No Longer a No-Go: How to Safely Scan OT Devices in Critical Environments

Abstract:

Active scanning is often considered a no-go on industrial control systems and other OT and IoT devices because of bad experiences they’ve had. However, the reasons that led to devices freezing up are entirely avoidable. Alternatives, such as passive monitoring, are expensive and don’t yield great results.

In this talk, you’ll learn about the most common reasons why embedded devices become unstable and how to make active scanning perfectly safe. The talk is based on lab research. Its recommendations have been proven to work in manufacturing plants, hospitals, and utility companies.

Importance: Because passive discovery via SPAN or TAP is difficult and expensive to deploy and active scanning is considered a no-go, security teams responsible for OT environments lack good asset inventory. Without proper inventory and an understanding of the true network structure, security teams can’t be proactive about their security posture and leave their networks open to attacks. All of this is because of misconceptions about active scanning that can be easily resolved.