Claroty, the cyber-physical systems (CPS) protection company, recently released new research from Team82 on remote access tool sprawl and the risk exposures it introduces to operational technology (OT) environments.
Data from more than 50,000 remote-access-enabled devices showed that the volume of remote access tools deployed is excessive, with 55% of organisations having four or more and 33% having six or more.
Team82’s research also found that a staggering 79% of organisations have more than two non-enterprise-grade tools installed on OT network devices.
These tools lack basic privileged access management capabilities such as session recording, auditing, role-based access controls, and even basic security features such as multi-factor authentication (MFA).
The consequence of utilising these types of tools is increased, high-risk exposures and additional operational costs from managing a multitude of solutions.
“Since the onset of the pandemic, organisations have been increasingly turning to remote access solutions to more efficiently manage their employees and third-party vendors, but while remote access is a necessity of this new reality, it has simultaneously created a security and operational dilemma,” said Tal Laufer, VP Products, Secure Access at Claroty.
“While it makes sense for an organisation to have remote access tools for IT services and for OT remote access, it does not justify the tool sprawl inside the sensitive OT network that we have identified in our study, which leads to increased risk and operational complexity.” he said.
While many of the remote access solutions found in OT networks may be used for IT-specific purposes, their existence within industrial environments can potentially create critical exposure and compounding security concerns.
According to Gartner®, security and risk management (SRM) leaders should, “perform a full inventory of all remote connections across the entire organisation, as shadow remote access likely exists throughout operational networks, particularly at field sites,” and “remove older remote access solutions when deploying newer CPS secure remote access solutions.
Organisations commonly deploy new solutions without focusing on what is left behind, and with the number of exploited VPN vulnerabilities growing, this could be a significant blind spot.
Claroty’s xDome Secure Access provides organisations with built-for-OT remote operations capabilities and OT-aware security architecture, delivering comprehensive visibility into both OT devices and the users connecting to them.
The solution can now be deployed either on-premise or in the cloud, enabling organisations to optimise remote access management and reduce their total cost of ownership.
Recognising that no two CPS environments are identical, xDome Secure Access provides flexible, operations-specific remote access regardless of an organisation’s geographic spread, network architecture, or cloud maturity, all while enabling regulatory compliance with frameworks such as NIST and NIS2.
About Claroty
Claroty has redefined cyber-physical systems (CPS) protection with an unrivaled industry-centric platform built to secure mission-critical infrastructure.
The Claroty Platform provides the deepest asset visibility and the broadest, built-for-CPS solution set in the market comprising exposure management, network protection, secure access, and threat detection
