Introducing the OT Security Solution Accelerator

In Cisco’s 2024 State of Industrial Networking Report, 89% of organizations surveyed state that Cybersecurity compliance is extremely or very important to their organization and 63% of those organizations have increased spending in this area. OT Security has long been an area where organizations have been able to leverage the power of Splunk to protect their most critical environments.

In many cases, organizations are looking to integrate those capabilities into their security operations center (SOC) and therefore leverage the OT Security Add-on for Splunk which directly integrates into the market-leading SIEM, Splunk Enterprise Security.

However, the reality is some organizations are just starting on their OT Security journey and may be early in their Splunk journey as well. For those customers, the OT Security Solution Accelerator can help them get started on that journey. The OT Security Solution Accelerator provides prescriptive guidance around data collection, reference architectures, and a Splunk app with existing content to accelerate their capabilities.

Data Management and Collection

Knowing what data to collect and how to collect it is a particular challenge in OT environments where many vendors and organizations want to reduce risk to the operational environment and may restrict collection methods. At the same time, many organizations leverage multiple vendors, control systems, and various other technologies, which means tools need to be able to handle all this data in a technology-agnostic manner.

The OT Security Solution Accelerator includes the Data Management Guide which details how to collect OT data and is based on methods used today by Splunk customers. This blog provides guidance on how to leverage existing agents or agentless methods which don’t compromise the safety and availability of OT environments.

Reference Architecture

Being able to implement Splunk to meet customer requirements is always a key discussion point when discussing OT environments. Whether your organization needs to implement Splunk in an isolated OT environment, shared with multiple business units, hybrid, or completely in the cloud, the included Reference Architectures help you to understand how to implement Splunk while minimizing risk to your OT Environment.

OT Security Solution Accelerator App

The OT Security Solution Accelerator App is designed to provide as much as possible an out-of-the-box experience for our customers getting started with Splunk in their OT environment. This app includes the following content:

• Searches for key use cases of OT Security such as perimeter monitoring, usage of external media, industrial protocol usage, and remote access to OT environments
• Macros used to customize searches to your organization's specific implementation
• Lookups that allow you to filter and focus on what is most important to you
• Event types and tagging that allow you to quickly get dashboards populating with your own data

In addition, the app is built to make a transition to the OT Security Add-on for Splunk as easy as possible when your organization is ready to make that transition.

Installation and Configuration Guidance

For those implementing the OT Security Solution Accelerator app, prescriptive guidance around installation and configuration of the app is crucial to their success. The Installation and Configuration guide helps you to understand key steps in this process including key data sources, macros, and lookup objects involved in implementation.

Want to Learn More?

Want to learn more? Please check out the following useful assets:

• Want to start using Splunk today for OT Security including use cases, dashboards, and more? Check out the OT Security Solution Accelerator.
• Ready to see each OT security use case broken out so that you can start implementing today? Check out the Splunk Lantern Page.
• Curious to know how else Splunk can help you in Manufacturing? Check out the Splunk for Manufacturing Page.

If you’re new to Splunk and want to learn more, contact us. Existing customers can reach out to their Splunk sales team for direct assistance.