New podcasts: Safely scanning OT environments with runZero

The OT (Operational Technology) sector faces significant challenges when it comes to network scanning. OT systems frequently utilize proprietary protocols that may not be compatible with legacy scanners. Consequently, this incompatibility significantly hinders the effective scanning and information gathering from OT devices. As a result, the asset inventory obtained is often incomplete or inaccurate, posing a major security risk.

Fortunately, runZero avoids aggressive scan tactics, which could destabilize certain IT and OT devices. With runZero, organizations of all types can safely create comprehensive and detailed asset inventories without any disruptions.

How does runZero safely scan OT environments? #

runZero employs an innovative incremental fingerprinting approach specifically designed to identify and handle fragile devices effectively. When a fragile device is detected, the method is automatically adjusted to ensure safe scanning. Unlike other scanners that may utilize security probes, runZero’s proprietary scan technology solely utilizes well-formed IP packets. This approach eliminates the risk of disrupting critical operations or causing downtime.

Thanks to its unique and reliable method, runZero has garnered a large and satisfied customer base in various industries including manufacturing, energy, and healthcare. These customers confidently conduct regular scans in their OT environments without encountering any issues.

For a more in-depth understanding of runZero’s approach to OT environments, we invite you to listen to the two podcasts below, featuring runZero founders HD Moore and Chris Kirsch, respectively.

runZero’s approach to scanning ‘fragile devices’ – HD Moore and Dale Peterson on Unsolicited Response podcast #

In this episode HD Moore and Dale Peterson spend the first third of the show talking about Metasploit; early reaction, OT modules, and whether Metasploit is still necessary and useful today.

The conversation then shifts to creating asset inventories in IT and OT environments, a core feature of runZero.

Below is a summary of the main talking points in this podcast:

• Why HD decided to run back into the cybersecurity startup world?
• How it started as a solo shop with HD writing all the code.
• How HD thinks Shodan and runZero are different.
• What technique runZero uses to 'scan'. A term that many fear in OT.
• The OT reaction to this type of scanning.
• What role uses the runZero product?

runZero adds passive scanning for OT networks – Chris Kirsch on the Risky Business podcast #

In this Risky Business News sponsor interview Tom Uren talks to Chris Kirsch about how runZero has evolved from an IT network active scanning product to one that can now discover assets on OT and cloud environments using both active and passive scanning approaches. Listen below!

Play runZero OT minesweeper and win a prize! #

There is still time left to play runZero's OT Minesweeper!

The top three players will win one of the following prizes:

runZero is safe for OT environments, but legacy scanners are not!

In this game, you are a legacy scanner with 30 seconds (and ten total attempts) to recon the network without getting noticed in the fastest time. Just don't crash any OT devices!

Play OT Minesweeper!

• Promotion ends: August 11th 2023 at 11:59 pm CST
• Winners will be announced at DEF CON 2023