Key Takeaways: 2022 Gartner Market Guide for Operational Technology Security

Market Guide for Operational Technology Security

Gartner recently released its 2022 Market Guide for Operational Technology Security, meant to cover emerging markets currently in limbo. The editors at Solutions Review take a look at the key takeaways.

Analyst house Gartner, Inc. recently released its new Market Guide for Operation Technology Security. The researcher’s Market Guide series is meant to cover new and emerging markets where software products and organizational requirements are in limbo. Gartner’s Market Guides can be a great resource for understanding how a fledgling space may line up with current and future technology needs.

According to Gartner, operational technology is defined as “hardware and software that detects or causes a change through the direct monitoring and/or control of industrial equipment, assets, processes, and events.” Operation Technology security includes practices and technologies used to protect them. Emerging platforms are referred to as cyber-physical systems (CPS) protection platforms.

When choosing a CPS security platform, Gartner recommends Security Risk Management (SRM) leaders should anchor security efforts to operational resilience, assess where they are on the typical end-user OT/CPS security journey, and accelerate IT/OT security stack convergence by inventorying all assets used in their organizations. Over the past few years, CPS discovery platforms have emerged to help security leaders inventory this sprawling technology estate. These platforms are usually agentless and can be explained to operations as not adding additional risk. They are also increasingly interoperable with other security tools such as SIEM or SOAR solutions. Initial platform features centered around asset discovery, visibility, and network topology. However, as vendors have continued to add new features to these platforms, they have become CPS protection platforms. Features now available include threat intelligence (TI), vulnerability management, risk scoring, or secure remote access.

Gartner highlights the following vendors in the OT Security market: Accenture, AirEye, Airgap, Armis, Barracuda, BeyondTrust, Blue Ridge Networks, Booz Allen Hamilton, Capgemini, Cervello, Claroty, Cylus, Darktrace, DeNexus, Dispel, Dragos, Forescout, Fortinet, Hexagon, Kudelski Security, Microsoft, Mission Secure, Nozomi Networks, NTT, Onclave Networks, Open Cloud Factory, Optiv, Orange Group (Orange Cyberdefense), Ordr, Owl Cyber Defense, Palo Alto Networks, Radiflow, Red Trident, SCADAfence, SecurityGate.io, Shift5, Tenable, Verve, Waterfall Security Solutions, and Xage Security.

Gartner describes the OT/CPS journey as a six-phase process:

  • Phase 1: Awareness In this phase, new prioritization and focus arise, typically driven by a breach that causes bottom-line impacts; board, C-suite, and CIO involvement; or digital transformation initiatives forcing organizations to revisit their risk positions. The team usually tapped to figure it out is the IT security team, which brings its IT-centric biases to the task and quickly realizes it is stepping into a new and foreign environment where it isn’t always welcome.
  • Phase 2: Asset Discovery/Network Topology Mapping Once an organization reaches the Awareness Phase, the next step is determining what connected systems exist in the environment and what the risk profiles look like. This usually involves reaching out to the teams supporting OT assets to find out what enterprise-wide IT architecture and OT security policies and procedures exist.
  • Phase 3: The “Oh Wow!” Moment Invariably, these proof of concepts become eye-openers. Examples include unmanaged assets being connected everywhere, and OT networks initially designed to be highly segregated have become flatter than realized.
  • Phase 4: Firefighting In this phase, actions are prioritized and deployed. Governance gaps can be tackled with the creation of steering committees, such as when risk assessments can uncover high-value assets where security efforts need to be prioritized. The focus is on immediate efforts, such as network segmentation reviews, endpoint hardening, threat intelligence, patching when practicable, or incident response plan updates.
  • Phase 5: Integration This is the stage in which OT security is integrated and coordinated with IT and other security governance, monitoring, and reporting. Previously siloed security disciplines converge under a newly created chief security officer (CSO) role; for example, security tools converge and offer broader situational awareness, and security policies are updated to account for non-IT-specific environments. This phase may include integrating with a security information and event management (SIEM) or security orchestration automation and response (SOAR) solution.
  • Phase 6: Optimization As convergence bears fruit and more data emerges from the OT-centric security tools deployed, organizations realize that the unprecedented amount of visibility and data they can now access could benefit security teams with additional features, as well as non-security teams in operations, maintenance, procurement or engineering. Gartner interactions show that some organizations have used data from CPS protection platforms to feed predictive maintenance efforts, for example, or inform purchasing decisions based on asset usage metrics.

The past two years have seen a marked increase in links between IT security and OT security solutions. Most OT security vendors (and all CPS protection platform vendors) have strategic partnerships with established IT security vendors. The modularity associated with platform-based features and functionalities is attractive to end-users, who can consume them based on their current needs and maturity. The platform business model also means that vendors can increasingly offer Software as a Service (SaaS)-based pricing models and opens the doors to more cloud-based and analytics-centric solutions. Some vendors now offer both passive on-premises solutions for brownfield systems and cloud-based solutions for “greenfield” systems.

Read the Market Guide for Operational Technology Security Here.


Mike Costello
Follow me @