“Products from current leaders such as Claroty and Nozomi Networks, as well as CyberX, Indegy and about 15 other competitors, are not what ICS asset owners actually want or need. They (…) will only be accepted as a product offering for the next 1 – 3 years.”
So wrote Dale Peterson in his blog two months ago.
Dale based his pessimistic market outlook on functionality and integration perspectives of ICS detection products, basically diagnosing a lack of product/market fit. He might have missed a trivial factor though that puts a hard ceiling on market size: Unit cost of hardware appliances.
The cost of hardware appliances is fixed. It multiplies with the number of networks.
You have heard the praise for “passive scanning” over and over again, but at some point in time you cannot fail to discover the hidden downside. Due to the realtime processing of network traffic that is involved, “passive scanning” requires dedicated hardware in every single process network. If your operation only has a dozen or so networks, you may shrug this off. But what about hundreds, or thousands of networks?
Let’s do a quick calculation! Assuming the acquisition cost for a single monitoring appliance is $3k, and you have a humble 250 networks that you intend to monitor (insert your own numbers here), that results in… probably a number beyond your budget! And that’s only for the hardware, before even thinking about software licenses, technical support contracts, on-top consulting services etc. pp.
Besides the acquisition cost… since you plan to install new hardware and re-configure networks (opening SPAN ports, doing the required cabling etc.), change cases will need to be requested and approved. How many years is the rollout process supposed to take? Or what about networks at remote sites that are difficult to reach, such as an unmanned pumping station in the middle of nowhere? Who is supposed to install and maintain those boxes, and how does it translate to labor cost?
The bottom line is: Passive scanning doesn’t scale because of the unit cost of hardware appliances. It is fixed and, therefore, multiplies with the number of subnets that need to be monitored. It doesn’t decrease with volume. But few organizations think favorably about buying a truckload of network monitoring appliances and spending years for deployment. Some may even consider the risk of the vendor no longer being in business before the last appliance will be commissioned. Or, as Dale says:
“Management should understand that whatever you decide to do in 2019 / 2020 may be replaced in 2022 / 2023.”
But wait! Aren’t some vendors already offering software images that can be installed on state-of-the art network switches? Great! So let’s simply wait until the new fancy gear is used throughout your fleet! Which will only take three, maybe five or seven years, right?
What if you didn’t need those expensive boxes?
Now you have an idea why we chose to completely stay away from “passive scanning” and rely on a software-only approach in our OT-BASE Asset Management Platform.
In OT-BASE, all discovery is done by a software component called Asset Discovery. Technically, Asset Discovery is a Windows service that co-exists with other applications on existing hardware, such as engineering stations. Asset Discovery only wakes up once per night and crawls through one or more process networks using legitimate industrial protocols. It doesn’t do resource-intense “passive scanning” or other realtime activity.
The best thing is, Asset Discovery practically costs nothing. The number of Asset Discovery nodes that you install has zero effect on OT-BASE license fees. And the upside doesn’t end there. OT-BASE Asset Discovery installs just like any other Windows software, which means that you don’t necessarily have to be on site for the installation.
OT-BASE Asset Discovery also shows you so much more detail about your OT infrastructure. Think about serial numbers of your OT equipment, firmware version, installed I/O modules, network topology, installed security patches, and more.
Check out OT-BASE Asset Discovery for yourself today by downloading the free evaluation version.