Team82, Claroty’s research team, specialized in cybersecurity protection of connected systems (such as OT, XIoT, IoMT and IT), has published a new report that examines the growing use of remote access tools and the risks involved. for operational technology (OT) environments. Analysis of more than 50,000 remote access devices reveals overuse of these tools, with 55% of organizations using four or more, and 33% using at least six.

The study also shows that 79% of organizations have more than two non-enterprise tools installed on their OT networks. These lack essential privileged access management measures, such as session logging or auditing, and do not include even basic security features such as multi-factor authentication (MFA). The use of these solutions has increased both the risk of exposure to critical vulnerabilities and the operational costs associated with the simultaneous administration of multiple platforms.

According to Tal Laufer, vice president of secure access products at Claroty, the pandemic has driven companies to adopt remote access solutions to improve the management of their employees and suppliers. However, while these tools are useful for IT and OT, their increased use in sensitive OT networks has led to greater risks and greater operational complexity.

OT environments

Team82’s report, titled ‘The Remote Access Scatter Problem’, details some of the main issues that arise with these tools in industrial environments:

  • Lack of visibility: When third-party vendors access the OT network using their own solutions, enterprise security teams have little oversight of the activities.
  • Greater attack surface: More external connections mean more opportunities for attackers, who could take advantage of security flaws or compromised credentials to penetrate the network.
  • Complex identity management: The proliferation of remote access tools complicates the creation of consistent policies on who can access the network and what resources, which can lead to failures in managing access rights.

Gartner® recommends that security organizations conduct a thorough inventory of all remote connections and remove older solutions as they deploy new secure remote access tools, due to increasing vulnerabilities associated with the use of outdated VPNs.

Claroty offers a solution to this challenge with xDome Secure Accessa platform designed specifically for OT environments that provides complete visibility into connected devices and users. This tool, which can be implemented in the cloud or locally, allows companies to optimize their management and reduce costs, while complying with regulations such as NIST and NIS2. In addition, its flexible approach adapts to the network structure, geographic location and level of technological maturity of each organization.