Article

Project Vision: passive mapping for fragile systems

Chris Day
2 mins read

Before a security strategy can be implemented, defenders must have a good understanding of what they are trying to protect. This process starts with an inventory of the assets that must be secured. In practice, however, creating that inventory can disrupt the normal working of systems and networks. Project Vision aims to create a safe, un-invasive system-mapping solution.

The traditional approach to this problem involves conducting network scans and manual inspections of the sites to identify the existence of assets. This can be a resource-intensive task and, for sensitive or heavily-loaded networks, can potentially cause disruption to normal work activities

 

In many situations the threat of disruption is unacceptable and an alternative means of mapping networks is required. Therefore, a passive solution that does not require interaction with networks or systems is needed. This requirement is especially true for Industrial Control Systems (ICS) where network scanning may cause devices to become unresponsive or reset.

 

With this in mind, Project Vision was created with the aim of producing an un-invasive, safe system-mapping solution. To produce meaningful output formats for clients, alternate sources of information and intelligent ways of collating information were investigated. An example development output is provided below:

Project Vision network asset mapping tool

Fig. 1  — Project Vision demonstrating visualization of network hosts, detected ports and traffic activity to internal and external addresses based on multiple information sources.

 

Project Vision is being developed to make use of system diagrams, passive network captures, active network scans where permissible and other, novel information sources. The concept is viable and development is now continuing to produce additional input, information processing and output modules to expand the capabilities of Project Vision. Although Project Vision is primarily aimed at ICS, it can also be employed for enterprise networks and adapted to suit non-IP-based communication links as required.

 

Sign up for the latest insights

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs