Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Claroty: Identifying Internet-Exposed OT Devices

Claroty
07/12/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


You know, I remember a time when you could actually say air gap to like, uh, there was a lot more of that out there. Uh, nowadays I think if anyone's talking air gaps, like you really got a question, it's, there are some environments like that, but if you're going through a firewall, it's not air gap, right? So someone could connect back to it. So nowadays I think a lot of stuff is out there, right? There's a lot of connectivity, especially as systems, as not only we're utilizing other stuff for data historians, you know, we're sending more stuff out for engineering data. We're sending out more stuff for optimization. Maybe you bought a fancy new vibration monitoring system and it goes out to the cloud or something, right? There's a lot more of that stuff out there. And then the other case, they've made this stuff a lot easier, right? If you go to the vendors, it's very easy to get a, uh, you know, a point PLC, that's going to do something out in the field that can connect straight out to the internet, right? So as far as identifying it, the first is to recognize that it's, it's out there. And if you don't know where it's at, you should probably be questioning where it's happening because it's, it is something that happens a lot in these environments. If you're not aware of anywhere that it is happening, you should question like how our engineers getting to this stuff, right? If you have people remoting into that, that means you have a path. That means that there's somewhere that they're getting into it. So identifying that sort of stuff is really important. Then there's other things, right? There's network monitoring tools you can put in place that can start identifying this, looking for the actual, uh, calls out to the internet. And I think this is something that's really important, right? If you have unsecure stuff going out to the internet, especially if you're not aware of it, those are the, like, if we look at the attacks that we see nowadays, most of the time it's leveraging that sort of stuff, right? It's coming in through remote access path. It's coming in through something that's facing directly to the internet and you can just get to, right, it's a lot simpler to get to these things. And so these are, are generally our most, uh, like our most highly exposed devices. Uh, so if we're talking about controlling it, I think that this is like the A number one thing we should be going after, right? If, if you're trying to decide where to put my time, where to put my effort, if I'm going to put in a compensating control or change something, usually these are the, are really, really good starting point. You're never going to be upset that you went and fixed an internet facing vulnerability, right? It's, it's always going to be, uh, those sorts of things always pay dividends. So that's what I'd suggest, right? Go out there, you can get, uh, tools like Clarity or others to go look for those sorts of things. And then where you identify those really targeting those types of things first, I think is a, is a strong starting point.

TL;DR

  • True air-gapped OT systems are rare today, with most environments having internet connectivity through firewalls, cloud services, data historians, and remote access paths that create potential exposure.
  • Organizations should assume internet-exposed devices exist and actively search for them using network monitoring tools that identify outbound connections, especially if engineers have remote access capabilities.
  • Internet-facing OT devices represent the highest-risk attack surface and should be the top priority for remediation efforts, as most successful attacks leverage these direct access paths.

Summary

OT engineer Gary Kneeland addresses the challenge of identifying internet-exposed operational technology devices in modern industrial environments. He explains that true air-gapped systems are increasingly rare, with most OT environments now featuring some level of internet connectivity through firewalls, cloud-based monitoring systems, data historians, and remote access paths. Kneeland emphasizes that organizations should assume internet exposure exists and actively search for it, particularly as vendors make it easier to deploy internet-connected PLCs and field devices. He recommends using network monitoring tools to identify outbound internet connections and prioritizing remediation of internet-facing vulnerabilities, as these represent the highest-risk attack vectors in OT environments. The discussion highlights that most successful OT attacks leverage remote access paths or directly internet-accessible devices, making exposure management a critical starting point for OT security programs.

Chapters

0:00 - The Myth of Air-Gapped OT
0:34 - Modern OT Connectivity Drivers
1:10 - Identifying Internet Exposure
1:55 - Attack Vectors and Prioritization

Key Quotes

0:24 "... if you're going through a firewall, it's not air gap, right? So someone could connect back to it."
1:55 "... if we look at the attacks that we see nowadays, most of the time it's leveraging that sort of stuff, right? It's coming in through remote access path. It's coming in through something that's facing directly to the internet ..."
2:41 "You're never going to be upset that you went and fixed an internet facing vulnerability, right? It's, it's always going to be, uh, those sorts of things always pay dividends."

FAQ

How can I tell if my OT environment has internet-exposed devices?

Start by questioning how engineers access systems remotely—if remote access exists, there's an internet path. Deploy network monitoring tools to identify outbound connections to the internet, and use specialized OT security platforms like Claroty to discover and map internet-facing assets. Assume exposure exists until proven otherwise.

Why should internet-exposed OT devices be the top security priority?

Most successful OT attacks leverage remote access paths or directly internet-accessible devices because they're the easiest entry points for attackers. These represent your highest-risk attack surface, and remediating internet-facing vulnerabilities consistently delivers strong security returns on investment.


Categories:
  • » Cybersecurity » Network Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • OT
  • IoT Security
  • Network Security
  • Vulnerability Management
  • Technical Deep Dive
  • Best Practices
  • OT Security
  • Internet-Exposed Devices
  • Air-Gap Misconceptions
  • Network Monitoring
  • Remote Access Security
  • Attack Surface Management
  • OT Vulnerability Management
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Claroty: Identifying Internet-Exposed OT Devices

              Upcoming Webinar Calendar

              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies in Data Protection and Privacy Management
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-in-data-protection-and-privacy-management/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                14

                Crafting a Championship-Worthy Security Team for Unmatched Defense

                07/14/202601:00 PM ET
                • Jul
                  14

                  Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                  07/14/202602:00 PM ET
                  • Jul
                    21

                    Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                    07/21/202604:00 AM ET
                    • Jul
                      22

                      Insights and Strategies in Data Protection and Privacy Management

                      07/22/202606:30 AM ET
                      • Jul
                        22

                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                        07/22/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version