OT Asset Discovery Challenges and FortiGate's Approach
Industrial control system environments present unique visibility challenges as they evolve organically over years or decades, accumulating devices from multiple vendors and generations—some with unpatched vulnerabilities. This demonstration walks through FortiGate's device detection capabilities in a simulated OT environment spanning multiple levels of the Purdue model. The setup pairs a FortiGate firewall with a FortiSwitch managed via FortiLink, creating VLANs for process, control, monitoring, and operations networks. Device detection is enabled at the interface level, allowing the firewall to identify assets through MAC addresses, residual traffic like ARP and DHCP, and FortiGuard database lookups.
Building Device Profiles with Application Control
The demonstration shows how enabling application control profiles on firewall policies significantly enriches device intelligence. By applying OT-specific application signatures and SSL certificate inspection, the FortiGate identifies not just device types but also known vulnerabilities—including specific CVEs for command injection and buffer errors on discovered hardware. The asset identity center displays devices arranged in a Purdue model view, automatically categorizing them by type and network location while allowing manual reassignment. Fortinet positions this combined discovery and security capability as a differentiator, noting that while specialized discovery tools exist, FortiGate uniquely integrates asset identification with industrial firewall controls and virtual patching capabilities.
