PRUEBA AHORA
OT

How good is your end-to-end OT Asset Inventory?

7 min. read
27/03/2023
By Karen Lambrechts
How-good-is-your-Network-Asset-Inventory

Here’s a sobering thought for industrial enterprises. If your network asset inventory solution does not cover 100% of IT and OT network assets, then it’s not supporting your cybersecurity program the way it should. Because an asset that is not visible to management is an asset that puts your business at risk. 

Ideally, the enterprise should be able to assess the relative risk posed by every IT and OT asset and every asset vulnerability. Only then can IT and cybersecurity teams prioritize how to resolve those risks to protect against cyberattacks, data breaches, and, worst of all – the disruption of OT processes. For example, when a particular OT asset is in the critical path of production continuity, its OT cybersecurity vulnerabilities constitute a high risk that must be addressed immediately. On the other hand, when an OT asset is not on the critical path, its vulnerability could introduce risk to the corporate network.  

To achieve this level of end-to-end OT visibility and OT asset intelligence, industrial enterprises must extend their network asset inventory and OT asset management program across all network environments and all technologies. This is easier said than done for various reasons, including who is responsible and the tools in use.

Who’s in charge? 

In many industrial enterprises, corporate IT and cybersecurity managers are responsible for end-to-end asset management and cybersecurity. It is ironic that while OT networks and processes are highly critical to industrial enterprises, and are difficult to understand for the IT personnel who are in charge of securing them.

In a 2022 survey conducted by TP Research, 90% of industrial enterprise respondents said OT/ICS environments differ dramatically from IT and require an OT-specific approach to cybersecurity. And yet 40% also reported that IT teams own cybersecurity processes in their organization! Industrial enterprises have lived with this “dissonance” for years.

Traditionally, the OT “factory floor” has been a closed shop and off-limits to IT networks. As a result, corporate IT and OT cybersecurity teams remain hobbled by a lack of OT visibility, understanding, and ability to manage and secure assets across all domains and technologies. This dissonance is exacerbated by the tools that are currently in use.

Are the tools up to the task?

Over the years, corporate IT teams have invested in big-name ICS inventory and management solutions, and these work very well in the IT environments for which they were built. Unfortunately, these solutions are unsuitable for capturing assets in OT environments because their architecture and pricing models prevent them from scaling to the last device or distant sites at the OT edge. These limitations are incredibly challenging in industrial enterprises where OT assets, processes, and protocols differ significantly and may be unique to each industry category and sub-category. Often, the people in charge of OT cybersecurity end up with only 60-70% of asset coverage and visibility. 

As the adage goes, you can’t control what you can’t see. Even when an enterprise implements the best OT cybersecurity and compliance program, if their ICS inventory database is missing 40% of the OT assets, that’s a 40% risk exposure right off the bat!

Often, big-name vendors impose a solution architecture that requires the enterprise to work within the solution’s limitations. Moreover, complex and opaque pricing makes such solutions affordable only to Fortune 1000 enterprises. It would be better for industrial enterprises to partner with a solution provider who can:

link solid

Ease corporate IT and cybersecurity staff in the OT space. Introduce IT personnel to the OT assets and technologies they don’t understand. Make it comfortable for them to look at the OT side and vice versa. 

magnifying glass solid

Understand and help them accommodate the nuances of end-to-end OT asset inventory and OT asset management in their particular industry.

screwdriver wrench solid

Provide tools that enable IT and OT teams to work together on asset inventory, management, and security. Ultimately, collaboration is necessary to manage and minimize cyber risk successfully.

arrows-to-center-solid

Implement a single inventory data source for IT, OT, and IoT assets distributed across the industrial enterprise.

Lansweeper OT

Gain Complete Visibility and Control over Your OT

Explore Demo

Data is essential. Intelligence is critical.

Asset inventory and management data provide essential information for keeping networks, products, assets, and processes running safely, efficiently, and continuously. It is also the foundation for any cybersecurity program.

To identify cyber risk, enterprises need end-to-end asset visibility and management. They need to know every asset they have, where it is, what it does, and which (if any) vulnerabilities it carries. While visibility (in an asset inventory database) is an essential first step, it’s only part of the story. The next important step is knowing what to do with the information. For example, once an asset vulnerability is identified, what should be done to reduce or eliminate its risk? 

To reduce cyber risk, enterprises need more than data. They need end-to-end asset intelligence. They need to assess and prioritize the relative risk of every asset vulnerability, define a risk treatment, resolve the risk, and then refresh the risk register. Threats to industrial safety, reliability, and production continuity can originate from multiple vectors (IT networks, OT networks, Cloud, and others) and then move laterally within underprepared environments. End-to-end asset intelligence (IT-IoT-OT) is critical to identifying these multi-vector threats and managing the associated risk.

In OT/ICS environments, the synergy of asset inventory and asset intelligence might look something like this:

No more black box 

  • OT/ICS Asset inventory and management solution discover 100% of OT assets.
  • Assets are mapped to vulnerabilities based on hardware, software or firmware versions in the OT space.
  • Vulnerabilities are prioritized based on asset criticality and level of risk.
  • The ticketing solution generates work orders based on the asset-vulnerability-priority intelligence it receives.
  • Corrective action plan is implemented and updated as risks are resolved.
  • Enables continual improvement.

Suppose your network asset inventory still treats the OT environment like a black box. In that case, it’s time to discover Lansweeper OT – a platform designed to discover inventory in OT environments, including ICS/OT devices (PLC, RTU, DCS, HMI), IT (Engineering workstations, SCADA servers, PCs) and IoT (IP cameras, smart buildings systems, etc.) within the production environment.

For many years, Lansweeper has provided a highly successful tool for small and medium-sized enterprises to conduct IT hardware and software asset inventory. Recently, Lansweeper extended this expertise to the OT domain. 

Lansweeper OT is uniquely positioned to help corporate IT, and cybersecurity managers build a bridge to the “other side” – the OT side of the enterprise. There is no need to settle for 60% or 70% asset visibility or to compromise your cybersecurity program due to insufficient OT asset intelligence.

Lansweeper OT understands that OT/ICS environments are different, use proprietary protocols, and require a dedicated approach to OT/ICS asset discovery and management. We leveraged our experience to provide unified IT/OT/IoT asset visibility and management in a way that is easy for IT professionals to use and understand. 

Best of all, Lansweeper OT is highly affordable. Small, medium, and large industrial enterprises get 100% asset inventory coverage and valuable asset intelligence without breaking the budget.

Learn more about Lansweeper solutions at Lansweeper for OT Asset Management – Lansweeper