Shortly after publishing the Innominate blog, a new press release from Byres Security hit the mailbox. [link to be added when available] The Secure Asset Management module purports to “discover[s] and identify[ies] what devices are on the network and creates the firewall rules to control the traffic flowing to them, all without risk to the industrial process”.
A few thoughts on this release:
- If you do this when the network is running in an acceptably secured state this could be an effective low tech way to create firewall rulesets.
- The module allows an admin to review each possible rule before accepting, but if we accept the premise that the admin does not know enough to create the ruleset will she know enough to make a wise decision?
- The idea of auto security configs is not new and has been effective. A frequent and effective example is auto learning for port security on a switch.
- The comments about the novelty of using Passive Scanning Techniques commercially are a bit overstated. Our research partner Tenable Network Security has sold and deployed Passive Vulnerability Scanner for years, and this has substantially more capability in the technology area. That does not mean that the new module won’t be a highly useful deployment aide.
Nice to see new functionality and ideas moving into this space.