OT Asset Discovery
What it is and why it matters
OT asset discovery ensures organisations have a clear and accurate understanding of what technology is actually running within their operational environments.
As operational technology (OT) systems become increasingly connected — bringing together legacy equipment, modern control networks, remote access, and IT interfaces — maintaining visibility of OT environments has become more complex. OT asset discovery provides the foundation for understanding what systems are in place, how they are connected, and where potential risks may exist.
For many organisations, asset discovery is the logical starting point when it comes to implementing OT cyber security in manufacturing. Without a clear view of assets and connections, it is difficult to make informed decisions about protection, risk, or compliance.
What is OT asset discovery?
OT asset discovery is the process of identifying, cataloging, and understanding all devices, systems, and connections within an operational technology environment.
This includes a wide range of assets, such as programmable logic controllers (PLCs), human–machine interfaces (HMIs), sensors, remote terminal units (RTUs), engineering workstations, servers, network devices, and the communication paths between them.
But the end goal of OT asset discovery is not simply to produce a list of equipment – there’s a difference between OT asset inventory and OT asset discovery. A meaningful discovery exercise provides context: what devices exist, how they communicate, what software or firmware they run, how critical they are to operations, and how they interact with other systems.
Why OT asset discovery matters
Without a clear picture of your assets, you can’t effectively protect them. OT environments often evolve over decades — with equipment added, upgraded or reconfigured by different teams or vendors — and documentation rarely keeps pace. This creates blind spots that attackers can exploit and that make risk management difficult.
An OT asset discovery exercise addresses this by giving organisations complete visibility into their operational landscape. That visibility brings several key advantages:
- Informed protection: You can’t defend what you can’t see. Asset discovery reveals every device connected to your network — including those you may have forgotten about or never documented.
- Reduced risk: Unknown or unmanaged devices often represent the greatest vulnerabilities. Identifying them allows you to patch, isolate or replace them before they cause problems.
- Compliance and accountability: Directives such as NIS2 and other OT security frameworks require organisations to demonstrate control and awareness of their assets.
- Faster response: Knowing what’s on your network allows for quicker containment and recovery in the event of an incident.
- Smarter investment: Understanding your environment helps prioritise cybersecurity budgets based on actual risk, not assumptions.
Many organisations are surprised by what asset discovery uncovers. We’ll often find legacy systems, vendor access pathways, or outdated firmware that are still operational, as well as existing documentation does not reflect how systems are actually connected or configured.
How OT asset discovery is carried out
Every environment is different, but, at Harpoon, our approach follows a consistent four-stage methodology designed to maximise accuracy while minimising disruption to live operations.
1. Discover
We use passive discovery and non-intrusive techniques to identify all OT-connected assets and communication flows across the environment. Passive discovery observes network traffic without actively querying systems, which is important in OT settings where unexpected traffic can cause devices to behave unpredictably. Where helpful, we supplement this with a review of existing documentation and conversations with site engineering teams to fill gaps that network monitoring alone may not capture.
2. Classify
Once assets are identified, we categorise each device by type, function, criticality, and operational role. This goes beyond producing a simple list. Understanding how critical a device is to operations, what software or firmware it runs, and how it interacts with surrounding systems is what turns raw discovery data into something genuinely useful for security decision-making.
3. Map
We visualise the connections, dependencies, and network topology across the environment. This gives organisations a clear picture of how systems interact, where critical dependencies exist, and where unexpected or undocumented connections have developed over time. For many clients, this is where the most significant findings emerge.
4. Report
Finally, we provide clear outputs tailored for both technical and executive audiences. Technical teams receive the detail they need to act. Senior stakeholders receive a clear summary of what was found, what it means for the organisation, and what the logical next steps are. Discovery findings are only valuable if they can be understood and acted on, so we put considerable care into how we present them.
OT asset discovery tools and technology
Carrying out an effective OT asset discovery exercise requires more than methodology. The right tooling helps ensure that data collection is accurate, non-intrusive, and appropriate for the specific environment.
A range of specialist OT asset discovery tools are available, each with different strengths depending on the environment type, network architecture, and the level of detail required. The most effective approaches typically combine passive network monitoring with data enrichment capabilities that can identify device types, firmware versions, communication protocols, and network dependencies, without actively querying systems or disrupting live operations.
Key capabilities to look for in OT asset discovery tooling include:
- Passive network traffic analysis to identify devices and communication patterns without touching live systems.
- Protocol support across the full range of OT communications, including proprietary industrial protocols that standard IT tools do not recognise.
- Device fingerprinting to identify asset type, manufacturer, firmware, and configuration details.
- Integration with existing security and asset management platforms to ensure discovery outputs can be used effectively across the organisation.
At Harpoon, we work with a select group of technology partners whose tools we have evaluated and trust in operational environments. These include Armis and Radiflow, each of which brings specific strengths in visibility, asset intelligence, and OT network monitoring.
Being vendor-agnostic means we recommend the tools that fit your environment and your organisation’s needs, not the tool we happen to sell.
What you typically receive from an OT asset discovery exercise
The output of OT asset discovery is a set of practical deliverables that can be used by both technical and non-technical stakeholders.
For example, at Harpoon we provide customers with:
- A full OT asset inventory (type, location, connectivity, metadata)
- An OT network & communication map to show how systems interact and where dependencies exist.
- Initial risk insights, including the identification of unmanaged, unknown, or undocumented assets
- Executive summary & technical support
Together, these outputs provide a reliable baseline for understanding the operational environment as it actually exists today.
How long OT asset discovery takes and what it involves for you
The duration of an OT asset discovery exercise depends on the size and complexity of the environment. For many small and medium-sized industrial organisations, discovery can typically be completed within a few weeks.
From the organisation’s perspective, involvement is usually limited. The process is designed to run alongside normal operations, with minimal disruption. Input may be required to confirm scope, provide access to documentation, or validate findings, but day-to-day operational impact is kept low.
Where OT asset discovery fits in the OT security journey
When to carry out OT asset discovery is almost as important as how you do it. It’s best viewed as a foundation rather than an end goal. A typical improvement journey often follows this progression:
- Establish visibility through asset discovery
- Use that visibility to assess risk
- Implement proportionate security controls
- Maintain visibility as environments evolve
Starting with asset discovery ensures that later decisions are based on accurate information. Without this foundation, organisations risk investing in security measures that only address part of the problem.
Taking the first step
In modern industrial environments, uncertainty is one of the biggest sources of risk. OT asset discovery replaces that uncertainty with clarity, giving organisations a factual understanding of their operational systems and how they are connected.
For organisations beginning their OT security journey, asset discovery provides a structured, low-risk way to establish visibility and build confidence in next steps — whether those involve risk assessment, segmentation, or longer-term security improvement. For more information, take a look at our OT asset discovery service, or book a free consultation call to talk with one of our team.
FAQs
An OT asset inventory is a list of known assets, often compiled from existing documentation or previous audits. OT asset discovery is the process of actively finding and verifying what is actually present in the environment. Discovery frequently reveals assets that are missing from existing records, misconfigured, or undocumented, which is why it produces a more reliable foundation for security decisions than an inventory alone.
Identification typically combines passive network monitoring, review of existing documentation, and in some cases physical walkdowns or conversations with engineering teams. Passive monitoring is usually the preferred approach in live OT environments because it observes traffic without actively querying systems, reducing the risk of disruption. The right combination of methods depends on the complexity and sensitivity of the environment.
Legacy systems present particular challenges because they often predate modern network documentation practices and may not respond to standard discovery methods. Passive monitoring tends to be the most reliable starting point, supplemented by physical inspection and knowledge held by site engineers. Gaining visibility into legacy environments is one of the areas where specialist OT experience makes the biggest practical difference.
IT asset discovery tools and processes are designed for managed, largely homogeneous environments where active scanning is standard practice. OT environments contain a much wider range of device types, many of which are sensitive to unexpected network traffic. Active scanning in an OT environment can cause devices to behave unpredictably or even fail. OT asset discovery uses methods specifically designed for these constraints.
For most small and medium-sized industrial organisations, a discovery exercise can be completed within a few weeks. Larger or more complex environments with multiple sites or network segments will take longer. The process is designed to run alongside normal operations, so day-to-day disruption is typically minimal.
Existing asset registers are a useful starting point, but they frequently become outdated as environments evolve. Equipment gets added, reconfigured, or connected by different teams over time, and documentation rarely keeps pace. An asset discovery exercise validates what is actually present against what is recorded, and regularly surfaces gaps that would otherwise remain hidden.
