Software-only active OT/ICS asset discovery that scales
Beyond passive sniffing: Identify, inventory, and manage your digital OT/ICS assets without installing a ton of network appliances
The first generation of ICS detection products relied on “passive sniffing” to infer asset identity and configuration. Not only is that unreliable — think about guessing device make & model by MAC address. It is also costly because hardware appliances and discovery networks need to be installed all over the place. It simply doesn’t scale.
OT-BASE by Langner brings proven IT asset discovery technology (targeted and credentialed device queries) to OT, using OT’s dedicated protocols such as Ethernet/IP, Modbus, Profinet, and others.
Now you can discover OT devices just like IT asset management products used to for the IT side. All that using a small-footprint, software-only technology that supports routing and slashes deployment cost.
– Hardware make & model
– Installed operating system or firmware version
– Serial number
– Installed software applications & versions
– Installed security patches
– Network topology
– I/O modules installed on the PLC or RTU backplane
– Decentral field buses & peripherals “behind” PLCs
Why “Passive Sniffing” of OT/ICS networks is obsolete
The first generation of ICS discovery tools use so-called packet sniffers (deep packet inspection of realtime network traffic) to build asset inventories. While this technology may deliver useful results for detecting anomalies in network traffic, it is lousy for determining device identity and configuration details such as firmware versions.
OT-BASE Asset Discovery takes a completely different approach. Just like software packages from the large automation vendors, it utilizes legitimate ICS and IT protocols which were specifically designed for obtaining device metadata. Some of these protocols are Modbus, Ethernet/IP, Profinet, Profibus, DeviceNet, and SERCOS.
As another example, OT-BASE Asset Discovery enumerates your computer software configurations by using credentialed access via the Windows Management Instrumentation (WMI) interface. This way you get the foundation for establishing tight configuration baselines, software lifecycle management, and vulnerability management.
You also don’t need to worry if your investment in an OT asset management product is secure in the face of increasing adoption of encrypted ICS protocols (Secure Modbus, Secure DNP3, Secure Ethernet/IP, …), which will make deep packet inspection useless.
The Selective Probing technology used by OT-BASE Asset Discovery comes with the added benefit that it doesn’t have juicy realtime processing requirements. Therefore, resource requirements are sparse, making it feasible to have OT-BASE Asset Discovery engines run on existing HMI stations or engineering servers.
See also: Why passive scanning doesn’t scale >