Interesting question.
Mark Fox

Hi Mark,

Almost all of the products have a “passive only” option that does not require installing any software. It looks at data from a switch span ports or network taps.

The “active” solution does not require software to be installed on a computer or Level 1 device, but it does send ICS protocol packets on the network.

Some of the solutions have optional agent solutions as well. These tend to be more easily accepted when the ICS vendor signs off / partners with the security vendor.

