Automatic asset inventory in an OT environment
How would you know which measures to take if you have no clue what’s connected to your network? Creating and maintaining an accurate asset inventory is the key to understanding your OT/IoT environment.
You can’t protect without knowing what it is exactly that you need to protect. This is the basic rule of asset inventory in an IT environment. The same goes for an OT environment. How would you know which measures to take if you have no clue what’s connected to your network? Creating and maintaining an accurate asset inventory is the key to understanding your OT/IoT environment.
Sounds easy enough, right? Unfortunately, this task can be difficult and extremely time-consuming. Clearly mapping out all the connected assets and staying up to date on the ever-changing environments offers some real challenges. The solution from our partner Nozomi Networks addresses this operational challenge by automatically creating and maintaining an accurate asset inventory.
Such an accurate, centralized asset inventory is essential for effective cybersecurity and operational monitoring, but the solution from Nozomi Networks goes one step further. It also analyzes traffic flows in the OT network and actively polls discovered devices to gain more insights in the OT environment.
Why is this necessary, you might wonder? Because industrial networks often contain thousands of OT and IoT devices from a variety of vendors. Most of those devices aren’t always designed for the level of security required in an OT world. Many OT and IoT devices are in fact insecure by design. They lack authentication, encryption, and other security standards that typically apply to IT applications and systems.
We can’t blame those vendors, of course. OT environments are very complex. Luckily, with the information gathered by the Nozomi solution, the asset database can be scanned for vulnerabilities, and traffic flows can be analyzed for weak or insecure protocols or traffic that should not be present in an OT environment. It can report anomalies and detect a wide range of risks including unauthorized cross level communication, unencrypted communications, connections to parts of the enterprise network or the internet that should not exist.
How does spotit fit in the picture? We use the data from the Nozomi system to report to the customer. Together with the customer we can mitigate the vulnerabilities by containing or isolating certain parts of the network until vulnerable systems can be patched and insecure protocols can be changed to secure ones or contained so they can’t be exploited from outside the OT environment.
By making use of the Nozomi OpenAPI it’s possible to interconnect different systems such as SIEM/SOAR and 3rd party Firewall vendors, making it possible to automate your OT threat and vulnerability management and create a situational awareness across multiple security systems. Isn’t that exactly what we’re all dreaming of? Contact us for more information.