Network organization
This page allows you to define the subnetworks inside the industrial network by setting up IP address ranges and declaring whether networks are internal or external.
In Cisco Cyber Vision all IP addresses in private format are classified as OT internal by default. Declaring a subnetwork as OT internal is useful in case IP addresses in public format are used in a private network of an industrial site. Conversely, declaring a set of IP addresses as external because they are public will exclude their flows from the database, and exclude their devices from the license device count and the risk score.
Overall, defining subnetworks in Cisco Cyber Vision is useful for several reasons:
-
It allows you to choose afterwards how related flows should be stored through the Ingestion configuration page. Excluding unnecessary flows will have positive impact on performances.
-
It will impact devices' risk scores, since a private network is considered as safer than an external one.
-
Cisco Cyber Vision license will be more accurate, because devices from an external network will be excluded from the licensing device count.
By default, Cisco Cyber Vision groups identical IP addresses detected inside the industrial network into a single device, because in most cases these belong to several components of a device. However, it can happen that the same IP address is used by several devices. In this case, you can choose to select the option Duplicate IP ranges deployed option when declaring a subnetwork to prevent duplicate IP addresses from grouping within this subnetwork.
Add a network
To define a subnetwork:
Procedure
Step 1 |
In Cisco Cyber Vision, navigate to Admin > Network organization. |
||
Step 2 |
Click the Add a network button. The Edit a network window pops up: |
||
Step 3 |
Enter an IP address range and its subnet. |
||
Step 4 |
If possible, add a VLAN ID. |
||
Step 5 |
If required, tick the Duplicate IP ranges deployed option.
|
||
Step 6 |
Give the network a name. |
||
Step 7 |
Set the network type as OT internal, IT internal or External.
|
||
Step 8 |
Click Save. |