Active Scanner

Safe, active OT scanning with full industrial asset discovery in networks lacking port mirroring or passive monitoring



Ad hoc or scheduled scans of legacy and modern assets by type or IP range doesn’t load the network or devices


Directly queries devices, even silent and redundant ones


Useful for asset inventories, vulnerability assessments, compliance audits, and risk assessments


Scans multiple sites from one location and combines data with iSID


Sends proprietary broadcast messages and industrial protocol queries to devices, iSID listens to responses and correlates the data


Remotely monitors sites where iSID cannot be deployed, where budget is insufficient, or where network infra is unmanaged

How It Works

Active Scanner complements or replaces passive monitoring of industrial networks. Employing safe, targeted methods – communicating with OT assets using their native protocols – Active Scanner directly queries assets to obtain deeper data such as modules, versions, and patch levels, improving threat detection, risk management, and other cybersecurity solutions with a finer level of accuracy in alert generation, asset management, risk assessment, and compliance.

Active Scanner does not require any network reconfiguration to allow a mirrored stream for passive scanning, making it suitable for ICS networks that don’t allow mirrored streaming for IDS deployment. Furthermore, to minimize risk, Active Scanner never uses any brute force or exploit-based discovery methods on industrial assets.

Active Scanner allows for ad-hoc or scheduled scans, for discovering new assets and changing conditions on the OT network. In both cases the user is able to perform unicast scans of a defined IP range.

Hybrid Mode

Operating in hybrid mode, Active Scanner complements the existing passive listening functionality of the iSID industrial threat detection platform with an active scanning component. Active Scanner queries assets and iSID listens to their replies and correlates them with its asset inventory.


The Active Scanner dashboard provides an at-a-glance view of the operator’s scanning activity by type, activity and over time.



Active Scanner creates a comprehensive security report, complete with all asset data and communication history, as well as a PCAP file for each execution for playing back its underlying communication. Scan results with scanned device parameters are saved to the Active Scanner, available for download in a particular format (PCAP, CSV or JSON), and transmitted to integrated Radiflow products such as iSID and CIARA for deeper analysis. Scan PCAP files for all types of scans are also available for download and can be uploaded directly to iSID.

Active Scanner

Active Scanner working in tandem with iSID and/or generating files for upload

Request Demo Contact Us
Skip to content