In Operational Technology (OT) environments, where systems control physical processes and infrastructure essential to industries like manufacturing, energy, and transportation, the stakes for maintaining security are particularly high.
Cyber deception provides threat detection capabilities in OT environments, where devices have limited computational power and can’t run agents. Because decoys run independently of OT systems, they provide precise and high fidelity alerts with no interference or added system load.
OT Threats Gaining in Sophistication
Adversaries exploiting IT and OT assets in the OT environment
Ransomware
- Ransomware is one of the top threats targeting OT environments
- Ransomware variants targeting OT include Lockbit and Alphv
- Examples incidents: Colonial Pipeline, Norsk Hydro
ICS Malware
- OT malware performs OT/ICS specific exploits (Pipedream)
- OT malware exploits OT and ICS protocols
Insider Threats
- Insider threats represent a significant challenge in OT environments
- Insiders have trusted access to IT and OT assets
Identity Threats
- Adversaries leverage identity-driven attacks to target IT and OT assets
- Adversaries target Active Directory in OT environments
Supply Chain Attacks
- Adversaries inject malicious code into software libraries in OT equipment
- Adversaries exploit trusted access to perform malicious activity
Environment
- OT security has largely relied on air gapping as a prevention control
- Increased connectivity between IT and OT make air gapping less effective
- Internet connectivity for OT equipment creates attack pathways
- Patching OT equipment is often challenging and introduces risk of system instability
Security Control Limitations
- Special form factors, make agent-based security solutions less effective
- Security typically limited to NDR
- EDR cannot be deployed on OT equipment. limiting EDR efficacy
- Obtaining access to logs can be challenging
Deception Is an Effective Detection Layer for OT Security
Deception does not impact production OT assets
Detect threats targeting IT and OT assets in the OT environment
Detects OT threats early in the attack lifecycle: During reconnaissance and lateral movement phases
Divert threats toward decoys and away from production OT assets
Deception does not impact production OT assets
Detect threats targeting IT and OT assets in the OT environment
Detects OT threats early in the attack lifecycle: During reconnaissance and lateral movement phases
Divert threats toward decoys and away from production OT assets
Acalvio Provides a Comprehensive
Cyber Deception Solution for OT
Prebuilt decoys that support multiple OT protocols and devices
Agentless solution with minimal deployment footprint and no production impact
Packaged Playbooks to protect OT assets
Detections mapped to MITRE ICS matrix
The Honeywell Threat Defense Platform (HTDP) – Powered By Acalvio
The Honeywell Threat Defense Platform (HTDP) features autonomous deception technology from Acalvio, which helps thwart threat actors and provide accurate threat detection for buildings’ operational technology environments.
The HTDP service frees up internal security team resources, making it well-suited to organizations that need advanced detection but don’t have IT specialists dedicated to cybersecurity and don’t want to install or operate complex technology.
Acalvio Supports Industry Standards for OT Security
Represent assets across all levels of OT reference architecture.
Discover More
Learn how deception technology is protecting OT systems.
Next Steps
Defend your OT environment from cyber threats