What Is OT Asset Discovery? A Guide for Indian Industrial Organisations

OT asset discovery is the process of identifying and documenting every connected device in an operational technology environment - and for Indian industrial organisations, it is consistently the most surprising step in any OT security programme. You cannot protect what you cannot see, and most Indian OT assessments reveal 30-50% more connected devices than documented inventories show. 67% of industrial organisations globally cannot accurately describe their OT asset inventory (Claroty, 2024). In India, this figure is likely higher due to informal network management practices, rapid industrial expansion, and the multi-decade accumulation of equipment from different vendors and eras that characterises India's industrial base. NCIIPC guidelines require CII operators to maintain comprehensive OT asset inventories as a foundational security control. (NCIIPC, 2025)

Key Takeaways

• 67% of industrial organisations globally lack accurate OT asset inventories; Indian organisations typically show higher gaps (Claroty, 2024).
• Passive discovery is the only safe method for OT environments - active scanning can disrupt industrial protocol communications.
• OT asset discovery reveals device types, firmware versions, communication paths, and vulnerabilities that change management records miss.
• NCIIPC compliance and IEC 62443 both require maintained OT asset inventories as foundational security requirements.
• OT asset discovery delivers operational benefits - better spare parts planning, network documentation - alongside security value.

OT security assessment for Indian enterprises

Why Is OT Asset Discovery Particularly Challenging in India?

OT asset discovery is challenging globally, but India's industrial context adds specific complications. Technology diversity: Indian industrial plants combine equipment from multiple decades - a single plant may have PLCs from the early 2000s running proprietary protocols alongside modern Ethernet-connected systems. Each technology generation requires different discovery approaches, and legacy devices may not announce their presence in ways that modern discovery tools can easily interpret. Change management: Indian industrial operations have historically grown organically, with network changes made to solve immediate operational problems without formal documentation. The network that exists in practice differs from the network documented in diagrams created years ago. Vendor ecosystems: Indian industry uses equipment from dozens of international vendors plus domestic manufacturers, creating protocol diversity that requires broad industrial protocol support in discovery tools.

Additionally, many Indian industrial organisations do not have dedicated OT network management teams separate from IT. The IT network team that maintains corporate network documentation often has no visibility into the OT network segments managed by engineering or operations. This organisational gap means that even where change management processes exist for IT, they do not apply to OT, and OT network topology accumulates undocumented changes over time.

[CHART: OT asset discovery methods comparison - passive monitoring, physical inspection, active scanning risk - Source: Opsio]

How Does Passive OT Asset Discovery Work?

Passive OT asset discovery deploys network sensors (physical hardware or virtual appliances) on key network segments to capture all traffic passing through those segments. The sensors analyse this traffic using deep packet inspection of industrial protocols - Modbus, DNP3, EtherNet/IP, PROFINET, IEC 60870-5, OPC-UA, and dozens of others - to extract device information from the communication patterns themselves. When a Siemens S7 PLC sends a response to a SCADA polling query, the response contains information about the device type, firmware version, and communication capabilities. Passive monitoring tools extract this information without generating any traffic of their own.

Over a discovery period of one to two weeks, passive monitoring builds a comprehensive picture of all communicating devices, their protocols, their communication patterns, and the network topology that connects them. The resulting asset inventory includes: device type and model, vendor and firmware version where determinable, IP and MAC addresses, network zone location, communication protocols and typical communication patterns, and the devices that each discovered device communicates with. This is typically more detailed and more accurate than any existing documentation - and it includes devices that documentation omits entirely.

What Passive Discovery Reveals About Indian OT Networks

Passive asset discovery consistently reveals surprises in Indian OT networks. Legacy devices that were supposed to be decommissioned but remain connected. Engineering laptops left permanently connected to OT network segments. Wireless access points installed for convenience without network team knowledge. Remote access software (TeamViewer, AnyDesk) installed on OT workstations for vendor support that was never removed. Direct connections between OT segments and corporate networks that bypass the intended firewall architecture. These discoveries are not evidence of negligence - they are the natural result of operational decision-making over years or decades without a formal OT security programme. They are also precisely the attack paths that sophisticated threat actors look for.

OT security best practices for Indian enterprises

What Information Does a Complete OT Asset Inventory Include?

A complete OT asset inventory for an Indian industrial organisation should capture eight data elements for each device. Identity: device type (PLC, RTU, HMI, historian, SCADA server, engineering workstation, network switch), vendor, model number, and serial number where available. Software: operating system version, firmware version, installed applications and versions. Network: IP address, MAC address, network zone assignment, hostname, and VLAN. Communications: protocols used, typical communication partners, communication frequency, and network segment location. Function: operational function supported, process area, and business criticality classification. Vulnerability: known CVEs for the device's firmware/OS versions, and any vendor security advisories applicable to the device. Ownership: responsible team or individual, vendor support contact, and applicable maintenance contracts. History: installation date, last known firmware update, and last configuration change.

This complete inventory is the foundation for every subsequent OT security control. Network segmentation design uses it to group devices by trust level and function. Vulnerability management uses it to identify which vulnerabilities apply to which devices. Monitoring uses it to establish baselines for normal communication behaviour. Incident response uses it to rapidly identify affected devices during an incident. NCIIPC audits use it to verify that security controls cover all CII-relevant assets. An incomplete inventory means incomplete security across all of these downstream functions.

What Tools Are Used for OT Asset Discovery in India?

OT asset discovery tools used by Indian industrial organisations fall into three categories. Dedicated passive OT monitoring platforms: Dragos Platform, Claroty Continuous Threat Detection, and Nozomi Networks Guardian are the most widely deployed in Indian critical infrastructure. These platforms provide deep industrial protocol support, asset inventory management, and integration with vulnerability databases and OT threat intelligence. They are the most comprehensive option but carry higher costs appropriate for larger OT environments. Focused OT asset discovery tools: Tenable.OT, OTORIO, and Claroty Edge provide OT asset discovery capabilities that can be deployed for discovery projects without committing to full-time monitoring platform costs. Physical network documentation tools: network diagram software combined with engineer-led physical inspection provides a starting point for organisations not yet ready to deploy automated discovery tools.

For Indian organisations starting their OT security journey, a phased approach works well: begin with physical inspection and existing documentation review to create an initial asset inventory; deploy passive monitoring for a defined discovery period to validate and enrich the initial inventory; then maintain the inventory through continuous monitoring or periodic discovery sweeps. This approach manages cost while progressively improving inventory accuracy.

Frequently Asked Questions

How long does OT asset discovery take for a typical Indian industrial plant?

A passive OT asset discovery exercise for a mid-sized Indian industrial plant (one to three sites, 500-5,000 OT devices) typically requires one to two weeks of passive monitoring to achieve comprehensive coverage, followed by one to two weeks of data analysis, enrichment, and inventory compilation. Larger environments with multiple sites or more complex protocol diversity take proportionally longer. Physical inspection of hard-to-reach devices or devices on isolated network segments adds time. The initial discovery delivers the most significant insights; subsequent periodic reviews typically reveal fewer new devices but identify changes since the last review. (Claroty, 2024)

What is the difference between OT asset discovery and IT asset management?

IT asset management uses active scanning tools (SCCM, Nessus, Qualys) that poll devices directly, install software agents on managed endpoints, and integrate with Active Directory for identity-based inventory. OT asset discovery cannot use these approaches because active scanning disrupts legacy OT protocols and OT devices cannot support software agents. OT discovery relies on passive network traffic analysis, physical inspection, and inference from communication patterns. OT inventories also capture OT-specific data that IT asset management does not: industrial protocol versions, PLC firmware versions, SCADA application versions, and control loop function descriptions that require operational context to document. ([IEC 62443](https://www.iec.ch), 2025)

How often should Indian organisations refresh their OT asset inventory?

Continuous monitoring maintains an automatically updated OT asset inventory for organisations that have deployed passive monitoring platforms. For organisations conducting periodic discovery, an annual comprehensive discovery exercise is the minimum recommended frequency for NCIIPC compliance purposes. Partial discovery sweeps focused on changed or added network segments should be conducted whenever significant network changes occur - new equipment installations, facility expansions, or network architecture modifications. Quarterly reviews of the existing inventory for completeness and accuracy are good practice even between full discovery exercises. (NCIIPC, 2025)