Wrong Conversation

The Wrong Conversation: Passive vs. Active Network Detection for OT Inventory


Wrong Conversation

When it comes to ICS cybersecurity, are you having the wrong conversation? Over the last few years, OT cybersecurity industry professionals have spent countless hours debating active versus passive network detection for OT asset inventory collection. However, this is not the right conversation. Though network detection can provide some visibility into ICS assets, the view provided by network detection tools is limited at best, and typically cannot collect detailed information on device configuration. It’s time to change the conversation beyond this narrow focus and start talking about protecting OT assets within the broader framework of OT asset management.

OT asset management includes inventory management, configuration management, vulnerability management, and the detection of unauthorized changes. When compared to network detection, OT asset management provides much deeper visibility into industrial assets – all the way down to the field instrument and control strategy level – without the risk associated with active polling of the devices. OT asset management is also able to deliver the depth and breadth of information that cybersecurity professionals, as well as control system engineers, need to secure ICS assets effectively. This includes information such as control strategies and authorized versus unauthorized changes that OT network detection tools simply can’t provide.

Headed to Miami next week for S4x19? I will be presenting on this topic on Thursday, January 17 at 12:15pm. If you’re there, I invite you to join my session. Are you having the wrong conversation? Let’s talk!


Share this post


Comments

Comments
Blog post currently doesn't have any comments.