ICS/OT Asset Discovery Solutions


ICS/OT Asset Discovery Solutions

Multiple automated tools are available on the market where assets can be entered automatically These tools should be configured depending on the specific ICS network.

PBOSecure can help you with the best breed asset management tool widely available in the market and it is more suitable for your ICS network.

There are three product categories of asset management solutions available in the market.

a) ICS/OT Network Anomaly Detection(NAD) Solution

NAD inspects the content of OT (Moving Data) network traffic, also referred to as deep packet inspection (DPI). This is achieved through the real-time monitoring of all network packets (“passive scanning”) through SPAN ports, using network appliances and various analytical algorithms. Alerts are then issued for traffic anomalies, as well as for traffic patterns that are classified as potentially malicious, or pointing to vulnerable configurations. An example for the latter would be successful attempts to connect to the ICS without a password or by default. The detection of network anomalies makes it possible to detect network cyberattacks and vulnerable configurations. As an added value, it provides greater visibility in ICS/OT networks, since the identity of the assets (hardware brand, model and category) can be derived from network traffic.

b) ICS Configuration Control Solution

As with NAD, ICS/OT configuration control solutions focus on content, but data content at rest (configuration files). The ICS configuration control solution interprets the configuration files of distributed control systems, enabling engineers to understand the meaning (impact) of configuration changes. this results in Enhanced reliability and security by tightly controlled ICS configuration integrity.

c) ICS/OT Asset Discovery(combination of a and b)

Asset management is an interesting case because it has been around for decades in IT, but until now was underrepresented in OT. This notwithstanding the fact that all ICS/OT security standards require a comprehensive inventory of assets. OT/ICS asset discovery solutions provided by this category of tools, concentrate on both resting data and moving data that is obtained by direct device query using legitimate protocols. The network topology is discovered and viewed automatically, up to the physical layer, using the SNMP requests from the network equipment. Network traffic is captured by using Network Monitoring and Analyzer tool, which means you can see the data flow relations including counterparts and protocols, but not the exact meaning or impact of any given packet. Such IT/OT Asset discovery tool enhance the productivity of various ICS/OT stakeholders by establishing an ICS/OT system model that can be viewed, analyzed, researched and shared. Like ICS configuration control (b above), managing overtime assets is not limited to the use of cybersecurity. In contrast to ICS configuration control, ICS/OT asset discovery supports a wider range of security-related use cases.

Our experienced Instrumentation Control and IT Professionals can be consulted for the right category tool to meet your Asset Discovery requirement.