Get Started with Industrial Control System

Qualys Industrial Control System (ICS) provides comprehensive visibility and vulnerability management for critical infrastructure across all industrial network layers - Control, Supervisory, and Site Operations.

Industrial IoT (IIOT) and smart manufacturing greatly enhance the Overall Equipment Efficiency (OEE) and cost savings. However, they also increase enterprises’ exposure to cyber-attacks due to rapid digitization and newly establishing interconnectivity between previously air-gapped industrial environments and the enterprise networks. Industrial assets have higher availability and reliability requirements. Their functioning round the clock and malfunction can potentially lead to significant physical safety incidents. Qualys provides a single platform and a single pane of glass for all IT & OT Asset Inventory, Vulnerabilities Management, Policy Compliance as well as OT Endpoint based Threat Detection and Response.

Typically, industrial processes are supported by multiple equipment manufactured by different industrial vendors and powered by varied industrial protocols such as Ethernet/IP, Modbus TCP, Siemens S7 Comm, S7Comm Plus, Profinet, BACnet, and DNP3, among others. Many of these protocols are insecure by design, lacking basic authentication and encryption, so it is even more critical to have visibility and regular risk assessments conducted in these environments.

With Qualys Industrial Control System (ICS), you get real-time asset inventory, network visualization, and vulnerability management for your industrial control systems. With an intuitive interface and a fully automated risk assessment workflow, Qualys ICS serves as a powerful tool to reduce the risk of costly and dangerous cyber security breaches.

ICS provides asset inventory,network visibility, and vulnerability postures at all the Purdue levels.

Qualys Network Passive Sensor can latch on the mirrored port of a network switch which can see traffic from assets present in Purdue levels 0, 1 and 2 and passively listen to traffic, dissect the protocol, and build the asset inventory.

Qualys Active Scanner can be used in safe scanning mode to support the industrial scan. It can safely discover PLC, RTU, and equipment running at the controller layer without disrupting the environment. Qualys Active Scanner can also scan the end points present in levels 2, 3, and 3.5 to take care of all engineering workstation and SCADA servers, operating stations, site operation equipment like manufacturing execution system, ERP, jump-boxes in RTU.

Launch OT Device scans and start getting up-to-date views on your OT Assets and security posture using Qualys Industrial Control System. You can use OT device scan feature in VM/VMDR. OT Device Scan is provided for the safe active scan. It is a protocol-oriented scan that fetches identity-related attributes. ICS collects the data from VM/VMDR, extracts the information and detects the vulnerability. For more details on OT Device scan refer to Vulnerability Management Online help.

Qualys Cloud Agents deployed in these environments can provide continuous visibility and continuous posture of vulnerabilities.

ICS Out of band Configuration Assessment can also be used for building asset inventory. This is useful in case of other methods (Qualys Network Passive Sensor or Qualys Cloud Agent) of creating asset inventory is not available.


- Real-time ICS asset inventory

- Extensive ICS protocol support

- Out of band Configuration Assessment support

- Robust vulnerability management

- Broad industrial vendor support

Know the Requirements

Industrial Control System application can be accessed with a subscription to VMDR, Cyber Security Asset Management (CSAM) and Qualys Network Passive Sensor (NPS) applications.

Let's Get Started!

ICS is powered by Qualys Network Passive Sensor. It continuously monitors all network traffic and flags any asset activity. It identifies and profiles devices the moment it is connected to the network.

Qualys Network Passive Sensor (NPS) identifies assets in industrial environment that can’t be actively scanned. Qualys Network Passive Sensor (NPS) enriches existing asset inventory with additional details, such as recent open ports, traffic summary, network services and applications in use. This helps to gain a deeper understanding of an asset and its activity on the network in real time.

Asset discovery and collect Inventory - Once Qualys Network Passive Sensor is deployed and configured in the network, it starts passively listening to the network traffic and creating assets based on the information dissected from the traffic. For more details on deployment, refer to Deploying Qualys Network Passive Sensors.

Over the period of time, with various asset activities seen on the wire, the passive sensor will continue to enhance the asset inventory attributes with additional contextual information. The time taken for a complete asset context to be built is based on the type of industrial protocol and type of activities performed in the environment.

Start generating traffic required for device identity and retrieve device information from the programming software that you use for configuring and managing your network devices. For steps to generate this traffic, refer to the Device Discovery Documents.

Asset inventory can also be created using ICS Out of band configuration assessment using the project files collected from programming and maintenance software. For more detail on how to generate the project file from programming and maintenance software, refer to Generating a Project File. To upload the project files and to view the details of imported asset inventory refer to Import Asset tab.

Detect and Monitor - Qualys Network Passive Sensor monitors network activity without any active probing of devices to detect active assets in the network. The ICS asset inventory is continuously updated depending on the asset activities flagged by the Qualys Network Passive Sensor. For information about the ICS asset inventory, refer to Viewing Asset Details.

To view network traffic which displays the communication between server and client in the network refer to Network Tab.

Vulnerabilities on your ICS assets are detected and listed in the Vulnerabilities tab.

We have the most up-to-date KnowledgeBase of vulnerabilities in the security industry and it's continuously getting updated. For more details refer to Viewing KnowledgeBase.

Customizable Dynamic Dashboards

Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and quickly fix the priority of vulnerabilities.

Qualys Industrial Control System (ICS) integrates with Unified Dashboard (UD) to bring information from all Qualys applications into a single place for visualization. UD provides a powerful, new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.

Qualys Industrial Control System (ICS) offers several dashboards out-of-the-box. Each dashboard displays a short description of the information it offers. You can also easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your view.

See the Unified Dashboard help for more information.

Unified Dashboard help

Global Dashboard Permissions

Your access to Unified Dashboard depends on the global permissions granted to you from the Admin utility. Refer to the Online Help in the Admin utility for information on Global Dashboard Permissions.

Note: When you assign the Global Dashboard permissions to a role, the Global Dashboard permissions override the module-specific dashboard permissions. As a result, the module-specific dashboard permissions are ignored.

Quickly get custom views