Qualys VMDR OT

Qualys VMDR OT offers comprehensive vulnerability management for critical infrastructure across all industrial network layers - Control, Supervisory, and Site Operations, providing enhanced visibility.

Industrial IoT (IIOT) and smart manufacturing greatly enhance Overall Equipment Efficiency (OEE) and cost savings. However, they also increase enterprises’ exposure to cyber-attacks due to rapid digitization and newly established interconnectivity between previously air-gapped industrial environments and enterprise networks. Industrial assets have higher availability and reliability requirements. Their functioning round the clock and malfunction can potentially lead to significant physical safety incidents. Qualys provides a single platform and a single pane of glass for all IT & OT Asset Inventory, Vulnerabilities Management, Policy Compliance, and OT Endpoint-based Threat Detection and Response.

Benefits of Qualys VMDR OT

  • Real-time VMDR asset inventory

    Qualys VMDR OT uses multiple engines to provide a real-time asset inventory. The Passive Sensor gives visibility into Purdue Levels, particularly at the Field and Control network layers. Safe Active Scanning and Passive Sensors help in creating an inventory for devices such as PLCs, RTUs, IEDs, HMIs, and Robots, among others. 

    Authenticated Scans and Qualys Cloud Agent provide continuous visibility and vulnerability assessment of industrial endpoints with OS like Windows, Linux, etc. Authenticated VM scans and Qualys Cloud Agent help in obtaining a detailed inventory of industrial PCs hosting Operator Stations, SCADA servers, or IT stations hosting MES, ERPs, and remote connectivity workstations, among others.

  • Extensive industrial protocol support

    Qualys VMDR OT is a versatile application that supports a wide range of protocols for both IT and OT environments. These protocols include S7Comm, S7comm Plus, Profinet, Ethernet IP, BACnet, Modbus TCP, DNP3, MQTT, IEC 104, CIP, IEC 61850- MMS, Beckhoff ADS, Omron, PCCC, Niagara Fox, and many others.

  • Out of band configuration assessment support

    Qualys VMDR OT enables Out-of-Band Configuration Assessment, allowing asset information import through project files from various programming and maintenance software. It supports engineering tools from vendors like Omron, Rockwell, and Siemens, handling formats such as .cxp, .RSS, .L5X, .Xml, .zip, and .dz5, among others. The system automatically parses and creates assets from the imported data.

  • Robust vulnerability management

    Qualys VMDR OT continuously assesses hardware and software vulnerabilities for industrial assets, including PLCs, IOs, Robots, HMIs, Drives, SCADA servers, Engineering software, HMI Software, License Management Software, MES, and ERPs systems. The assessment is done using a passive sensor, Qualys scanner or a Cloud Agent, and risk scores are calculated based on asset criticality, vulnerability severity, and redundancy availability. The ICS QID Pack is available as an add-on to Qualys VM / VMDR to cover these vulnerabilities, and the vulnerability knowledge base is regularly updated.

  • Broad industrial vendor support

    Qualys VMDR OT supports the major industry vendors like Siemens, Rockwell Automation, Schneider Electric, Wago, Johnson Controls, Niagara Fox, Beckhoff, Omron, ABB, Tridium, Eaton Turck, Balluf, Distech Controls, Danfoss, Parker Hannifin and many more.

Additional Resources

Online Help

Getting Started Guide

API User Guide

Release Notes