Vulnerability Management, Detection, and Remediation - Operational Technology Overview

Qualys VMDR OT builds a comprehensive real-time asset inventory via multiple engines:

Qualys Passive Sensor dissects industrial protocols and gives visibility into various Purdue Levels, especially at the Field and Control network layers.

Qualys extends the scanner capabilities to perform safe VMDR OT discovery for industrial protocols. This new scan is designed to be safe and talks the same language as industrial protocols, querying the devices in the protocol language they understand. This interaction is similar to how a SCADA server or an engineering workstation would talk to a controller.

Both Passive Sensor and Safe Active Scanning help in inventory creation for devices such as Programming Logic Controllers (PLCs), Remote Terminal Units (RTU), Intelligent Electronic Devices (IEDs), Remote IOs, Human Machine Interface (HMI), Industrial Gateways, Building Automation Controllers, IP-based Sensors, Robots, and Drivers, among others. 

All industrial endpoints with operating systems like Windows, Linux, and others can trigger Authenticated Scans. This is a safe way of getting software inventories as well as software vulnerabilities.

Qualys Cloud Agent can also be deployed on supported OS-based endpoints, giving continuous visibility and vulnerability posture of these assets.

Both Authenticated VM scans and  Qualys Cloud Agent help in getting a detailed inventory of industrial PCs hosting Operator Stations, SCADA servers, or engineering workstations, or IT stations hosting Manufacturing Execution Systems (MES), ERPs, and remote connectivity workstations, among others.

Qualys VMDR OT supports a wide range of IT and OT protocols such as S7Comm, S7comm Plus, Profinet, Ethernet IP, BACnet, Modbus TCP, DNP3, MQTT, IEC 104, CIP, IEC 61850- MMS, Beckhoff ADS, Omron, PCCC, Niagara Fox, and many more.

Qualys VMDR OT supports out-of-band configuration assessment. You can import the asset information using a project file collected from programming and maintenance software. The ICS application parses the uploaded file with valuable data and creates assets from the data gathered. Qualys supports different vendor's engineering tools such as Omron CX Programmer (.cxp), Rockwell RSLogix 500 (.RSS), Rockwell Studio 5000 (.L5X), Rockwell System Ferret (.Xml), Siemens DIGSI 4 (.zip), Siemens DIGSI 5 (.zip), Siemens DIGSI 5 (.dz5), and many more.

Qualys VMDR OT provides continuous vulnerability assessment on all discovered industrial assets. Hardware and firmware-based vulnerabilities impacting PLCs, IOs, Robots, HMIs, Drives, etc., as well as Software vulnerabilities affecting SCADA servers, Engineering software, HMI Software, License Management Software, MES, and ERP systems are covered via a passive sensor and Qualys scanner or a Cloud agent combined.

Risk scores are based on asset criticality, severity of vulnerability, and availability of redundancy for the asset to assist with better prioritization and remediation actions.

The ICS QID Pack, available as an add-on to Qualys VM / VMDR, is another mechanism to cover these vulnerabilities. The vulnerability knowledge base is continuously updated and maintained with newly discovered vulnerabilities.

Qualys VMDR OT supports the major industry vendors like Siemens, Rockwell Automation, Schneider Electric, Wago, Johnson Controls, Niagara Fox, Beckhoff, Omron, ABB, Tridium, Eaton Turck, Balluf, Distech Controls, Danfoss, Parker Hannifin and many more.