Claroty reveals remote access risks in OT environments report

Claroty has released new research focusing on the proliferation of remote access tools and the risks they pose to operational technology (OT) environments. The report, which analysed data from over 50,000 remote-access-enabled devices, revealed that 55% of organisations utilise four or more remote access tools, while 33% have six or more.

Moreover, a significant 79% of organisations reportedly have more than two non-enterprise-grade tools installed on their OT network devices. These tools, often consumer-grade tablets and phones, lack essential security features such as multi-factor authentication (MFA) and privileged access management capabilities, including session recording and auditing. This usage introduces increased risk and added operational costs stemming from the management of multiple solutions.

“Since the onset of the pandemic, organisations have been increasingly turning to remote access solutions to more efficiently manage their employees and third-party vendors, but while remote access is a necessity of this new reality, it has simultaneously created a security and operational dilemma,” said Tal Laufer, VP Products, Secure Access at Claroty. “While it makes sense for an organisation to have remote access tools for IT services and for OT remote access, it does not justify the tool sprawl inside the sensitive OT network that we have identified in our study, which leads to increased risk and operational complexity.”

The study highlights several critical vulnerabilities introduced by the widespread use of remote access tools within OT environments. One major concern is the lack of visibility for OT network administrators and security personnel when third-party vendors connect using their own remote access solutions. This scenario leaves administrators with little to no visibility into associated activities.

Further risks include an expanded attack surface due to the increased number of external connections into the network. This expansion provides more potential attack vectors that could exploit substandard security practices or leaked credentials. Additionally, the complexity of managing multiple remote access solutions complicates the administration and governance policies needed to regulate network access rights, further increasing the risk of blind spots in access rights management.

The report also references guidance from Gartner, which advises security and risk management leaders to “perform a full inventory of all remote connections across the entire organisation, as shadow remote access likely exists throughout operational networks, particularly at field sites,” and to “remove older remote access solutions when deploying newer CPS secure remote access solutions.” This recommendation underscores the potential for overlooked vulnerabilities when new solutions are deployed without fully addressing legacy systems.

Claroty proposes its xDome Secure Access as a solution to mitigate these risks. xDome Secure Access offers built-for-OT remote operations capabilities and an OT-aware security architecture. This solution is designed to provide comprehensive visibility into both OT devices and the users connecting to them. It can be deployed either on-premise or in the cloud, thereby enabling organisations to optimise remote access management and reduce overall costs. Additionally, xDome Secure Access supports regulatory compliance with frameworks such as NIST and NIS2, catering to the specific needs of diverse CPS environments.