Abstract: Various embodiments described herein relate to an asset discovery engine with a deep vulnerabilities scanner with respect to assets in an industrial network. In an embodiment, a request to perform an asset vulnerability assessment of one or more assets within a network is received, the request comprising an asset descriptor describing the one or more assets. In response to the request, aggregated asset property data associated with the one or more assets is obtained based on the asset descriptor. Furthermore, the asset vulnerability assessment is performed based on the aggregated asset property data and asset vulnerability signature data stored in an asset vulnerability signature repository. In response to determining that the asset vulnerability assessment satisfies a defined criterion, one or more actions associated with the network are performed.

Abstract: There is a need for more effective and efficient network security coordination. This need can be addressed by, for example, techniques for network asset vulnerability detection. In one example, a method includes detecting network assets within a monitored computer network; and for each network asset: determining a vulnerability profile, determining a connectivity profile, determining a vulnerability designation based on the vulnerability profile for the network asset and a network vulnerability documentation repository, determining whether the vulnerability designation for the network asset indicates a positive vulnerability designation, and in response to determining that the vulnerability designation indicates the positive vulnerability designation, decoupling the network asset from the monitored computer network using the connectivity profile for the network asset.

Abstract: A method of cybersecurity performance analyzing for customer site(s) including assets in a networked system including different asset types, and a virtual security engine (VSE) server. The customer site is coupled to a Security Center (SC) including a SC server, and a cybersecurity hardening compliance engine (CHCE). The VSE server collects identification data and security configuration data from the asset types, and transfers the data to a SC database. Responsive to a user request to generate a cybersecurity hardening compliance report, the CHCE sends a query to the SC database to retrieve at least a portion of the data, uploads a cybersecurity benchmark including cybersecurity configuration rules (CCRs) for least a selected asset type, compares the data of the assets to the CCRs, and generates from results of the comparing a cybersecurity report including a quantitative measure of cybersecurity performance for the assets of the selected asset type.

Abstract: There is a need for more effective and efficient network security coordination. This need can be addressed by, for example, techniques for network asset vulnerability detection. In one example, a method includes detecting network assets within a monitored computer network; and for each network asset: determining a vulnerability profile, determining a connectivity profile, determining a vulnerability designation based on the vulnerability profile for the network asset and a network vulnerability documentation repository, determining whether the vulnerability designation for the network asset indicates a positive vulnerability designation, and in response to determining that the vulnerability designation indicates the positive vulnerability designation, decoupling the network asset from the monitored computer network using the connectivity profile for the network asset.