On-Demand Webinar / IT/OT

Tenable OT Office Hours

点播

Join the Tenable OT team for recurring sessions addressing your questions, highlighting product features, and exploring best practices for using Tenable OT Security.

If you have questions about your Tenable OT Security solution, join our Office Hours webinars for answers. Led by the Tenable OT security engineers, these sessions provide an open forum for addressing your challenges and sharing best practices through discussion and demonstrations.

Watch the session from 9th June 2026 or register for one of the upcoming EMEA OT Office Hours on:

Click here to review the webinar summary

Tenable OT Office Hours: Q2 2026 - What's New with Tenable OT and AI Integration

This webinar provides a comprehensive update on recent developments in Tenable OT Security, focusing on the upcoming 4.7 release, the enhanced offline OT agent, and Tenable's strategic initiatives in artificial intelligence and its impact on operational technology environments.

[00:00:00] Welcome and Agenda Overview

Chris Baker, along with Dom Storey, Daniel Künzli, Almog Tayar, and Avram Pelec from the OT product team, introduces the Q2 OT office hours and outlines the packed agenda for the session, including new features and strategic directions.

  • Team Introduction: Chris Baker, Dom Storey, Daniel Künzli, Almog Tayar, and Avram Pelec (OT product team) welcome attendees.
  • Q&A Engagement: You can submit questions throughout the webinar using the Q&A feature, even on topics not explicitly covered.
  • Agenda Highlights: Key topics include the upcoming 4.7 release, an in-depth look at the offline OT agent, news on Frontier AI, OT and AI integration plans, a live AI demonstration, and an open Q&A session.
  • Forward-Looking Statements: We emphasize that discussions about future features are forward-looking and do not constitute a commitment.

[00:02:36] What's Coming in Tenable OT Security 4.7

Daniel Künzli details the enhancements and new capabilities included in the Tenable OT Security 4.7 release, currently in early access and expected to be generally available soon.

  • Extended Subnet Management: We have enhanced subnet management in ICPs, allowing for central management from the Enterprise Manager for large-scale deployments.
  • Offline OT Agent Use Cases: This release introduces new capabilities for the offline OT agent, which Almog Tayar will cover in more detail.
  • My Saved Views: You can now save your customized filters and views across inventory and findings, accessible from a single icon within the product.
  • Goose Support for IEC 61850: We added Goose protocol support, complementing existing MMS capabilities, to help identify issues within Goose traffic in substations.
  • New Vendor Support: We introduced new policies, including seven for Yokogawa Centrum, to detect changes like start, stop, and write tags.
  • Direct TLS Support for Syslog: You can now send Syslog over TLS directly from our Syslog service to any other Syslog server without needing Logstash.
  • Improved TCP Session Detection Accuracy: Enhancements to TCP session detection provide more accurate identification of source and destination in network communications, leading to a cleaner policy engine.

[00:06:00] The Offline OT Agent (Portable State)

Almog Tayar provides an in-depth look at the new offline OT agent, explaining its purpose, functionality, and how it addresses challenges in remote and disconnected environments, including a live demonstration.

  • Purpose: The OT agent is our solution for remote environments where traditional sensors are impractical, deployed on Windows machines like HMI workstations.
  • 4.7 Focus (Offline Agent): This version focuses on the "portable state" of the agent, enabling offline scanning for environments without live ICP connections.
  • Operational Flow: You set up the scan on the ICP, download the scan profile, upload it to the agent (which now has a new UI), perform the scan, and then upload the results back to the ICP.
  • Key Use Cases: Ideal for standalone environments, remote rigs, offshore vessels, or mobile auditing scenarios where engineers need to discover devices in difficult-to-reach areas.
  • Network Area Management: A critical new feature is the Network Area, which allows you to define logical and physical locations. This prevents asset collisions and ensures organized reporting when scanning duplicated networks or IP ranges.
  • Agent UI and Scanning: The new agent UI lets users select between uploading a scan file (offline) or pairing with an ICP (online). The user confirms their current network area and can then run or schedule scans.
  • Results Integration: Scan results are uploaded manually to the ICP, where they are organized by network area, providing a clear inventory of newly discovered assets and their associated host agents.
  • System Compatibility: The offline agent currently supports Windows 10 and above, with Linux support planned for future versions.

[00:17:06] Tenable's AI Strategy and OT Impact

Chris Baker outlines Tenable's broader AI strategy, highlighting key partnerships and initiatives, and discusses how these advancements, including Tenable Hexa AI, will influence and integrate with OT security.

  • Project Glassroom with Anthropic: Tenable has joined Anthropic's Project Glassroom, gaining early access to Frontier AI capabilities through Claude Mythos preview to enhance exposure analysis, attack path prioritization, and remediation.
  • Tenable Hexa AI Introduction: Announced at our Exposure conference, Hexa AI is our agentic AI engine designed for enterprise-ready, end-to-end workflows across modern attack surfaces within Tenable One.
  • Hexa AI Capabilities: You can use pre-built agents or create custom agents via the Model Context Protocol (MCP) server to execute complex workflows, orchestrate remediation, create tickets, generate custom policies, and produce audit reports.
  • OpenAI GPT 5.5 and Daybreak Program: Tenable is part of OpenAI's trusted access for cyber (Tac program) and the Daybreak program, contributing to the development of AI-driven solutions for identifying, patching, and validating software vulnerabilities.
  • AI Exposure Detection: Tenable One is developing the ability to identify AI usage (e.g., Copilot, Gemini, Chat GPT, local LLMs) to build governance and facilitate safe AI adoption within your environment.
  • OT Specific AI Considerations: We acknowledge the interest in AI within OT, recognizing potential restrictions and challenges, but aim to demonstrate how AI can be utilized within OT and as part of the wider Tenable platform.
  • Claude Compliance API: This API provides visibility and governance around Claude usage for secure adoption.
  • Four Pillars of OT AI Focus:
    • Assume AI Attacks: We must anticipate AI-accelerated cyber attacks, as demonstrated by real-world incidents.
    • Manage Exposure: Understand and manage your full exposure, including assets, vulnerabilities, misconfigurations, and identities, across IT and OT.
    • Unify Visibility: Gain a connected view of attack paths across IT/OT converged environments to address lateral movement.
    • Fix Choke Points: Since patching OT environments is often difficult, focus on identifying and remediating root causes, managing identities, patching upstream, or implementing mitigating controls like firewalls or virtual patching.

[00:25:15] OT AI Integration Strategy

Almog Tayar discusses Tenable OT Security's specific AI integration strategy, outlining how we plan to incorporate AI to enhance security, reduce manual efforts, and provide advanced intelligence across various deployment scenarios.

  • Core AI Philosophy: Our goal is not just to use AI, but to reduce drudgery, provide extra intelligence, and enhance security for your OT environments.
  • Diverse Consumption Methods: We are building different ways to consume AI data, acknowledging varied OT personas, internet connectivity limitations, and concerns about classified information.
  • MCP for OT (Next Quarter):
    • Target Audience: For organizations using their own LLM connected to an ICP or Enterprise Manager.
    • Initial Focus: Enable cross-ICP querying, allowing you to ask questions across all your sites simultaneously from the Enterprise Manager level.
    • Actions: We will introduce read and write capabilities, such as creating tags, asset groups, and policies.
  • Tenable Hexa AI (GA on Tenable One):
    • Current Availability: Hexa AI is generally available at the Tenable One level. If your OT is connected, you can already use Hexa agents to query OT assets.
    • Future Integration: We are building infrastructure to bridge Tenable One and the ICP/Enterprise Manager, allowing Hexa to retrieve information and perform actions directly on OT systems.
  • Native In-App AI (Coming Next): Following MCP and Hexa, we will integrate native AI capabilities directly within the OT GUI (ICP and Enterprise Manager) to facilitate easy querying, automation, and actions.
  • Asset Enrichment: As a powerful use case, AI will help us move from 90-95% inventory coverage to nearly 100% for unknown or unclassified devices and endpoints.
  • Local LLM within ICP: For environments without public cloud access, we are developing a local LLM solution that will run within the ICP itself, providing AI capabilities on-premise.

[00:31:17] AI in Action: The Art of the Possible

Dom Storey demonstrates how Tenable's AI, including Hexa AI and local AI models, can be leveraged to query and gain insights from OT data, showcasing both cloud-connected and entirely disconnected scenarios.

  • Hexa AI Agentic Engine: Tenable's AI works with an MCP (Model Context Protocol) that connects to our backend AI, with all Tenable products acting as data sensors.
  • Tenable One with Hexa AI Demo: Dom shows how a chat box in Tenable One can be used to ask natural language questions (e.g., "Show me all my Rockwell PLCs") and receive detailed information about assets, including concerns.
  • Local AI for Confined Environments: For environments where global AI is not feasible, Tenable offers local AI options.
  • Local Architecture: Data flows from sensors to ICPs, then to the Enterprise Manager. The Enterprise Manager's MCP can then feed into local LLMs (like DeepSeek, MBR AI) or Tenable One with Hexa.
  • Open-Source MCP for ICPs: An open-source MCP developed by a Tenable consultant can be installed on individual ICPs, providing direct AI interaction.
  • Claude Desktop Integration: Dom demonstrates using Claude to interact with the local MCP, listing available tools (scripts that use GraphQL APIs for read/write operations) and executing prompts to retrieve asset data based on tags (e.g., "Get assets which are tagged Reactor").
  • Entirely Local AI with Libra Chat: Dom also demonstrates using Libra Chat with a local AI model (a 30 billion node model) running on a local AI server to perform similar queries, highlighting the flexibility for fully disconnected environments.

Watch the Full Webinar

We hope you found this Q2 OT office hours informative. We are excited about the rapid advancements in Tenable OT Security and our strategic AI integration. We encourage you to reach out to Almog and Avram with any ideas or requirements you may have regarding these new capabilities. The Tenable OT Security 4.7 release, including the offline agent, is currently in Early Access and is targeted for general availability by the end of June, subject to standard release processes. Join us for our next office hours in September for more updates and insights.


演讲嘉宾

Chris Baker
Chris Baker

Tenable OT 安全销售经理

Photo of Dominic Storey, OT Architect / Principal Security Engineer, Tenable
Dominic Storey

OT Architect / Principal Security Engineer, Tenable

Daniel Künzli
Daniel Künzli

Senior Security Engineer OT EMEA, Tenable

资源

解决方案
Tenable for DoD: Cybersecurity beyond ACAS
产品资料
技术客户管理 (TAM)
解决方案
保障现代数据中心安全