1 / 2

Active Scanning

Active Scanner enables full industrial asset discovery in networks lacking port mirroring or passive monitoring, in both standalone or hybrid mode. Visit us: https://www.radiflow.com/products/active-scanner/

MichealH1
Download Presentation

Active Scanning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Scanning Using safe active OT scanning, Active Scanner enables full industrial asset discovery in networks lacking port mirroring or passive monitoring, in both standalone or hybrid mode (with iSID). In hybrid mode, Active Scanner complements the existing passive listening functionality of the iSID industrial threat detection platform with an active scanning component, which provides more comprehensive asset data than would otherwise be picked up in a normal operation cycle, such as modules, PLC version, project version and many others. Developed specifically for OT networks, Active Scanner, uses safe active query methods – communicating with OT assets using their native protocols – to minimize the chance of service interruption (exhaustively tested in Radiflow labs). The result is a comprehensive security report, complete with all asset data and communication history, as well as a PCAP file for each execution for playing back its underlying communication. Active Scanner uses targeted scans (rather than querying the entire network, typical to IT scanning solutions) for specific groups of industrial assets (e.g. PLCs), using iSID-collected data, to identify live as well as silent devices, and to collect additional information from existing devices. Depending on asset type, Active Scanner is able to send proprietary broadcast messages (normally sent by engineering stations) and industrial protocol commands to devices (for both proprietary control plane protocols or open

  2. protocols). These communications are detected by iSID, which by listening to the assets’ responses is able to correlate the data with the Asset Management database. Active Scanner does not require any network reconfiguration to allow a mirrored stream for passive scanning, making it suitable for ICS networks that don’t allow mirrored streaming for IDS deployment. Furthermore, to minimize risk, Active Scanner never uses any brute force or exploit-based discovery methods on industrial assets. Active Scanner offers targeted scans for discovery and fetching asset information for: • Protocols: Modbus, CIP, Profinet, SNMP, IT ICMP, NMAP, DNP3, WMI • Vendors: Schneider Electric Modicon, Allen Bradley, Siemens • Operating Systems: Windows OS Active Scanner allows for ad-hoc or scheduled scans, for discovering new assets and changing conditions on the OT network. In both cases the user is able to perform unicast scans of a defined IP range. Website: https://www.radiflow.com/products/active-scanner/

More Related