Network Definition

To provide an accurate asset inventory and security posture assessment of your network, it is essential that Cyber Vision knows what are the networks that you want to monitor. By defining the internal IT and OT networks of your organization, you can specify the IP addresses and VLAN of your networks, thereby making the data more relevant. Cisco provides you with default network configurations, based on RFC1918 addresses. We ship the product with default private network (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).

Today the Cyber Vision Service on OD treats all assets seen via PCAP analysis or through sensors as being part of the same "network." This can lead to inaccuracies in aggregating components into physical assets or inundate you with data about assets you may not care about. Cyber Vision solves this by allowing you to define your network into the following three types:

  • OT Internal: Assets like PLCs or HMIs
  • IT Internal: Assets like laptops and other IT-related items
  • External: Cyber Vision will not store assets found in this type of network and will remove them from the asset Inventory

IMPORTANT: The Network Administrator role will know what type of networks you will need. This person will choose the network type and if there are duplicate IP ranges.

Cyber Vision automatically defines the OT Internal network as the RFC1918 (IPv4) or RFC 4193 (IPv6) subnets, and External networks as everything else. You can edit or delete these and add your own customizable network definitions.

To create a new network definition configuration:

  1. Click Configuration > Network Definition.
  2. Click Define new network.

Define_network

  1. Choose a Network type.
  2. Add the IP Address/Prefix and Name.
  3. If there are duplicate IP ranges in your network, click the check box. If you don't know, consult the Network Admin.
  4. Click Save. The new network you defined appears in the list.

Note: It takes a little while to update the asset inventory, once you update the network configuration.

Define_network

To edit a network definition configuration:

  1. Find the asset network in the list. Click Actions > Edit.
  2. Edit the information for this network.
  3. Click Save.

To delete a network configuration:

  1. Find the asset network in the list. Click Actions > Delete.
  2. A Warning box appears. This action cannot be undone.
  3. Click Delete.