Product Service

Special Topics in Security

Security Research

About Us

About Topsec

China's leading cyber security, big data and cloud service provider

Learn about Topsec

Company Profile

Contact Us

Zero Trust

Build a dual system security framework of zero trust inference and trusted inference.

Topsec Industrial Vulnerability Scanning System

Industrial control vulnerability scanning | Lossless scanning | Weak password detection | Asset discovery and management | Configuration verification

Overview

Topsec Industrial Vulnerability Scanning System (TopIVS) is a product that detects and scans vulnerabilities based on the production network and control devices at the industrial Internet enterprise side. The system integrates many functions such as OT/IT asset vulnerability scanning, web scanning, security baseline verification, password guessing, vulnerability mining, asset discovery and management, and report display, realizes the scanning, identification, and detection of SCADA, DCS, PLC, configuration software, application systems and other types of devices from Siemens, Schneider, Rockwell, Omron, Mitsubishi, General Electric, and other manufacturers, and generates scanning evaluation reports. The system accurately locates vulnerabilities and potential threats, provides vulnerability repair suggestions and preventive measures, and assists administrators to patch vulnerabilities.

Activity & Announcement

Hot products Next Generation Firewall
Typical cases CNCC security construction project

Advantages

Comprehensive system vulnerability knowledge base

The system is based on the most authoritative and comprehensive Chinese vulnerability knowledge base (CNCVE), and is compatible with CVE, CNNVD, CNVD, BUGTRAQ, etc. With rich research experience and profound knowledge accumulation, it can provide customers with continuous and high-quality product application value.

Serving various industrial control systems

The system supports vulnerability scanning of SCADA, DCS, PLC and other systems from mainstream manufacturers such as SIEMENS, Schneider, Honeywell, GE, AB, and Mitsubishi. The scanning objects are diversified, covering a variety of industrial control systems to meet the security assessment needs of industrial enterprise customers.

Secure and lossless vulnerability detection technology

The system supports remote, non-contact, and non-destructive testing technology. By sorting out industrial assets and collecting information, import the manufacturer, type, and version number of the asset into the system for one-by-one and refined vulnerability matching, and generate the possible vulnerability information about the asset.

Fast and accurate scanning capability

Using the progressive scan analysis method and integrating the latest operating system fingerprint identification, smart port service identification and other technologies, the system can accurately identify various information of the scanned object, such as operating system, device name, user information, and services open on unconventional ports.

Complete industrial asset management

With asset management function, the system can identify a variety of industrial control devices, including device model, version, manufacturer and other information. Asset tree structure can be established to define asset information and responsible person information. Various assets can be manually imported or discovered automatically, and intelligently classified into the corresponding organizational structure. The function of one-click generation of industrial control network topology is supported.

Management of various reports

Generate customized reports for multiple user roles, and display them in various forms such as diagrams, tables, and text descriptions. Export reports in the formats such as HTML, WORD, PDF, EXCEL, and XML.

Application

Scenario

For industrial scenarios with centralized production networks and simple organizational structures, such as factory-level production management systems or enterprise-level information management systems, independent deployment methods can be used.

Issues Resolved

Perform self-inspection and assessment for industrial control cyber security regularly to help customers meet compliance requirements.
Support automatic discovery and management of industrial assets, help customers sort out network topology, and manage assets effectively.
Scan and detect industrial vulnerabilities and security threats in the entire production network through offline scanning, and generate scan assessment reports to assist customers in patching vulnerabilities.

Scenario

For some large-scale or distributed production control systems, such as transmission and transformation substations, oil gathering and transportation stations and other industrial control scenarios with large area spans, scattered production control systems, and complex network structures, distributed deployment methods can be used. Through the joint work of multiple TopIVSs, the data between systems can be summarized, which is convenient for customers to centrally manage the distributed network. The TopIVS supports distributed and hierarchical deployment of two or more levels.

Issues Resolved

Obtain a global overview of the vulnerability risk details of each node, and know the global vulnerability risk situation.
Perform self-inspection and assessment for industrial control network security regularly to help customers meet compliance requirements.
During the stop/overhaul period, the upper-level device can issue vulnerability tasks to the lower-level industrial control system. Centralized management of devices in different regions is supported. After the scan is completed, the scan report is uploaded to the upper-level device for summarization and unified vulnerability information display.
Facing the sudden vulnerability incidents, the system can quickly assess the impact scope of vulnerabilities and help customers minimize losses.

Value to Customers

Meet compliance requirements.

Meet the national and industry policy requirements for security management such as Basic Requirements for Classified Protection of Information Security Technology Cyber Security and Guidelines for Information Security Protection of Industrial Control Systems.

Help customers complete safety assessments.

Vulnerability detection and assessment are performed conveniently and quickly, regular security inspections are performed on the customer's industrial network, and vulnerabilities can be found and patched as soon as possible, so as to improve the operation efficiency of the customer's industrial network.

Enhance security assessment of industrial network construction.

When industrial enterprises are constructing or rectifying industrial networks, customers must establish an overall security plan in advance. Enterprises equipped with TopIVS can help enterprise users realize a fast and convenient scanning system, and conduct overall security planning evaluation and effectiveness test.

Success Case

Cyber security construction project for a wind power plant power monitoring system

The customer's power monitoring system network is facing many security threats, for example, most host computers are commercial computers of old operating systems (mainly running Win 7) and have not been patched. There are many problems such as weak passwords and high-risk open ports. Once hackers enter the power monitoring system, they can easily obtain the control authority of the devices, causing security risks such as illegal operation and virus release. It is necessary to deploy the devices capable of detecting asset vulnerabilities in industrial control sites in the power monitoring system to check for security defects or vulnerabilities in the system.

Value to Customers：: Meet classified protection compliance requirements Analyze the current situation of system security Complete the current network topology

View details

Relevant Recommendations

Product Recommendation

Special Recommendation

News Recommendation

Cyber security construction project for a wind power plant power monitoring system