Risk and vulnerability management
Now that we know about the importance of an asset inventory, we need to talk about risks and vulnerabilities impacting OT/IoT assets. Common questions we hear from Chief Information Security Officers (CISOs) and business teams are, What are the risks for our crown jewels, that is, OT/IoT assets? What are the mitigation priorities for critical assets?
In most OT/IoT environments, a vulnerability assessment is done on a fixed frequency (once a year or once every 6 months). This does not provide a real-time risk status for OT/IoT assets and overall business risk at any given point in time.
The MDIoT risk assessment report may help you here. The risk assessment report is a comprehensive vulnerability assessment report generated by MDIoT, based on network analytics using deep packet inspection, various behavioral modeling engines, and SCADA-specific state machine design. The good news is this is not a point-in-time truth; it is always current.
...
