This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Thread]: Tips for Scanning OT devices with Lansweeper

Mercedes_O
Community Manager
Community Manager

‎05-09-2024 05:20 PM - edited ‎05-21-2024 03:30 PM

Hello!

Thank you to everyone who attended the live Q&A session on Scanning OT networks last week. Your participation made it a great success. For those who couldn't make it, you can watch the recording of the session here  - Virtual Meetup -OT Asset Management 

Below are some of the key questions that were discussed during the session, along with the responses from our team.

Feel free to ask any follow up questions or share your thoughts in this thread. We're here to help!

 

Labels:
10 REPLIES 10
leandrolima
Engaged Sweeper

‎05-28-2024 05:06 PM

Dear community,


I am new to OT Cybersecurity and for that I would like your kindly pieces of advice.

I am evaluating the possibility to use Lansweeper as a tool to have my OT devices inventoried.


I would like your help to understand if during the scan to get the assets inventoried:

Could some sort of network overload happen?

Could some services running on OT side be stopped?

Could data that is being sent to enterprise environment be compromised?

Could data that is being exchanged with another automations system be corrupted?

Could the communication mentioned above be stopped?

Do you experts suggest doing it out the normal operation? I mean, when all the production line is stopped.

I really hope hearing from you as soon as possible.

MariaOrellana
Product Team
Product Team
In response to leandrolima

‎05-29-2024 04:42 PM

Hi @leandrolima,

Thank you for reaching out to us. Here are the answers to your concerns: 

  1. Network Overload: Lansweeper is designed to be efficient and minimize network load during scans. Lansweeper employs mechanisms to reduce the impact on your network, ensuring it runs smoothly.
  2. Service Interruption on OT Devices: Lansweeper's OT scanner is non-intrusive and read-only. It is designed to request the information in the same protocol that the device understand.
  3. Data Compromise: Lansweeper uses secure, industry standard methods to communicate and transfer data, ensuring that the integrity and confidentiality of the data remain intact. It is designed to meet high-security standards, reducing the risk of data compromise.
  4. Data Corruption: The tool's read-only nature means it does not alter data on your OT systems. Communication is limited to the bare minimum to avoid causing disruption between other systems.
  5. Communication Disruption: Lansweeper operates without interrupting ongoing communications between OT systems. The scanning processes are optimized to avoid interfering with operational data exchanges. There are also manual abort options available to stop Lansweeper from scanning during the preconfigured scanning.
  6. Scanning Schedule: Lansweeper allows you to configure the hours and days of scanning, ensuring that scans only occur at times that are convenient for you. This feature provides flexibility and control, so scans will not run during critical operation periods unless desired. Scanning during normal operation is definitely possible but obviously depends on your or your companies preferences.


If you have further questions or would like to discuss this in more detail, please do not hesitate to email me (maria.orellana@lansweeper.com). We can arrange a call at your convenience to ensure all your concerns are fully addressed.

Best regards,
Maria Orellana

Mercedes_O
Community Manager
Community Manager

‎05-21-2024 03:20 PM

 

Will assets discovered by the OT and IT scanners be merged into a single record if there are cases where both scanners targeted the same vlans and detected them?

We are currently working on a reconciliation process to merge the duplicate records in Sites. So, when you link the LS On-prem and the OT Hub to Sites and the system detects duplicated assets, it will merge into one, where it makes more sense (IT or OT asset type).

 

0 Kudos
Mercedes_O
Community Manager
Community Manager

‎05-21-2024 03:17 PM

 

It is known that intrusive scans on OT networks should be avoid and it is not recommended. How intrusive is the scan? How can we avoid being very intrusive with the OT scanning, due to its criticality?

We use proprietary protocols to communicate with the devices, we use the same requests that manufacturers use to request the asset information. So, we can ensure less traffic in the network and a secure way to communicate with the OT assets.

 

0 Kudos
Mercedes_O
Community Manager
Community Manager

‎05-21-2024 03:16 PM

 

How do we see the OT equipment in the On Prem database? Is that possible?  Yes, since last year Lansweeper has implemented an integration between the OT Network Discovery Hub and On-prem. This means that you can now manage your OT assets from your local web console. Find more info here.

 

0 Kudos
Mercedes_O
Community Manager
Community Manager

‎05-21-2024 03:16 PM

 

If we have multiple sites, but they use a similar IP range or subnet for OT devices, how do we organize them?

It wouldn’t be a problem. Because when you link your different Discovery Hubs to Sites the system will recognize that the assets are coming from different “installations“ and we will keep both assets.

 

0 Kudos
Mercedes_O
Community Manager
Community Manager

‎05-21-2024 03:15 PM - edited ‎05-21-2024 03:15 PM

 

Is it necessary to configure something on each asset to get the information for the inventory or is it made by Lansweeper in auto-discovery mode?

You don’t need to do any configuration of your assets. You need to configure only Scan Target into the OT Network Discovery Hub to scan your network. More info here.

 

0 Kudos
Mercedes_O
Community Manager
Community Manager

‎05-21-2024 03:14 PM - edited ‎05-21-2024 03:18 PM

In order to deploy the OT is it possible to use the same server as IT? Do I need to purchase a separate license?

You can use the same IT server to install the Network Discovery Hub. You can find the installation requirements  here . Discover OT is included in all our licenses tiers, as part of the discovery functionality. Find more info here.

 

Is "Discovery Hub" necessary for OT discovery? The OT Network Discovery Hub is part of out The OT Discovery Network solution. So, to scan OT devices you will need at least one OT Network Discovery Hub and one OT Sensor. Find more info here

 

0 Kudos
Mercedes_O
Community Manager
Community Manager

‎05-21-2024 03:12 PM

 

How is the scanning of devices handled in a completely air gapped SCADA environment?

You will need to install the OT Discovery Network to scan your air gapped network and then you will need an import/export function from the air gapped to a connected hub and then you seamlessly use the Sites or On-prem environment to manage your inventory. More info here.

 

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now