Role of NPS in Industrial Network (VMDR OT)

Network Passive Sensor (NPS) powers Qualys Vulnerability Management, Detection, and response-OT. Network Passive Sensor monitors network activity without actively probing devices and introducing network packets into the industrial network. NPS collects the required data from the industrial infrastructure. NPS listens to a mirrored port in the switch connecting critical devices like controllers and workstations to identify all the required traffic.

Spanning is a technique to replicate a specific required traffic from respective ports to a spare port, generally known as a mirror/span port. The most common span in the networking world is local span (SPAN), remote span (RSPAN) and encapsulated remote span (ERSPAN). Cisco supports all these forms of spanning methodology according to its respective models.

However, most industrial switches found across industrial infrastructure don’t support RSPAN and ERSPAN.