Asset inventory is a significant part of a comprehensive security plan for all organizations. After all, if you do not know what assets you have, then you cannot manage them. Even a small company can amass a surprisingly large amount of assets. It is no surprise that accounting for all of these assets can be like chasing a moving target, as new and old assets must be accounted for, and conversely, decommissioned assets must also be removed.
Sometimes, there are assets within assets, such as when a proprietary piece of hardware runs an open source software product. The proprietary nature of such hardware makes it difficult to check if a particular software component is vulnerable. The opposite is also true, where a chip inside a piece of hardware is vulnerable.
The Challenge of End of Life Announcements
In an industrial environment, asset tracking is compounded by both physical and logical sprawl. One of the greatest challenges occurs as a result of End of Life (EOL) announcements from manufacturers. When a manufacturer indicates that a device is no longer within its useful life and it no longer meets intended use, and that will no longer be supported, the device should be replaced. Also vendors no longer provide operating and security updates to products, which should also warrant replacement. Too often, an outdated device possesses the exact weakness required for exploitation, leading to a security incident. This could result in costly downtime. Yet, replacement is not always the case.
Industrial equipment is highly specialized, and as such, can incur high maintenance costs. Newer equipment does not guarantee less maintenance requirements. That, among other reasons causes some operators to reason that, if production lines are working fine, there is no need to change anything. Some operators are equally reluctant to retire outdate equipment, since modernizing is expensive, and may require pausing production to complete the change.
In some cases, when replacement parts for EOL devices are no longer available, some organizations have been known to seek out after-market or used parts through online marketplaces. This presents safety risks, because there is no certainty that the part is operating to any standard. It also creates security risks, because these legacy parts may have known or unknown vulnerabilities.
Of course, the benefits to upgrading in a timely manner include the ability to maintain a good security posture by knowing which devices are supported, and enhanced asset lifecycle management. Among the methods of better managing industrial assets is through the use of a reliable enablement tool that can help you to make informed decisions and proactively manage equipment and keep your systems running safely and securely.
Tripwire Industrial Visibility can Help
Tripwire Industrial Visibility provides full visibility and fundamental controls for industrial networks by safely identifying assets and baseline network behavior and monitoring for threats and vulnerabilities using OT specific technology. Tripwire has recently updated the tool to help with asset tracking by focusing on getting the right information to the right people to help them accomplish their goals more efficiently. In many cases Operational Technology (OT) engineers are seeking different information than Security Operations Center (SOC) analysts. Tripwire Industrial Visibility (TIV), powered by Claroty, provides deeper information into an organization’s systems, providing relevant, actionable information, no matter your role.
Many times, trying to keep up with all of the expiring equipment can feel like a dog chasing its own tail. Just as one EOL situation emerges, another often follows. TIV now offers insight into which assets are considered to be EOL. By the vendor. Knowing this information can help operators and plant managers proactively manage their equipment and ensure a strong industrial cybersecurity posture.
Recent TIV updates also provide role-specific user permissions: functional level access to users based on their roles, with an improved user interface, and dashboards that are more focused on relevant tasks and key performance indicators for each specific person. More actionable dashboards allow users to streamline any noise and prioritize the most important network trends and data.
TIV now also features more frequent updates on threats and vulnerabilities, which results in better remediation planning along with improved sensor performance.
As industrial organizations become more internet-connected, they also expose themselves to more threats than in their previously air-gapped existence. What were once self-contained concerns quickly become vulnerabilities for possible public consumption. The ability to keep up with all of the current system weaknesses, as well as impending problems is vital not only in keeping a system secure, but in many cases, also meeting regulatory requirements. Accurate asset tracking is mandatory towards achieving the goal of security and compliance.