OT Network Mapping
In this series I’ll be exploring Network Mapping in OT, which is for a myriad of reasons a far deeper rabbit hole than one might think. I’ll start by laying out the challenge as it’s normally presented to me and the ensuing conversation.
“Hey Josh, is there a software we can purchase for our plant which will map the network for us?”
Maybe, but let me start by asking a question back - are you looking for PHYSICAL mapping or LOGICAL mapping?
“I’m not sure what you’re asking me.”
There are solutions which aim to address PHYSICAL mapping i.e. what host is connected to what switch port etc. and ideally can create this topology with minimal input from you and super double bonus points if the resulting topology is DYNAMIC, changing when your network changes with a new switch, new hosts, etc.
Then there are some solutions which, typically as part of a larger OT Cybersecurity focused capability, can show you LOGICAL communications i.e. what hosts are communicating with what hosts, over what protocols, over what data rates etc. such that it could raise an alarm when some new or abnormal communication appeared on your network.
“Well all of this sounds pretty great. Can you just give me something to do all of it?”
Historically I would have to say no. These have typically been features in packages from different vendors selling different solutions for different primary purposes. It’s usually networking vendors, including switch vendors, hitting the PHYSICAL mapping with Network Management Software or standalone smaller tools and it’s generally OT Cybersecurity software solution vendors who started addressing the LOGICAL in the last decade. I’ve had a few conversations and seen a few announcements in recent months indicating soon one or more platforms may finally bring both PHYSICAL and LOGICAL under one umbrella, but I’ve yet to put hands on one personally.
“Ok for now, if I only care about PHYSICAL..can you get me a solution for that in the meantime?”
Buckle up Buttercup. Over this series I’ll cover all the various products we’ve seen and used over the years to detail what they’re capable of and perhaps more importantly, what the caveats and limitations are.