OT/ICS Asset Inventory Management and Discovery
The first step to securing your operational technology (OT) and determining the overall risk level begins with identifying which devices are present in your network. Security regulations for critical systems, such as the EU NIS directive and NERC-CIP, require an asset inventory as a base for risk management. Establishing this inventory and keeping it up to date can be a lot of work.
StationGuard automatically discovers all assets in the network, creates a global asset inventory database, and alerts you on new assets in your networks. It collects accurate information for each asset by combining network analysis with imported SCL engineering files and spreadsheets. The asset inventory can be updated by importing information from external sources.
An asset inventory database with precise details about each protection and control IED is crucial to successful vulnerability and risk management. The more information you have about each asset, the more accurate your vulnerability analysis and prioritization will be. StationGuard and its central management system GridOps support you in the whole workflow from creating and updating the asset inventory to vulnerability and risk management.
Our IDS StationGuard and its central management system GridOps work perfectly together: while GridOps provides the management interface for StationGuard’s sensors across the grid, StationGuard collects all the data and analyzes it.
StationGuard allows robust asset inventory management with comprehensive and rich data per asset. This inventory can be filtered, searched, exported, and integrated into 3rd-party systems. By documenting all connections as well as protocols and applications in use, StationGuard aids in the assessment of the entire system.
GridOps is a component of StationGuard that provides additional management and features, such as grid-level asset inventory, alert dashboard, sensor management, centralized user management, vulnerability management, and reporting.
Passive network traffic analysis allows to detect all devices communicating in the network, but asset details like firmware versions are never communicated in power utility automation networks. Therefore, StationGuard aggregates the passively observed information with imported engineering files and spreadsheets to get the most precise asset information possible, including engineering descriptions, type, hardware configuration, product ordering codes, and firmware version.
You can export the inventory and import it into asset and configuration management systems, ERP systems, and spreadsheets. By importing spreadsheets (CSV-files) into StationGuard, you can close the loop and synchronize to any other source. Using the companion tool StationScout, you can perform active asset discovery to find out the actually installed firmware versions.
StationGuard provides plugins for ticketing systems like ServiceNow to automatically create work tickets for responding to IDS alerts. By importing the asset inventory from StationGuard, tickets are automatically assigned to the engineer who is responsible for the asset or site involved into the alert.
Benefits of this solution
Detailed asset identification
Combined with active discovery
Built-in Vulnerability Management
Choose Your Setup
Regardless of the software, you can choose the perfect platform for your intended use.
Our solutions run on RBX1 (fixed), VBX1 (virtual), and on MBX1 (mobile) platforms.
Get in touch
Need more details?
Get a quotation?
Request for a demo?
Contact us now