Industry News

Palo Alto Networks Aims to Secure Critical Infrastructure With Zero Trust OT Security

11 March 2023

Palo Alto Networks today introduced the Zero Trust OT Security solution, which is designed to offer unified management of its firewalls, 5G, and operational technology (OT) security product combinations to help industries enhance their security resilience for critical infrastructure.

As cyberattacks targeting OT environments have been growing, the new cloud-based solution is built to offer a consistent security service to secure the whole infrastructure that includes OT assets, remote access, and 5G connectivity, Palo Alto Networks claims.

The zero-trust package includes a variety of the vendor’s products and customers can use it by choosing different combinations based on their business needs and network architectures, Palo Alto Networks VP Xu Zou told SDxCentral.

For example, to protect OT assets, applications, and networks, customers can use the vendor’s next-generation firewalls (NGFWs) and its Industrial OT Security service; for remote access protection, they can choose Prisma SASE or Prisma Access; and to secure 5G-connected devices and applications, the package can offer NGFWs and 5G-native security.

Customers can also add other Palo Alto Networks services such as Advanced Wildfire, Advanced URL filtering, domain name system (DNS) security, and Advanced Threat Prevention to those combinations as needed, Zou noted.

Users can turn on this service on its existing Palo Alto Networks NGFWs without the need to change their existing infrastructure or deploy any additional appliances, he added.

The Zero Trust OT Security solution “is custom-built to recognize hundreds of unique OT device profiles, over 1,000 OT/industrial control system (ICS) applications, and has hundreds of unique OT threat signatures to help protect these hard-to-secure assets. It harnesses machine learning with crowdsourced telemetry to achieve this.”

This unified security model can help protect the complex OT environments, Enterprise Strategy Group principal analyst Dave Gruber said in a statement. “Defending against increasingly sophisticated threats requires expanded security strategies that can provide visibility, granular context, and zero-trust capabilities across both OT and IT networks, devices, applications, and users.”


Zero Trust OT Security for Supply Chain Threats

Critical industries are facing a complex challenge in securing OT environments, including the lack of complete visibility, patching and upgrade challenges, too much access and unlimited permissions, and inconsistent security.

“One big challenge to address supply chain risk is the lack of visibility,” Zou said. “Our Industrial OT Security can provide a comprehensive inventory of OT assets —identity, make, model, operating systems, application, and risk contexts like CVE and other risk factors.”

Palo Alto Networks touted it offers as a combination of the machine learning-powered OT security engine, App-ID technology, and crowdsourced telemetry to identify OT devices, protocols, and applications.

Zou pointed out another issue for supply chain management is that vulnerable OT assets are often not patched. “Now with increasing external communication driven by digitization, our Industrial OT security provides zero-trust security with dynamic device-based least privilege access control, and real-time continuous security inspections to detect and prevent malicious activities taking advantage of the supply chain related risks.”

Zou underscores the importance of using zero-trust principles for OT security.

“The importance of critical infrastructure to society cannot be understated. It needs to be operationally resilient, be able to reduce the potential attack surface, and minimize the new or expanding risks that are caused by rapid digital transformation,” Zou noted. “A zero-trust approach to the security of the critical infrastructure is imperative to ensure the resilience and availability of services that society depends on every day.”