Industrial OT Cyber Security
Asset Discovery
Asset visibility is at the foundation of an effective OT cyber security strategy.
Rich and complete asset visibility with intelligence-driven context
Any successful cyber security program is built on having an accurate inventory of all your operational technology (OT) and industrial control systems (ICS) responsible for managing your physical processes. Peloton engineers achieve this by rapidly deploying an agentless, non-intrusive network monitoring sensor to provide in-depth visibility of your ICS networks.
By connecting to the SPAN/mirror port of a network switch we passively establish a complete asset inventory and network baseline of normal communications. The sensor connects to a one-way mirror port, ensuring network packets only flow into the sensor to prevent any disruption to your operational processes.
Why perform an asset discovery?
Reduce Operational risks with our minimally invasive approach to minimise risk with network scanning and software agents in an ICS/OT environment.
Gain a contextual view by analysing OT assets with their relationships and dependencies giving you an instrumental tool to protect your operations from unplanned downtime.
Establish a baseline by analysing the routine behaviour of your environment to easily spot any deviations that could signal malicious activity.
What to expect with a Peloton asset discovery
The process involves four discovery methods: Physical inspection, passive traffic analysis, active scanning (if required) and configuration analysis. For each method we follow a series of steps including:
- Reviewing existing network diagrams and documents like as-built documents, procurement, system manuals, etc. to capture the assets said to be in production.
- Completing a physical site walk-through to catalogue ICS asset information.
- Augmenting physical inspection with passive network packet captures on critical network segments that host critical ICS assets (PLCs, data historians, human machine interfaces, engineering workstations) by using either a SPAN configuration on a fully managed switch or a hardware network TAP.
- Analysing field device configurations from the backup to establish asset context.
After gathering information from multiple sources, asset inventory will be updated with criticality (process operation or process safety), financial impact, availability requirement, ownership, consequence and more for each asset.
The Peloton difference
Context aware
Helps verify and secure assets by mapping and visualising the relationships and communication pathways they have with one another.
Scalable coverage
Continuously evaluates and expands the breadth of protocol coverage and can provide analysis using deep packet inspection for an in-depth view of network traffic, assets and anomalies.
Integrated threat detection
Helps in gaining comprehensive threat visibility by integrating asset visibility with high fidelity threat detection capability.
Related industrial OT services
Frequently Asked Questions
Asset discovery is a process to discover and get an up-to-date and accurate inventory of ICS & OT assets, including automation controllers responsible for managing physical processes. The discovery process consists of multiple steps, the most important being to rapidly deploy an agentless, non-intrusive network monitoring sensor, which will provide in-depth visibility of your ICS networks – the basis for becoming cyber resilient. By connecting to the SPAN/mirror port of a network switch, we passively establish a complete asset inventory. Peloton engineers work with your network team or service provider to determine the optimal position for the sensor. The sensor will be connected to a one-way mirror port on your network infrastructure, ensuring network packets only flow into the sensor to prevent disruptions of your operational processes.
The benefits of asset discovery are to:
- Reduce operational risks using a minimally invasive approach to minimise risk with network scanning and software agents in an ICS/OT environment.
- Gain a contextual view by analysing OT assets with their relationships and dependencies giving you an instrumental tool to protect your operations from unplanned downtime.
- Establish a baseline by analysing the routine behaviour of your environment to easily spot any deviations that could signal malicious activity.
Asset discovery is the process for getting an up-to-date and accurate visibility of ICS & OT assets, including automation controllers connected to the network. Inventory is the asset database which is an accurate catalogue of OT devices alongside existing enterprise IT assets.
