Tripwire Data Collector Increases Operational Technology Visibility With Enhanced Web Scripting Capability

Tripwire Data Collector has been providing industrial organizations with visibility into their operational technology (OT) environments since its release in mid-2018.

Data can be gathered and monitored via multiple avenues – not only native industrial protocols, such as EtherNet/IP CIP and Modbus TCP, but also integrations with management applications like Rockwell’s FactoryTalk AssetCentre, MDT AutoSave and Kepware KEPServerEX, as well as traditional IT protocols like SNMP and even HTTP.

One difficulty observed in the field was problems gathering operational data protected behind a variety of web authentication methods.

Tripwire Data Collector can monitor many different types of industrial devices, such as PLCs and RTUs, used in different sectors from energy and utilities to manufacturing. Many of these devices contain valuable information that may only be available via a web page.

Some of these web pages may be more protected than others with access available over SSL encryption or behind a custom authentication or security scheme. Not all devices use the common HTTP “basic authentication.” Some may require complex authentication and then navigation across multiple pages in order to reach the prized asset data.

We have to applaud device-makers for adding security features to operational technology devices, which have long lagged behind other aspects of information technology, but the wide variety of implementations necessitates creative auditing methods. Automated monitoring of your device status and configuration may feel like an insurmountable problem depending on the quantity and diversity of devices in your environment.

Fortunately, Tripwire Data Collector provides a mechanism for monitoring such devices.

One recent real-world scenario had us monitoring data from a device made by Schweitzer Engineering Laboratories. Interacting with this device in an automated fashion requires providing a username and password combination in the URL of an HTTP GET request and then scraping a session ID off the (Read more...)