Skip to main content

OT/ICS Cybersecurity

Comparing Asset Inventory: Network TAP & DPI, Active Queries, & Configuration Files

Asset inventory tools play a vital role in capturing and maintaining accurate information about an organization's assets. Being that the methods used to gather this information can vary, it is essential for organizations to understand the differences between these methods to determine which tool (or combination of tools) best suits their environments. We will weigh the pros and cons of the following asset inventory methods:

  • Network TAP & Deep Packet Inspection (DPI): Network TAPs involve (passively) capturing network traffic to identify assets actively communicating on the network and conducting a Deep Packet Inspection (DPI) for further security.
  • Active Queries: Active queries involve (actively) scanning the network to actively identify assets and gather relevant information.
  • Configuration Files: Configuration files analysis involves examining configuration files of OT devices or systems to establish an accurate asset inventory.

By choosing the appropriate method, organizations can achieve more accurate and comprehensive asset inventories, enabling them to make informed decisions regarding asset utilization, security controls, vulnerability management, and regulatory compliance.