IBM QRadar

Hi,

we want to scan our industrial/OT/IoT networks for vulnerabilities. Has anyone had special experiences with QVM? Is a discovery scan likely to affect OT devices or cause disruption to availability or integrity of such devices? The idea would be to perform a triage by that way and then scan interesting devices more intensively - will this be an even more serious problem?

Are there other preferred scanners that work perfectly with QRadar and IoT/OT/industrial environments?

I'd love to hear about your experiences.

Thanks in advance, best regards,

------------------------------
Roland Priewasser
------------------------------

So I don't have a direct response to your question as I do use the built in scanner nor am in an industrial environment.  We use a third party application to do the scanning and then we import the results into Qradar.  The scan data allows our analyst to have more info about the system in question as well as it vulnerabilities while researching offenses.  There are some rules that will use the vuln data to monitor for potential attacks as well.

------------------------------
Patrick Barnes
------------------------------

Original Message:
Sent: Thu June 13, 2019 03:35 PM
From: Roland Priewasser
Subject: Vulnerability scans (QVM) in IoT/OT/Industrial networks

Hi,

we want to scan our industrial/OT/IoT networks for vulnerabilities. Has anyone had special experiences with QVM? Is a discovery scan likely to affect OT devices or cause disruption to availability or integrity of such devices? The idea would be to perform a triage by that way and then scan interesting devices more intensively - will this be an even more serious problem?

Are there other preferred scanners that work perfectly with QRadar and IoT/OT/industrial environments?

I'd love to hear about your experiences.

Thanks in advance, best regards,

------------------------------
Roland Priewasser
------------------------------

Hi,
I would NEVER scan any OT device with any traditional IT Scanner.
Some of those devices would not cope with even the simplest scan profile... and you might not end up creating a denial-of-service of some sort.
As suggested by Partick Barnes, I would highly recommend you use an OT-specific tool.
my2cs
------------------------------
Jean-Luc Labbe
------------------------------

------------------------------
Jean-Luc Labbe
Cognitive Security Intelligence, GSIs Europe
IBM Security
------------------------------

Original Message:
Sent: Tue June 18, 2019 01:00 PM
From: Patrick Barnes
Subject: Vulnerability scans (QVM) in IoT/OT/Industrial networks

So I don't have a direct response to your question as I do use the built in scanner nor am in an industrial environment.  We use a third party application to do the scanning and then we import the results into Qradar.  The scan data allows our analyst to have more info about the system in question as well as it vulnerabilities while researching offenses.  There are some rules that will use the vuln data to monitor for potential attacks as well.

------------------------------
Patrick Barnes

Original Message:
Sent: Thu June 13, 2019 03:35 PM
From: Roland Priewasser
Subject: Vulnerability scans (QVM) in IoT/OT/Industrial networks

Hi,

we want to scan our industrial/OT/IoT networks for vulnerabilities. Has anyone had special experiences with QVM? Is a discovery scan likely to affect OT devices or cause disruption to availability or integrity of such devices? The idea would be to perform a triage by that way and then scan interesting devices more intensively - will this be an even more serious problem?

Are there other preferred scanners that work perfectly with QRadar and IoT/OT/industrial environments?

I'd love to hear about your experiences.

Thanks in advance, best regards,

------------------------------
Roland Priewasser
------------------------------

Hi Rouland, I recommande you a fast scan as first scan to descover all your IOT, and doing some groupement of your device when you have some clear idea about. 
Tell me if i can help you about more. 
have good day

------------------------------
[Larbi] [Belmiloud]
[Cyber Security]
[Intervalle Technologies]
[Algers] [Algeria]
[+213551193200]
------------------------------

Original Message:
Sent: Thu June 13, 2019 03:35 PM
From: Roland Priewasser
Subject: Vulnerability scans (QVM) in IoT/OT/Industrial networks

Hi,

we want to scan our industrial/OT/IoT networks for vulnerabilities. Has anyone had special experiences with QVM? Is a discovery scan likely to affect OT devices or cause disruption to availability or integrity of such devices? The idea would be to perform a triage by that way and then scan interesting devices more intensively - will this be an even more serious problem?

Are there other preferred scanners that work perfectly with QRadar and IoT/OT/industrial environments?

I'd love to hear about your experiences.

Thanks in advance, best regards,

------------------------------
Roland Priewasser
------------------------------