Introducing the OT Security Solution Accelerator
Security Chris DuffeyIn Cisco’s 2024 State of Industrial Networking Report, 89% of organizations surveyed state that Cybersecurity compliance is extremely or very important to their organization and 63% of those organizations have increased spending in this area. OT Security has long been an area where organizations have been able to leverage the power of Splunk to protect their most critical environments.
In many cases, organizations are looking to integrate those capabilities into their security operations center (SOC) and therefore leverage the OT Security Add-on for Splunk which directly integrates into the market-leading SIEM, Splunk Enterprise Security.
However, the reality is some organizations are just starting on their OT Security journey and may be early in their Splunk journey as well. For those customers, the OT Security Solution Accelerator can help them get started on that journey. The OT Security Solution Accelerator provides prescriptive guidance around data collection, reference architectures, and a Splunk app with existing content to accelerate their capabilities.
Data Management and Collection
Knowing what data to collect and how to collect it is a particular challenge in OT environments where many vendors and organizations want to reduce risk to the operational environment and may restrict collection methods. At the same time, many organizations leverage multiple vendors, control systems, and various other technologies, which means tools need to be able to handle all this data in a technology-agnostic manner.
The OT Security Solution Accelerator includes the Data Management Guide which details how to collect OT data and is based on methods used today by Splunk customers. This blog provides guidance on how to leverage existing agents or agentless methods which don’t compromise the safety and availability of OT environments.
Reference Architecture
OT Security Solution Accelerator App
The OT Security Solution Accelerator App is designed to provide as much as possible an out-of-the-box experience for our customers getting started with Splunk in their OT environment. This app includes the following content:
-
- Macros used to customize searches to your organization's specific implementation
- Lookups that allow you to filter and focus on what is most important to you
- Event types and tagging that allow you to quickly get dashboards populating with your own data
In addition, the app is built to make a transition to the OT Security Add-on for Splunk as easy as possible when your organization is ready to make that transition.
Installation and Configuration Guidance
For those implementing the OT Security Solution Accelerator app, prescriptive guidance around installation and configuration of the app is crucial to their success. The Installation and Configuration guide helps you to understand key steps in this process including key data sources, macros, and lookup objects involved in implementation.
Want to Learn More?
Want to learn more? Please check out the following useful assets:
- Want to start using Splunk today for OT Security including use cases, dashboards, and more? Check out the OT Security Solution Accelerator.
- Ready to see each OT security use case broken out so that you can start implementing today? Check out the Splunk Lantern Page.
- Curious to know how else Splunk can help you in Manufacturing? Check out the Splunk for Manufacturing Page.
If you’re new to Splunk and want to learn more, contact us. Existing customers can reach out to their Splunk sales team for direct assistance.
Related Articles
Embracing Observability Tools to Empower Security Incident Response
Detecting Google Cloud Platform OAuth Token Abuse Using Splunk
