Frequently Asked Questions

I already purchased a passive inventory solution. How is ID different?

Industrial Defender builds in a wide variety of hardware, firmware and software data collection methods, including active, agentless and passive options, into one sensor. Our solution provides features that a passive solution can’t, including:

Device Configuration Data

System Access & Authentication

Firewall Information & Events

Asset Resource Utilization & Status

Device Configuration Data

Installed firmware and software inventory, including versions
OS, including vulnerabilities and patches installed
File integrity monitoring
Open ports and services
Policies modified
Removable media installed
Malicious code detected/AV
Failure of event logging
Serial number

Learn more

*This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.

System Access & Authentication

Successful and failed login attempts
Generic and shared user accounts
Local and A/D accounts
Password parameters and age
User account locked
Policies modified
Privilege raised
Failure of event logging

Learn more

*This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.

Firewall Information & Events

Firewall rules, including change detection
Blocked execution (packet)
Blocked unauthorized file
Policies modified

Learn more

*This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.

Asset Resource Utilization & Status

CPU usage over time
RAM usage over time
Disk space
Swap space
Connectivity lost
Shutdown
Rebooted and boot checksum
Backup failure

Learn more

*This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.

We can also ingest data from your passive monitoring solution to give you more granular asset data and better SIEM integrations.

How is compliance reporting with Industrial Defender different?

Our one-click compliance reporting for 50+ international standards and regulations gives you all the information you need to prove compliance with your standard. We help 8 of the top 10 utilities in the UnitedStates stay compliant with the most stringent standard in the world, NERC CIP.

I run our SOC. What does ID do for me?

SOC analysts love us! Our solution provides the contextual asset intelligence they need to act on threat intelligence and security alerts. If you are a Splunk user, check out our Splunk integration. It’s the best in the OT space:

https://www.industrialdefender.com/industrial-defender-splunk/

Is this a point solution for OT?

No, Industrial Defender is a comprehensive OT security platform offering asset visibility, asset management, vulnerability management, security monitoring and compliance reporting in one UI.

Do you have an API?

Yes, we have a comprehensive API that connects with almost anything you need it to! For more information on our data sharing capabilities, checkout our integrations data sheet: https://www.industrialdefender.com/integrations-data-sheet/

Can ID integrate with my enterprise CMDB?

Yes, we have comprehensive integration options with ServiceNow, IBM, BMC and more.

I have Qualys and Nessus, why would I need another vulnerability management platform?

OT environments are both unique and sensitive. Performing those types of scans in operational systems is both risky and incomplete. Our scanless, cloud-based offering, Immunity by ID, leverages machine learning and natural language processing to create a prioritized list of vulnerabilities using existing asset inventory information. Learn more about Immunity here: https://www.industrialdefender.com/immunity-by-industrial-defender/

Will I be able to show my SOC team that our OT systems are secure, without giving them access?

Yes, our comprehensive APIs share any data our system collects with your SIEM of choice.

How can I position the solution to get buy in from the executive team?

We recommend pitching OT cybersecurity investments in terms of risk reduction and TCO. Industrial Defender can help you consolidate multiple point solutions for visibility, security and compliance into one tool.Because of our turnkey deployments, scalable infrastructure and team of experts, we have the lowest TCO in the industry. If you need help quantifying risk, we’ve created this helpful risk calculator: https://www.industrialdefender.com/risk-calculator-request/

I just need a portion of the ID platform. Do I have to buy the whole thing?

No, both Illuminate and Immunity can be purchased as standalone solutions. You can also individually license ID core components based on your needs.

Can I run your product on prem? In the cloud?

Yes, you can run ID on virtual or physical machines or in the cloud. We also offer a hosted managed service, CopilOT, to help augment your security team.

What resources do I need to deploy ID?

Our solution is simple enough that you can manage it yourself. If you need help managing the tool, we also offer a wide range of Professional Services to help. https://www.industrialdefender.com/professional-services/

What is OT asset management (OTAM), and why is it important?

Operational Technology (OT) security focuses specifically on the unique operational characteristics and risks associated with industrial environments, such as the safety, uptime, and availability of systems. OT systems, unlike IT systems, often include legacy technologies and proprietary protocols that require specialized knowledge to manage securely. Disruptions in OT can lead to significant safety hazards and operational downtime, making an OT-specific security approach crucial. This approach ensures that security measures do not impede operational continuity or integrity.

OT security is commonly referred to as industrial control systems (ICS) security, industrial SCADA security, among others. While there may be technical differences among these terms, OT is used broadly to encompass these variations as the industry often uses them interchangeably in high-level discussions.

What is the difference between OT security and IT security?

OT Asset Management (OTAM) extends beyond simple visibility of assets. In the market, "OT Visibility" usually refers to passive monitoring, which often provides basic information such as devices, manufacturers, IP addresses, and perhaps firmware versions. However, OTAM captures the missing details, providing deeper and contextual insights into the operational environment. This includes comprehensive asset inventory details like software versions, vulnerabilities, patches, firewall rules, and PLC key switch positions. By combining passive and active methods, OTAM offers an integrated approach crucial for maintaining security and operational integrity in critical infrastructures. This creates an actionable and useful asset inventory that supports the management of the entire lifecycle of assets.

How does asset inventory differ from asset management in OT?

OT asset inventory is the process of cataloging assets, encompassing both hardware and software components within an organization. While some OT visibility solutions may discover devices, they often stop short of identifying deeper software details. However, a comprehensive asset inventory needs to include these software elements and further details to provide the depth and context necessary for actionable insights. This is where asset inventory evolves into OT asset management, which involves not just cataloging but actively managing the lifecycle of these assets through regular audits, updates, and maintenance. Asset management ensures that all assets remain efficient, up-to-date, and secure, addressing potential vulnerabilities and compliance issues as they arise. By integrating detailed information about each asset, OT asset management solutions enable organizations to take decisive actions to fortify their security postures and maintain compliance with relevant frameworks.

How does Industrial Defender monitor OT cyber assets?

Industrial Defender employs a variety of methodologies to ensure comprehensive monitoring of OT environments:

Manual Data Ingestion: Allows integration of manually collected data such as spreadsheets into the Industrial Defender platform.
Passive Monitoring: Analyzes network traffic to identify devices and their states without interfering with system operations.
Active Monitoring: Actively queries devices to gather detailed information about configurations, software versions, and security postures.
Agent-Based and Agentless Data Collection: Uses both agent-based and agentless techniques to collect data, catering to different operational and security needs within the environment.
Database/API Extraction: Utilizes APIs to extract data from databases and other asset management systems when direct device querying is impractical.

Is Active Monitoring Safe for OT Environments?

Yes, active discovery is safe in OT environments when implemented with expertise and a deep understanding of operational technologies. More stringent security regulations and mature sectors increasingly require active discovery to ensure comprehensive asset visibility and security. However, it must be approached carefully to avoid disruptions that can occur when IT-oriented teams or products are applied without proper adaptation to OT specifics. For example, concerns about the potential disruptions can be addressed by employing methods that minimize network traffic and avoid overwhelming OT devices. As the industry matures and seeks to stay ahead of adversaries, active discovery is becoming a standard practice in OT security. Industrial Defender specializes in this area, implementing a mix of discovery and monitoring approaches tailored to suit any operational environment, ensuring both safety and thoroughness in asset management and protection.

How does Industrial Defender monitor OT cyber assets?

For organizations looking to initiate or enhance their OT security programs, several key frameworks offer valuable guidance. NIST SP 800-82 provides a comprehensive guide for securing industrial control systems, while IEC 62443 outlines international standards for industrial network security. NERC CIP focuses on protecting North America's power grid, and Saudi Arabia's OTCC targets security in the local energy sector. Additionally, CIS Controls present actionable practices for cyber defense across industries. Each of these frameworks helps organizations develop robust security strategies, manage risks effectively, and ensure compliance with regulatory requirements, making them essential resources for enhancing OT security measures.

Our program supports a wide range of OT security frameworks and standards to cater to various regulatory and security needs across industries and regions. These include:

AESCF (Australian Energy Sector Cybersecurity Framework)
C2M2 (Cybersecurity Capability Maturity Model)
CIS Controls (Center for Internet Security Controls)
ISA99/IEC 62443 (International standards for industrial automation and control systems security)
NEI (Nuclear Energy Institute guidelines)
NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection)
NIST Cybersecurity Framework (National Institute of Standards and Technology Cybersecurity Framework)
NIST SP 800-52 (Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations)
NIS Directive (EU Network and Information Systems Directive)
Qatar Cybersecurity Framework
UAE TRA (Telecommunications Regulatory Authority guidelines for UAE)
TSA SD02C (Transportation Security Administration directives)

...and more, ensuring comprehensive coverage and robust compliance across all operational technology environments.

What are the challenges with patching OT systems?

Patching OT systems involves challenges due to the potential for operational disruptions and system downtime, which can pose safety risks. OT systems often run on legacy technologies that do not support frequent updates, making constant patching impractical and requiring a carefully managed approach to system updates. Therefore, it's important to continuously monitor OT assets and employ other mitigation strategies when a patch cannot be applied. This includes other safeguards, as well as maintaining vigilance on assets and being vigilant about any unusual activity. Such proactive measures help ensure that systems remain secure even when patches cannot be immediately implemented.

Why is it important to check for system changes in OT?

Monitoring for system changes in OT is critical as it helps detect unauthorized or abnormal activities that could indicate security breaches or system malfunctions. Regular checks help maintain system integrity and ensure that the operational processes are running securely and efficiently, which is crucial in environments where safety and uptime are paramount.

I already purchased a passive inventory solution. How is ID different?

Device Configuration Data

System Access & Authentication

Firewall Information & Events

Asset Resource Utilization & Status

Device Configuration Data

Installed firmware and software inventory, including versions
OS, including vulnerabilities and patches installed
File integrity monitoring
Open ports and services
Policies modified
Removable media installed
Malicious code detected/AV
Failure of event logging
Serial number

*This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.

System Access & Authentication

Successful and failed login attempts
Generic and shared user accounts
Local and A/D accounts
Password parameters and age
User account locked
Policies modified
Privilege raised
Failure of event logging

*This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.

Firewall Information & Events

Firewall rules, including change detection
Blocked execution (packet)
Blocked unauthorized file
Policies modified

*This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.

Asset Resource Utilization & Status

CPU usage over time
RAM usage over time
Disk space
Swap space
Connectivity lost
Shutdown
Rebooted and boot checksum
Backup failure

*This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.

We can also ingest data from your passive monitoring solution to give you more granular asset data and better SIEM integrations.

How is compliance reporting with Industrial Defender different?

Our one-click compliance reporting for 50+ international standards and regulations gives you all the information you need to prove compliance with your standard. We help 8 of the top 10 utilities in the United States stay compliant with the most stringent standard in the world, NERC CIP.

I run our SOC. What does ID do for me?

Is this a point solution for OT?

No, Industrial Defender is a comprehensive OT security platform offering asset visibility, asset management, vulnerability management, security monitoring and compliance reporting in one UI.

Do you have an API?

Can ID integrate with my enterprise CMDB?

Yes, we have comprehensive integration options with ServiceNow, IBM, BMC and more.

I have Qualys and Nessus, why would I need another vulnerability management platform?

Will I be able to show my SOC team that our OT systems are secure, without giving them access?

Yes, our comprehensive APIs share any data our system collects with your SIEM of choice.

How can I position the solution to get buy in from the executive team?

Can I run your product on prem? In the cloud?

Yes, you can run ID on virtual or physical machines or in the cloud. We also offer a hosted managed service, CopilOT, to help augment your security team.

What resources do I need to deploy ID?

FAQ

Device Configuration Data

System Access & Authentication

Firewall Information & Events

Asset Resource Utilization & Status

Device Configuration Data

System Access & Authentication

Firewall Information & Events

Asset Resource Utilization & Status

Request Your Demo

Asset Visibility & Management

Vulnerability Management

IT/OT Collaboration

Compliance Reporting

Stay up to date.

PRODUCTS

SERVICES

SOLUTION BY TYPE

SOLUTION BY FUNCTION

SOLUTION BY INDUSTRY

RESOURCES

COMPANY

SOLUTIONS

PLATFORM

INDUSTRIES

RESOURCES

COMPANY

SUPPORT

REQUEST DEMO

FAQ

Request Your Demo

Asset Visibility & Management

Vulnerability Management

IT/OT Collaboration

Compliance Reporting

Stay up to date.

PRODUCTS

SERVICES

SOLUTION BY TYPE

SOLUTION BY FUNCTION

SOLUTION BY INDUSTRY

RESOURCES

COMPANY