Understanding PAS Topology and Risk Analytics - PAS ICS Integrity - 7.3 - Help - Intergraph

ICS Integrity Help

Language
English
Product
PAS ICS Integrity
Subproduct
ICS
Search by Category
Help
PAS Version
7.3

The Topology asset model provides Risk Analytics visualization capabilities to help you identify and visualize OT (Operational Technology) and IT risks. Unlike reactive network-based monitoring solutions, which examine network traffic to identify active threats, this asset model allows you to visualize risk to your industrial endpoints to help your cybersecurity teams proactively reduce attack surfaces. The Topology asset model is available to ICS Integrity customers who purchase a license that includes the asset model and then configure the model.

Topology uses the information collected by the Network Devices and Recon asset models to identify systems and devices on your network. Topology combines this information with details collected from other asset types to provide a comprehensive visual representation of your network. You can drill-down to the essential information for the servers, workstations, computers, and devices on the Process Control Network (PCN). If you have a license for and have implemented Inventory, you can quickly navigate to Topology from the Inventory Browse window to see devices represented in the same context. With this powerful capability, you can effectively use Risk Analytics in the following ways:

  • Continuously measure your industrial endpoint security posture and provide visibility into cybersecurity risks, such as vulnerabilities, patch currency gaps, configuration baseline deviations, and unauthorized configuration changes.

  • Identify OT endpoint relationships and risk propagation to better understand how risk propagates to critical processes and highlights at-risk endpoints, their connections and dependencies, and shows potential propagation paths.

  • Identify both IT and OT endpoint security degradation so that OT security specialists, automation engineers, and risk/compliance managers can prioritize remediation and reduce industrial cybersecurity attack surfaces.

  • Enable forensic investigations through extensive, multi-vendor configuration and referential insight to provide foundational ICS cybersecurity, enterprise scalability, performance, and platform independence.

When you select the Topology item in the navigation bar, Integrity displays your network information so you can visualize how risks can affect other areas. The following scenarios outline some of the important uses for Topology:

The Topology view provides a powerful, flexible way to explore your network and its assets. For more information about this view, see the following topics:

To provide faster response times, the Topology view caches data it displays, such as the number of vulnerabilities, patches needed, and baseline deviations for each asset. If you process vulnerabilities, apply patches, or resolve baseline deviations, you may need to restart the Integrity web interface to display that updated data in the PAS Topology view.

For more information about using the Admin Utility to restart the web application, see Restarting the Web Application.