Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • The Challenge of Asset Tracking in Industrial Environments
  • Data Breach
  • Vulnerabilities

The Challenge of Asset Tracking in Industrial Environments

4 years ago Jessica Wibawa
The Challenge of Asset Tracking in Industrial Environments

Asset inventory is a significant part of a comprehensive security plan for all organizations.  After all, if you do not know what assets you have, then you cannot manage them.  Even a small company can amass a surprisingly large amount of assets.  It is no surprise that accounting for all of these assets can be like chasing a moving target, as new and old assets must be accounted for, and conversely, decommissioned assets must also be removed.

Sometimes, there are assets within assets, such as when a proprietary piece of hardware runs an open source software product.  The proprietary nature of such hardware makes it difficult to check if a particular software component is vulnerable.  The opposite is also true, where a chip inside a piece of hardware is vulnerable.

The Challenge of End of Life Announcements

In an industrial environment, asset tracking is compounded by both physical and logical sprawl.  One of the greatest challenges occurs as a result of End of Life (EOL) announcements from manufacturers.  When a manufacturer indicates that a device is no longer within its useful life and it no longer meets intended use, and that will no longer be supported, the device should be replaced.  Also vendors no longer provide operating and security updates to products, which should also warrant replacement.  Too often, an outdated device possesses the exact weakness required for exploitation, leading to a security incident.  This could result in costly downtime. Yet, replacement is not always the case.

Industrial equipment is highly specialized, and as such, can incur high maintenance costs.  Newer equipment does not guarantee less maintenance requirements.  That, among other reasons causes some operators to reason that, if production lines are working fine, there is no need to change anything.  Some operators are equally reluctant to retire outdate equipment, since modernizing is expensive, and may require pausing production to complete the change. 

In some cases, when replacement parts for EOL devices are no longer available, some organizations have been known to seek out after-market or used parts through online marketplaces. This presents safety risks, because there is no certainty that the part is operating to any standard.  It also creates security risks, because these legacy parts may have known or unknown vulnerabilities. 

Of course, the benefits to upgrading in a timely manner include the ability to maintain a good security posture by knowing which devices are supported, and enhanced asset lifecycle management.  Among the methods of better managing industrial assets is through the use of a reliable enablement tool that can help you to make informed decisions and proactively manage equipment and keep your systems running safely and securely.

Tripwire Industrial Visibility can Help

Tripwire Industrial Visibility provides full visibility and fundamental controls for industrial networks by safely identifying assets and baseline network behavior and monitoring for threats and vulnerabilities using OT specific technology. Tripwire has recently updated the tool to help with asset tracking by focusing on getting the right information to the right people to help them accomplish their goals more efficiently.  In many cases Operational Technology (OT) engineers are seeking different information than Security Operations Center (SOC) analysts. Tripwire Industrial Visibility (TIV), powered by Claroty, provides deeper information into an organization’s systems, providing relevant, actionable information, no matter your role.

Many times, trying to keep up with all of the expiring equipment can feel like a dog chasing its own tail.  Just as one EOL situation emerges, another often follows. TIV now offers insight into which assets are considered to be EOL. By the vendor. Knowing this information can help operators and plant managers proactively manage their equipment and ensure a strong industrial cybersecurity posture.

Recent TIV updates also provide role-specific user permissions: functional level access to users based on their roles, with an improved user interface, and dashboards that are more focused on relevant tasks and key performance indicators for each specific person. More actionable dashboards allow users to streamline any noise and prioritize the most important network trends and data.

TIV now also features more frequent updates on threats and vulnerabilities, which results in better remediation planning along with improved sensor performance.

As industrial organizations become more internet-connected, they also expose themselves to more threats than in their previously air-gapped existence.  What were once self-contained concerns quickly become vulnerabilities for possible public consumption.  The ability to keep up with all of the current system weaknesses, as well as impending problems is vital not only in keeping a system secure, but in many cases, also meeting regulatory requirements.  Accurate asset tracking is mandatory towards achieving the goal of security and compliance.

Find out how Tripwire Industrial Visibility can help your organization.

The post ” The Challenge of Asset Tracking in Industrial Environments” appeared first on TripWire

Source:TripWire – Jessica Wibawa

Tags: Bug, High Severity, TripWire

Continue Reading

Previous Novel Attack Turns Amazon Devices Against Themselves
Next Microsoft Azure ‘AutoWarp’ Bug Could Have Let Attackers Access Customers’ Accounts

More Stories

  • Data Breach

The Buyer’s Guide to AI Usage Control

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

7 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

19 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

23 hours ago [email protected] (The Hacker News)

Recent Posts

  • The Buyer’s Guide to AI Usage Control
  • Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
  • Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
  • Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
  • DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT