lean ot/ics asset management

Identify, inventory and manage your PLCs, RTUs, and network gear with a software-only solution. No hardware appliances & SPAN ports needed. On-premise or SaaS. Multi-site. Role-based access control, LDAP authentication, enterprise-ready.

Forget everything you know about OT asset management.

If you are like most engineers and cyber security professionals, you have a strong belief that an OT asset inventory is a vital necessity. Yet the best thing you have is a couple of Excel spreadsheets. That’s why you don’t like the subject: You have learned the hard way that manually maintaining an asset inventory is a no-go. Doing asset inventories with Excel sucks.

The “ICS detection” products that you have seen do some work automatically, but the results fall well short of expectations. That’s simply because you can only pick up so much asset information from network traffic. And you certainly have no desire (and budget) to stuff every single subnet with monitoring appliances.

OT-BASE gives you the full picture without wasting your time, or eating up your budget. It turns OT asset management from a buerocratic task into a booster for system understanding, transparency, and efficiency.

Without OT-BASE:
Tool-centric workflow

Excel, Visio & wiring diagrams… because you didn’t have anything better

Without OT Base
Configuration details of control networks, PLCs, software versions etc. are scattered across dispersed files. Stored in different folders, on different servers, and locked in silos. Data acquisition is manual, resulting in incomplete and outdated information. Workflow automation is completely missing. It’s like being stuck in the Nineties.

WITH OT-BASE:
User-centric Workflow

Designed for the way control engineers & admins want to work

Automatic discovery of the identity and configuration of your digital OT assets and networks. Consolidation of OT configuration details in a central platform, accessible by web browser and REST API. System details are no longer known to individual engineers only, but are instantly available to every team member, turning everyone into an expert.
OT-BASE isn’t about hackers. It’s about engineers and admins.
Unlike “ICS detection” solutions which put all the emphasis on hypothetical cyber attacks and the potential threat actors behind them, OT-BASE focuses on the people responsible for keeping OT infrastructures reliable, safe, and secure.

OT-BASE helps engineers, maintenance specialists, system administrators, and auditors to get more stuff done in less time. It covers the most basic (yet important and time consuming) activities such as IP address management as well as the most complex tasks, such as mapping multi-site network architectures.

It will make you more efficient, and make your work more fun, too — because nobody likes to work with inappropriate tools. OT-BASE also opens up a whole new level of teamwork because you can share OT insights and configuration details with coworkers, contractors, and vendors.

Hardware Inventory

Get a listing of all OT devices, both bare metal and virtualized, that can be filtered by location, device category, IP address and more. Get a listing of all devices of a specific make and model.

Software Inventory

Get a listing of operating systems, software applications, and firmware along with exact version numbers. Get a listing of all software installations for a specific product and version, along with license keys. Identify all devices where a specific software, firmware, OS version is installed within seconds.

Vulnerability Management

See vulnerabilities published in NIST’s National Vulnerability Database that affect your installed base, associated with the software & hardware products you are using, and with individual devices.

Configuration Management

Plan and monitor configuration change with a straightforward workflow. Check configuration change, no matter if planned or unauthorized, by using a change history that is automatically maintained for every device. Use baselines to define and audit reference configurations.

Network Topology

Get accurate and complete interactive network diagrams which allow you to drill down into device configurations and subnets. Focus on layer 2 or layer 3 information by selectively enabling or disabling certain types of metadata.

Data Flow Mapping

Get a realistic picture of the de-facto data flow in your mission-critical networks. Validate protocols and endpoints for actually intended vs. unauthorized traffic. Get alerts on unauthorized data flow. Automatically visualize data flow in interactive UML diagrams.

Location Mapping

Get context information about the location where OT components are installed, be it photos, Google Maps depiction, street address, or Webcam feeds.

Access Control

Allow access to the asset management platform for various user roles and third parties such as contractors, vendors, and consultants with user-definable roles and scopes. Assure that users can only see those parts of your OT infrastructure that they are entitled to.

Multi-language user interface

Does your company operate internationally? Then you will appreciate that the user interface of OT-BASE supports multiple languages. Switch between English, German, Swedish, Mandarin and others with a click of the mouse.
Your OT configuration is more than a bunch of hardware boxes, software, and cables. It’s DATA.
OT-BASE automatically discovers configuration details and turns into data that you can visualize, analyze, and share. Export options include JSON and REST. How about some data mining in Elasticsearch or Python? It’s easy with our Portable Inventory Data format.

Explore >

“Passive monitoring will not be used to create and maintain an asset inventory.
Approaches like (…) Langner’s active communication with the devices, combined with manual entry and adjustment, is what will lead to the single source of truth asset inventory.”

 

Dale Peterson, DigitalBond
The Future of ICS Security Products

Unlock the configuration data already stored in your devices
Unlike the first generation of ICS asset discovery tools that use passive scanning, OT-BASE Asset Discovery selectively probes endpoints and network gear using legitimate and safe protocols which were intended just for this purpose. This way, OT-BASE can tell you the full story: About your network topology, software products and versions, security patches not installed, firmware versions, device metadata drawn from GSDML files, and much more.

No appliances needed

OT-BASE is a software-only product that discovers your network topology, device identity, hardware and software configuration, and data flow.

Selective Probing

OT-BASE uses legitimate standard interfaces such as SNMP, WMI, Ethernet/IP. It provides configuration details that passive scanning can’t.

routing supported

OT-BASE Asset Discovery can discover devices in routed networks — both by IP routing and CIP Route Browsing.

periodic monitoring

OT-BASE automatically maintains a configuration history for every device. Review all configuration changes instantly.

Integrate OT asset data into your existing software environment

Chances are that there is more than one enterprise solution in your organization which also stores OT asset data — or would like to do so! Examples are IT asset management systems such as BMC ARS and IBM Maximo. Or service management platforms such as ServiceNow. And you may also want to analyze OT configurations and events using Splunk or QRadar. What you don’t want is to maintain asset information in multiple places.

OT-BASE was designed to integrate with your existing IT infrastructure and with custom applications.

New features every month
We’re constantly enhancing OT-BASE and release product updates every month. The asset management story has only just begun.

integrated in a policy framework

Technology alone doesn’t make your OT infrastructure more secure if not backed by a set of sound policies. OT-BASE is fully integrated with a comprehensive OT security program that takes the guesswork out of implementing IEC 62443, ISO 27k, NIST CSF or other standards, and shows you exactly how to complement a powerful OT asset management system with policies, procedures, and metrics. It’s called the Simple Cyber Governance Program (SCGP) and it’s used for years in multiple critical infrastructure sectors, including nuclear.

The Simple Cyber Governance Program shows you in detail, step by step, how to arrive at sustainable OT security, and how to leverage OT-BASE for maintaining a solid cyber security posture.

Priced around Customer value,

on-premise and saas

OT-BASE is licensed based on volume. You pay for your number of digital devices, regardless of the number of users, number of networks, number of sites.

License fee per device degrades with the number of devices. The more devices you manage with OT-BASE, the lower the cost per device. Best of all, if you manage multiple sites with OT-BASE, license fees are calculated based on the cummulative number of devices, not based on the number of devices per site.

You have the choice between on-premise and SaaS. The OT-BASE cloud version is also an attractive platform for consultants who do asset inventories as a service. Inquire for more information!

Go to a full scale, automated OT asset inventory in these three steps:

Step 1

OT-BASE Asset discovery evaluation (do this now)

Download the free OT-BASE Asset Discovery evaluation software. Check it out in your testbed, in your office network, and in selected process networks. You will see results within the first hour. Discuss results with your fellow engineers.

Step 2

OT-BASE Asset center proof-of-concept

In a proof-of-concept, see what your asset discovery results look like in OT-BASE Asset Center. Get a limited, inexpensive subscription for OT-BASE Cloud, where you can import and process discovery results. In the unlikely case that you shouldn’t like OT-BASE Asset Center good enough, you can still export all discovery results to Excel and JSON and be much better off compared to your previous outdated Excel spreadsheets for asset data and IP lists.

If you don’t have an even minimalistic budget, send us your discovery files and we will give you and your team (and your boss) an impression of Asset Center workflows with your data in a web conference. Usually this results in budget for a proof-of-concept being made available.

Step 3

go to production

For going to production, you can simply keep your OT-BASE Cloud subscription, or purchase a perpetual license for an on-premise version of OT-BASE Asset Center. The on-prem version is functionally identical to the cloud version. Whatever path you choose, we will assist you in getting top results out of your OT-BASE installation.
Identify, Inventory, Manage.
OT-BASE™ by Langner