2019 marked a year of substantial growth and change in the Operational Technology (OT) Security market. PAS introduced OT Cybersecurity Risk Analytics with the 6.3 release of Cyber Integrity in the spring and purchases of our solution grew significantly across multiple geographies and verticals including the US, Europe, and the Middle East with leading organizations in the chemicals and oil & gas industries, in particular. There were multiple, notable acquisitions in the network deep packet inspection tool category by larger networking and security providers. Gartner also introduced its latest 2019 Market Guide for Operational Technology Security in November (click on the link to obtain your complimentary copy, a $1295 value, courtesy of PAS).
In the Gartner report, the number of Representative Vendors expanded to forty-seven across six different categories. New categories added were:
- OT Secure Remote Access
- Emerging security trends linked to the rise of Cyber-Physical Systems (CPS)
Along with the existing categories of:
- OT Network Monitoring & Visibility
- OT Network Segmentation
- OT Endpoints Security
- OT Security Services
PAS was included in the report for the second year in a row and named as a Representative Vendor for both OT Network Monitoring & Visibility and OT Endpoints Security.
The Market Guide states the following:
"Gartner inquiries and secondary research show that SRM [Security and Risk Management] leaders' interests are focused on asset discovery, anomaly and vulnerability detection, incident response, endpoint protection, and access management. SRM leaders are particularly interested in discovering, profiling, tracking and managing assets."
"The adage 'you can't manage what you can't see' continues to hold true, and having an accurate picture of all connected assets is key. Traditional point-in-time approaches to asset management, based on audit mindsets, are no longer enough."
The report also observes:
"The use of IT technologies to make physical changes to the state of OT systems and environments has unique safety, business continuity and physical security implications. Furthermore, porting IT security technology and practices to address OT security will not result in a more-secure OT environment. Because IT security products do not take OT specificity (e.g., inability to patch on-demand, OT protocols and the latency requirements of OT) into consideration, enterprises must carefully consider their approaches to OT security."
At PAS, we find Gartner's research aligns closely with what we observed in 2019.
In 2019, we saw growing interest in security solutions specifically built for OT. Our customers continue to tell us they need a highly detailed and accurate OT inventory down to Level 0 of the Purdue Model. They see it is a foundational requirement for good OT cybersecurity practices because it enables them to quickly and accurately assess, prioritize and remediate security vulnerabilities and, ultimately, helps them better protect their organizations.
According to feedback we received from multiple customers in 2019, IT-centric security offerings they evaluated lacked the ability to build the detailed and accurate OT inventory they needed for such analysis. PAS Cyber Integrity uses a unique technical architecture to build this inventory. By directly leveraging industrial control system (ICS) configuration data, PAS can discover more details about hardware, software, and versioning down to Level 0 than using a packet-sniffing tool, regardless of whether that tool is operating in passive or active mode. And we aggregate and analyze this deep configuration data across more than 120 different control systems – a key purchasing factor for multiple PAS customer wins in 2019. What’s more, only configuration data monitoring enables the detection of unauthorized changes by hackers and other malicious actors that might result in process safety and reliability issues. With such data, you can also restore operations faster in the event of a security breach vs. relying on the knowledge within the plant operations team alone.
As 2020 gets started, we expect to see more growth and evolution in the OT Cybersecurity market. PAS Global is pleased to be working with so many leading organizations to help them improve their cybersecurity posture. We look forward to what we will be introducing in 2020 to further assist our customers. Stay tuned…
Gartner Market Guide for Operational Technology Security , Katell Thielemann, Ruggero Contu, Wam Voster, Barika Pace, 5 November 2019
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.