has added specific OT modules to IT SecOps products to work in an OT environment.

Fortinet OT Security Services

It's becoming more important to understand what each OT devices is, what is does, how it's connected, and what it can talk to. This allows a more efficient NAC and microsegmentation strategy to be applied. It also allows virtual patching to be deployed to protect against urgent vulnerabilities. FortiGuard OT virtual patching, devices detection and analytics is the most comprehensive in the industry.

Ecosystem Partners

The OT ecosystem can contain many different types of vendors. Fortinet's focus is on two main groups, the first being Industrial Automation companies. We have developed partnerships with these global OT organizations where long-term the functionality will be fully integrated or in effect become OT-native within the overall solution. The second set of partners focus on identification and threat analysis of the specific OT environments and provide this information to Fortinet via Fabric-Ready technology integrations to facilitate determining what to allow or block. These include Armis, Claroty, Dragos, Nozomi Networks, and more.

Recent Additions to the Fortinet OT Security Platform

And, Fortinet continues to expand what already stands as the industry's most comprehensive OT security platform, with the following new capabilities releasing today:

Expanding OT Secure Networking

• Enhanced asset identification and OT network topology in the FortiOS OT Viewwith configurable asset location to improve asset identity, location, and communication pathways. 
• Expanded virtual patching capabilities and new capabilities in FortiOS.The introduction of virtual patching signatures in the FortiGuard OT Security Service provides wide-ranging vulnerability protection and unpatched OT asset shielding.
• Two new series of rugged switches. The FortiSwitch Rugged 216F-POE(power over ethernet) is designed to support bandwidth-intensive industrial environments and redundant architectures and theFortiSwitch Rugged 424F-POEhas features designed to power IIoT devices. 
• FortiSRA enables secure remote accessto support remote third-party contractors, auditors, and employees, protecting critical OT systems against threats from remote access and untrusted networks. 
• FortiExtender Vehicle update enables fleet managementin a ruggedized form factor to withstand harsh environmental conditions and offers secure LAN extension from remote FortiGate NGFWs to create a truly unified platform for vehicles and first responders. 

Expanding AI-Driven OT Security Operations

• Expanded OT capabilities in FortiSOAR, including the introduction of OT View -an IT/OT Overview dashboard with OT Asset management -and new compliance playbooks to increase OT network/asset visibility and remediation for OT. 
• Increased analytics and reporting capabilities in FortiAnalyzerby creating NERC CIP, IEC 62443-3-3, and IT/OT Risk reports. An upcoming IoT/IIoT/OT Dashboard includes analytics support for medical IoT devices to further assist with regulatory compliance and security posture evaluations.
• FortiNDR for OT provides network behavior analysisto identify known and unknown threats across the IT/OT infrastructure and detect OT network anomalies.
• FortiDeceptor-as-a-Service offers expanded deception for OT and IoTwith additional devices and protocols, and simplified deployments to streamline user experiences.

Enhancing OT Partnerships

• New integration betweenClaroty'sxDome and FortiManager 
• Armis' threat intel feed is now easily accessible from the FortiSIEM GUI
• Fortinet introduced a new Engage Preferred Services Partner (EPSP) OT Practice designation to empower OT channel partners with the tools they need to design and deploy OT network infrastructure.

Fortinet remains committed to continuing to enhance what is already the industry's most comprehensive OT security platform. Click here for more information about our platform and solutions.