OT/ICS asset management software with active discovery

Build a deep OT asset inventory for your global installed base. Accessible from the factory floor, from IT platforms, or from the home office.

In a changing world, OT-BASE enables control engineers, threat hunters, and OT maintenance to achieve more in less time.

When your company’s success, and your team’s efficiency, depend on how well you understand and manage tens of thousands of digital OT devices, you need a modern tool that was specifically designed to do the job. Enter the OT-BASE OT management system into the picture: The ultimate enabler for complex IIOT/Industry 4.0 environments, in times when online collaboration became a necessity.

Dashboard
Dashboard
Network topology diagram
Network Topology
Splunk TA
Visio network topology mao
Visio Export
Excel Export
Device Profile
OT Device List
CVE Managment
Location Profile
Dashboard
Active Discovery
Security patch history
Patch History
Software Profile
Problem Management
Data Flow Diagram
Data Flow Diagram
Elasticsearch for OT
ELK Export

A full stack OT management solution.

Understand your critical OT infrastructure from the big picture down to the most minute configuration detail. Plan configuration change, introduce and new systems in a predictable and auditable process. Take full advantage of collaboration even when working from home. Waste less time on boring tasks that can be automated. Become more efficient and have more time to focus on stuff that really matters.

OT Asset Management

Build a full scale deep OT asset inventory automatically without having to install network appliances.

OT Network Management

Automatically discover network topology, including field busses. Detect new devices on the network.

OT System Management

Track configuration drift for production lines and DCS. Plan new systems using a straightforward workflow.

OT Vulnerability Management

Monitor new vulnerabilities for your installed base as they come in. Explore security patch consistency.

OT Change Management

Plan and track configuration change, using a consistent workflow with authorization levels.

OT Problem Management

Make engineers aware of known problems such as version incompatibility across the global fleet.

How is OT-BASE different from “ICS Detection” products?

There are around 30 products in the “ICS Detection” category, but OT-BASE isn’t one of them. You may have a hard time understanding how one ICS Detection product is different from the next, but it’s easy to see how OT-BASE is different from any of those. We don’t even claim to be better — we are targeting different customers and use cases.

The following comparison helps you to determine if OT-BASE may be better for you. It most likely is if you lean more to the right side. If you lean to the left side instead, OT-BASE is not for you.

ICS Detection
OT-BASE
Claims to detect cyber attacks in wire traffic as they happen in real time

Helps you to build and maintain a baseline OT cyber security capability that can be verified and documented

Delivers value when it actually does detect a real cyber attack in OT networks — which may be once in a decade

Delivers value every day for mundane use cases such as OT network management, firmware management, and maintenance

Assumes that you have a Security Operations Center; SOC analysts are the primary users of the solution (small number of users)

Caters to engineering, maintenance, IT, and cyber security (large number of users from different departments and contractors)

Expects you to install network appliances in every subnet
Software-only solution that doesn’t even need to run in every subnet as it supports remote discovery
Uses packet sniffing to gather asset information
Uses active probing with legitimate industrial protocol functions to gather asset information
Weak on minute asset details such as software configuration, serial numbers, network connectivity
Strong on minute asset details such as software configuration, serial numbers, network connectivity
No details on network topology

Automatic network topology diagrams (layer 1, 2, and 3)

No engineering workflows

Change management, system management (production lines, DCS), problem management, product lifecycle management

Assumes users don’t want to add data manually
Assumes users want to enrich data using existing documents, user defined database fields, metadata imports etc.
Promises to reduce cyber risk by being able to detect cyber attacks early
Promises to make your engineers, maintenance specialists, administrators, and threat hunters more efficient
Video: OT-BASE vs. ICS Detection

Attempting to manage growing OT/ICS networks with office applications and manual data entry is not a strategy. It’s a waste of time.

Do you use manually maintained Excel and Visio documents to manage your OT networks? Then you are wasting precious resources. The OT-BASE OT Asset Management System automatically collects OT configuration details and makes them accessible for the whole team, no matter if in different departments, at a home office, or at a contractor’s location.

LEGACY OT DOCUMENTATION

Incomplete, outdated Excel, Visio & wiring diagrams: Unsuited for collaboration and remote access

Without OT Base
Configuration details of control networks, PLCs, software versions etc. are scattered across dispersed files. Stored in different folders, on different servers, and locked in silos. Data acquisition is manual, resulting in incomplete and outdated information. Workflow automation is completely missing. It’s like being stuck in the Nineties.

OT-BASE

Designed for complex OT/ICS infrastructures and collaboration, always up-to-date configuration details

Automatic discovery of the identity and configuration of your digital OT assets and networks, locally and remote. Consolidation of OT configuration details in a central platform, accessible by web browser and REST API. System details are no longer known to individual engineers only, but are instantly available to every team member, making the team more efficient.
Online collaboration between engineers, admins, contractors, and threat hunters.

Unlike “ICS detection” solutions which put all the emphasis on hypothetical cyber attacks and the alleged threat actors behind them, OT-BASE focuses on the people responsible for keeping OT infrastructures reliable, safe, and secure.

OT-BASE helps engineers, maintenance specialists, system administrators, and auditors to get more stuff done in less time. It covers the most basic (yet important and time consuming) activities such as IP address management as well as the most complex tasks, such as mapping multi-site network topologies.

Check out the network management functions in OT-BASE >

OT-BASE will make you more efficient, and make your work more fun, too — because nobody likes to work with inappropriate tools. It also opens up a whole new level of online collaboration because you can share OT insights and configuration details with coworkers, contractors, and vendors.

video: OT asset management use cases

Your new window into your installed OT base. 

Inspect OT configuration for a particular cabinet, for a specific production line, a whole production site, or your global operations. Detailed configuration data is just a mouse click away.

L
Quick search

Enter IP address, serial number, DNS name, MAC address of a device you are interested in. Or network name, system name (e.g. “line 5”), site name, cabinet id.

L
List/products tabs

Switch between list of individual devices or installed OT products

L
Main menu

Select between inventory, homepage (shows changes during last 7 days), workflows, and user management

L
Scope limiter

Limit the scope of the list output to a specific location, device group etc., or combinations thereof (collapsable)

L
Filter fields

Type anything in the filter field of a column and the device list is filtered for matching results as you type

L
Customizable columns

Click on a column header to reverse sorting order. Right-click to add or remove fields. Adjust column width to your preference.

L
Device counter

Shows you the number of devices in the device list

L
Personal settings

Lets you change your password, national language, and log out

L
Sidebar

Select which view on your inventory you want to use: Hardware, software, systems (e.g. production lines), networks (including topology diagrams), locations

L
Device list

Scroll down the list, select the device you are interested in, and double-click on the entry to see the comprehensive device profile

ACTIVE discovery — because it’s better and cheaper.

Comprehensive configuration data. No hardware sensors. No SPAN ports and discovery networks. Remote discovery. That’s what only active discovery gives you. That’s why we are using it.

“Passive monitoring will not be used to create and maintain an asset inventory.

Approaches like Langner’s active communication with the devices, combined with manual entry and adjustment, is what will lead to the single source of truth asset inventory.”

Dale Peterson

Digital Bond, S4xEvents

  • NNo hardware appliances
  • NSelective probing
  • NRemote discovery
  • NPeriodic monitoring
explore Active discovery
download evaluation

Integrate and share.

Gone are the days when asset data was locked in a silo. The more you can integrate with existing platforms, and share with other users, the more value you get out of your data. Workflows become streamlined. Users become more efficient. Projects are finished earlier.

Excel Export

Visio Export

Technical Add-On for Splunk

Explore integration opportunities

Integrated with a policy framework

Technology alone doesn’t make your OT infrastructure more secure if not backed by a set of sound policies. OT-BASE is fully integrated with a comprehensive OT security program that takes the guesswork out of implementing IEC 62443, ISO 27k, NIST CSF or other standards, and shows you exactly how to complement a powerful OT asset management system with policies, procedures, and metrics. It’s called the Simple Cyber Governance Program (SCGP) and it’s used for years in multiple critical infrastructure sectors, including nuclear.

The Simple Cyber Governance Program shows you in detail, step by step, how to arrive at sustainable OT security, and how to leverage OT-BASE for maintaining a solid cyber security posture.

Learn more about SCGP

Find the license plan that’s right for you.

OT-BASE is licensed based on volume. You pay for the number of digital devices, regardless of the number of users, networks, or sites.

License fee per device degrades with the number of devices. The more devices you manage with OT-BASE, the lower the cost per device. Best of all, if you manage multiple sites with OT-BASE, license fees are calculated based on the cummulative number of devices, not based on the number of devices per site.

You can choose between three different license plans, picking the one that best fits your budgetary requirements. 

Contact Sales

Perpetual on-premise license (CAPEX spending)

By purchasing a perpetual license, you have the right to use the software indefinitely. License cost is paid upfront. Technical support and access to version upgrades is sold separately and is mandatory for the first year. After the end of the first year, you have the option to purchase yearly ongoing maintenance and support.

Annual on-premise subscription (OPEX spending)

With an annual subscription, you pay to use the software on premise for one year with the right to renew at the end of the period. During the term of your subscription, you get technical support and access to version upgrades. The cost of the subscription is less than the upfront cost of a perpetual license; however, at the expiration of the term, you no longer have the right to use the software.

Monthly Cloud subscription (project based)

With a subscription to OT-BASE Cloud, you can use OT-BASE in the Cloud, and can cancel your subscription to the end of the month. At the end of each month you will be billed for the maximum number of devices in OT-BASE during that calender month. During the term of your subscription, you get technical support, and OT-BASE Asset Center will automatically be updated for you. This license plan is most often used by consultans / service providers who use OT-BASE on a project basis to conduct asset inventories and cyber risk assessments.

Watch OT-BASE in action
Check the documentation
Schedule a demo

Go to Youtube channel

Go to OT-BASE Help Center

Contact sales

Introduce OT-BASE in your company in these three steps.

1.

Check out OT-BASE Asset Discovery

Download the free OT-BASE Asset Discovery evaluation software. Asset Discovery is only a small part of OT-BASE, but it allows you to validate our discovery accuracy. Check it out in your testbed, in your office network, and in selected process networks. You will see results within the first hour.

Do this now >

2.

Do a time limited PoC in the Cloud

Sign up for OT-BASE Cloud, where you can upload discovery results and see what they look like in OT-BASE Asset Center. Use OT-BASE Cloud for a month or longer. Even if you should want to discontinue your PoC, you can still keep all your exported data, including Excel inventories and Visio network topology maps.

Contact sales for pricing >

3.

Transition to on-premise use

When you and your team feel confident that OT-BASE is the right solution for you, migrate your data from the Cloud to an on-premise installation of OT-BASE for permanent use.

OT management made simple.

OT-BASE™ by Langner