When was the last time you thought about all of the devices running on your network? Think of your home network and how deceptively simple it appears. A full inventory of that network would probably surprise you, as it would show all of the devices that you may have forgotten about as well as a few of the neighbor’s devices that are piggy-backing off of your Wi-Fi. This visibility is often shocking to many people.
Now, think of a larger network consisting of hundreds of devices. Gaining full visibility into all the devices on a corporate network can be a stunning experience. If you go one step further and imagine an industrial network, the scope of discovery can be almost unimaginable. Industrial networks such as those that control water treatment facilities, oil pipelines, and gas distribution can exceed thousands of devices of varying types and ages. This makes gaining visibility very difficult and even more important because it can affect uptime, safety, and reliability.
Challenges for Industrial Networks
One reason that a full inventory is difficult to achieve is due to the sheer complexity of these networks. Not only are they complex in their architecture, but they are also vast in their topographical layout.
Another challenge that prevents greater visibility is that there are disparate manufacturer devices spread throughout the network. Some environments cannot simply have a sensor deployed or an agent installed to discover assets without causing a possible service disruption, something which can be catastrophic in an industrial setting.
Introducing Tripwire Industrial Edge
Tripwire recently released a new product, Tripwire Industrial Edge. Powered by industrial cybersecurity firm Claroty, Tripwire Industrial Edge provides full visibility into an industrial network. Tripwire Industrial Edge overcomes the challenges of agents and sensors by using a standalone executable file. It is a highly flexible, Windows-based data collector that delivers complete, detailed visibility into industrial networks in just minutes without requiring network changes, utilizing sensors, or having any physical footprint whatsoever.
Tripwire Industrial Edge reports not only full hardware specifications for these devices but also the deployed configuration information. To get rid of it, you can just delete the executable. It doesn’t change the registry, and it doesn’t install any local files. It doesn’t do anything permanent. It is a non-persistent, self-contained file, and it makes network assessments very simple.
The executable is portable. You can have someone walk through a plant with a laptop to quickly and safely gather information from MAC addresses to firmware versions on each device.
How Does It Work?
Network discovery can start with UDP broadcast packets using common industrial protocols such as EtherNet/IP, Schneider Modicon, or Profinet. A ping sweep can then be used to try and identify neighboring devices. All of these protocols are already present in industrial networks, making these techniques incredibly low-risk. Tripwire Industrial Edge can use queries with these as well as other native ICS network protocols.
When a network is architectured in such a way that it is impossible to install a sensor in a particular location, Tripwire Industrial Edge makes it possible to discover assets present in that location. Cost of deployment is minimal because no additional hardware is required to install a sensor.
This asset information is sent to Tripwire Industrial Visibility where you can see all of the asset details such as firmware version, model number, installed patches, rack slot data, and more to identify the risks and vulnerabilities that are applicable to the Windows machine and its neighboring devices.
How Does Tripwire Industrial Edge Fit into the Industrial Portfolio?
Tripwire Industrial Edge is just one simple method to gain visibility into your OT network. It is an easy, quick starting point to begin your cybersecurity journey or gain visibility into areas of your network that are not as accessible.
Tripwire Industrial Visibility leverages the broadest and deepest OT protocol coverage in the industry to provide comprehensive visibility and asset management controls. It can utilize data collected from Tripwire Industrial Edge or various other scanning methods purpose-built for industrial networks: passive, active, hybrid or integrated. Tripwire offers complete visibility into your OT, IoT, and IIoT assets; connections; and processes in a scalable manner that can be effortlessly managed across multiple sites.
Are you interested in learning more about how Tripwire Industrial Edge can help your business today? Request a demo and have one of our experts walk you through it: https://www.tripwire.com/contact/request-demo.