Qualys Industrial Control System (ICS) provides comprehensive visibility and vulnerability management for critical infrastructure across all industrial network layers - Control, Supervisory, and Site Operations.
Industrial IoT (IIOT) and smart manufacturing greatly enhance the Overall Equipment Efficiency (OEE) and cost savings. However, they also increase enterprises’ exposure to cyber-attacks due to rapid digitization and newly establishing interconnectivity between previously air-gapped industrial environments and the enterprise networks. Industrial assets have higher availability and reliability requirements. Their functioning round the clock and malfunction can potentially lead to significant physical safety incidents. Qualys provides a single platform and a single pane of glass for all IT & OT Asset Inventory, Vulnerabilities Management, Policy Compliance as well as OT Endpoint based Threat Detection and Response.
Typically, industrial processes are supported by multiple equipment manufactured by different industrial vendors and powered by varied industrial protocols such as Ethernet/IP, Modbus TCP, Siemens S7 Comm, S7Comm Plus, Profinet, BACnet, and DNP3, among others. Many of these protocols are insecure by design, lacking basic authentication and encryption, so it is even more critical to have visibility and regular risk assessments conducted in these environments.
With Qualys Industrial Control System (ICS), you get real-time asset inventory, network visualization, and vulnerability management for your industrial control systems. With an intuitive interface and a fully automated risk assessment workflow, Qualys ICS serves as a powerful tool to reduce the risk of costly and dangerous cyber security breaches.
ICS provides asset inventory,network visibility, and vulnerability postures at all the Purdue levels.
Qualys Network Passive Sensor can latch on the mirrored port of a network switch which can see traffic from assets present in Purdue levels 0, 1 and 2 and passively listen to traffic, dissect the protocol, and build the asset inventory.
Qualys Active Scanner can be used in safe scanning mode to support the industrial scan. It can safely discover PLC, RTU, and equipment running at the controller layer without disrupting the environment. Qualys Active Scanner can also scan the end points present in levels 2, 3, and 3.5 to take care of all engineering workstation and SCADA servers, operating stations, site operation equipment like manufacturing execution system, ERP, jump-boxes in RTU.
Launch OT Device scans and start getting up-to-date views on your OT Assets and security posture using Qualys Industrial Control System. You can use OT device scan feature in VM/VMDR. OT Device Scan is provided for the safe active scan. It is a protocol-oriented scan that fetches identity-related attributes. ICS collects the data from VM/VMDR, extracts the information and detects the vulnerability. For more details on OT Device scan refer to Vulnerability Management Online help.
Qualys Cloud Agents deployed in these environments can provide continuous visibility and continuous posture of vulnerabilities.
ICS Out of band Configuration Assessment can also be used for building asset inventory. This is useful in case of other methods (Qualys Network Passive Sensor or Qualys Cloud Agent) of creating asset inventory is not available.
- Real-time ICS asset inventory
Qualys ICS builds a comprehensive real-time asset inventory via multiple engines:
Qualys Passive Sensor dissects industrial protocols and gives visibility into various Purdue Levels, especially at Field and Control network layers.
Qualys extends the scanner capabilities to perform safe ICS discovery for industrial protocols. This new scan is designed to be safe and talks the same language as industrial protocols querying the devices in the protocol language they understand. This interaction is similar to how a SCADA server or an engineering workstation would talk to a controller.
Both Passive Sensor and Safe Active Scanning help in inventory creation for devices such as Programming Logic Controllers (PLCs), Remote Terminal Units (RTU), Intelligent Electronic Devices (IEDs), Remote IOs, Human Machine Interface (HMI), Industrial Gateways, Building Automation Controllers, IP-based Sensors, Robots, and Drivers, among others.
All industrial endpoints with operating systems like Windows, Linux and others can trigger Authenticated Scans. This is a safe way of getting software inventories as well as software vulnerabilities.
Qualys Cloud Agent can also be deployed on supported OS-based endpoints, giving a continuous visibility and vulnerability posture of these assets.
Both Authenticated VM scans and Qualys Cloud Agent help in getting detailed inventory of industrial PCs hosting Operator Stations, SCADA servers or an engineering workstation, or IT stations hosting Manufacturing Execution Systems (MES), ERPs, and remote connectivity workstations, among others.
- Extensive ICS protocol support
Qualys ICS supports a wide range of IT and ICS protocols such as S7Comm, S7comm Plus, Profinet, Ethernet IP, BACnet, Modbus TCP, DNP3, MQTT, IEC 104, CIP, IEC 61850- MMS, Beckhoff ADS, Omron, PCCC, Niagara Fox, and many more.
- Out of band Configuration Assessment support
Qualys supports Out of band Configuration Assessment. You can import the asset information using a project file, collected from programming and maintenance software. The ICS application parses the uploaded file with valuable data and creates assets from the data gathered. Qualys supports different vendors engineering tools such as Omron CX Programmer (.cxp), Rockwell RSLogix 500 (.RSS), Rockwell Studio 5000 (.L5X), Rockwell System Ferret (.Xml), Siemens DIGSI 4 (.zip), Siemens DIGSI 5 (.zip), Siemens DIGSI 5 (.dz5), and many more.
- Robust vulnerability management
Qualys ICS provides continuous vulnerability assessment on all discovered industrial assets. Hardware and firmware-based vulnerabilities impacting PLCs, IOs, Robots, HMIs, Drives, etc. as well as Software vulnerabilities affecting SCADA servers, Engineering software, HMI Software, License Management Software, MES and ERPs systems are covered via Passive sensor and Qualys scanner or a Cloud agent combined.
Risk scores are based on asset criticality, severity of vulnerability, availability of redundancy for the asset to assist with better prioritization and remediation actions.
The ICS QID Pack available as an add-on to Qualys VM / VMDR is another mechanism to cover these vulnerabilities. Vulnerability knowledge base is continuously updated and maintained with newly discovered vulnerabilities.
- Broad industrial vendor support
Qualys ICS supports the major industry vendors like Siemens, Rockwell Automation, Schneider Electric, Wago, Johnson Controls, Niagara Fox, Beckhoff, Omron, ABB, Tridium, Eaton Turck, Balluf, Distech Controls, Danfoss, Parker Hannifin and many more.
Industrial Control System application can be accessed with a subscription to VMDR, Cyber Security Asset Management (CSAM) and Qualys Network Passive Sensor (NPS) applications.
ICS is powered by Qualys Network Passive Sensor. It continuously monitors all network traffic and flags any asset activity. It identifies and profiles devices the moment it is connected to the network.
Qualys Network Passive Sensor (NPS) identifies assets in industrial environment that can’t be actively scanned. Qualys Network Passive Sensor (NPS) enriches existing asset inventory with additional details, such as recent open ports, traffic summary, network services and applications in use. This helps to gain a deeper understanding of an asset and its activity on the network in real time.
Asset discovery and collect Inventory - Once Qualys Network Passive Sensor is deployed and configured in the network, it starts passively listening to the network traffic and creating assets based on the information dissected from the traffic. For more details on deployment, refer to Deploying Qualys Network Passive Sensors.
Over the period of time, with various asset activities seen on the wire, the passive sensor will continue to enhance the asset inventory attributes with additional contextual information. The time taken for a complete asset context to be built is based on the type of industrial protocol and type of activities performed in the environment.
Start generating traffic required for device identity and retrieve device information from the programming software that you use for configuring and managing your network devices. For steps to generate this traffic, refer to the Device Discovery Documents.
Asset inventory can also be created using ICS Out of band configuration assessment using the project files collected from programming and maintenance software. For more detail on how to generate the project file from programming and maintenance software, refer to Generating a Project File. To upload the project files and to view the details of imported asset inventory refer to Import Asset tab.
Detect and Monitor - Qualys Network Passive Sensor monitors network activity without any active probing of devices to detect active assets in the network. The ICS asset inventory is continuously updated depending on the asset activities flagged by the Qualys Network Passive Sensor. For information about the ICS asset inventory, refer to Viewing Asset Details.
To view network traffic which displays the communication between server and client in the network refer to Network Tab.
Vulnerabilities on your ICS assets are detected and listed in the Vulnerabilities tab.
We have the most up-to-date KnowledgeBase of vulnerabilities in the security industry and it's continuously getting updated. For more details refer to Viewing KnowledgeBase.
Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and quickly fix the priority of vulnerabilities.
Qualys Industrial Control System (ICS) integrates with Unified Dashboard (UD) to bring information from all Qualys applications into a single place for visualization. UD provides a powerful, new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.
Qualys Industrial Control System (ICS) offers several dashboards out-of-the-box. Each dashboard displays a short description of the information it offers. You can also easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your view.
See the Unified Dashboard help for more information.
Unified Dashboard help
Your access to Unified Dashboard depends on the global permissions granted to you from the Admin utility. Refer to the Online Help in the Admin utility for information on Global Dashboard Permissions.
Note: When you assign the Global Dashboard permissions to a role, the Global Dashboard permissions override the module-specific dashboard permissions. As a result, the module-specific dashboard permissions are ignored.
Quickly get custom views