OT Security Miniseries: Securing the Browser to Protect IT and OT Networks

In this Off the Wire Podcast OT miniseries episode based on the Dragos OT report, the hosts explain how OT environments are often compromised through IT networks and focus on the browser as a major attack target alongside email. They discuss practical ways to harden browser security, including DNS filtering (with examples like blocking newly registered domains and improving visibility), CIS browser hardening benchmarks and policies (updates, extension restrictions, disabling built-in password saving, limiting browsers), and the role of secure web gateways/web proxies with SSL inspection and DLP considerations. They also cover enterprise password managers, passkeys, and new enterprise browser tools that provide granular controls and DLP for web apps (including AI use cases), plus how EDR and SIEM telemetry support detection and response. They close with a recommended rollout order and preview upcoming episodes on third-party vendor management and OT network monitoring.

00:00 Mini Series Setup

00:43 Why Browsers Are Targeted

03:43 DNS Filtering Basics

06:41 Remote Protection Benefits

09:06 CIS Browser Hardening

11:30 Locking Down Extensions

14:11 Secure Web Gateway Proxies

16:56 Subscribe and Share

17:43 Enterprise Password Managers

19:23 Password Manager Benefits

20:22 Hosting and Vendor Risks

21:12 Passkeys and Unique Logins

23:37 KeyPass and Offline Vaults

24:05 Enterprise Browser Overview

25:53 DLP and Download Controls

26:40 BYOD Visibility and AI Policies

30:21 AI Extensions and Control

32:14 EDR and SIEM Telemetry

35:37 Layering Tools Before EDR

36:54 Practical Rollout Roadmap

40:55 OT Tie In and Next Episodes