Guides
Log In
Guides

Asset and Network Traffic Visibility

Overview

Secure Remote Access (SRA) is enhanced through full visibility into OT network assets and their communication patterns. This capability introduces passive, agentless discovery that integrates with the network management plane, enabling continuous asset identification and traffic analysis without impacting OT environments.

At the core of this feature is the Fabric Controller, a new Cyolo component that connects to Cisco switches to collect telemetry and build a real-time view of network activity.

This visibility allows you to:

  • Maintain an up-to-date inventory of OT assets
  • Understand which assets communicate with each other and over which protocols
  • Identify remote access traffic that bypasses Cyolo
  • Detect potential policy gaps and unauthorized access paths

This foundation will support future OT segmentation capabilities.

Key Components

Fabric Controller:
A Cyolo component that connects to Cisco switches, collects passive telemetry, and forwards enriched asset and traffic data to the Cyolo platform.

Network Elements (Cisco switches):
Provide traffic telemetry used for passive asset discovery and connection mapping.

Asset Inventory:
Automatically generated and continuously updated list of discovered devices in the OT environment.

Connection Visibility:
Detailed mapping of communication flows between assets, including protocols and interaction patterns.

How It Works

  1. The Fabric Controller connects to onboarded Cisco switches.

  2. Switches provide passive telemetry about network traffic.

  3. The Fabric Controller analyzes this data to:

    • Discover assets (devices) on the network
    • Identify communication flows between assets

  4. Enriched data is securely forwarded through the Cyolo Private Gateway to the platform.

  5. The platform presents asset inventory and connection insights in the UI.

This process is fully passive and does not require scanning, probing, or network traversal.

Setup and Usage Flow

  1. Create a Fabric Controller
    Deploy and configure a Fabric Controller within your environment.

  2. Onboard Network Elements
    Add supported Cisco switches to the Fabric Controller.

  3. Establish Connectivity
    Ensure the Fabric Controller successfully connects to the onboarded switches.

  4. Automatic Asset Discovery
    The Fabric Controller passively discovers assets based on observed traffic.

  5. View Asset Connections
    Navigate to Assets > Connections to view:

    • Communicating asset pairs
    • Protocols in use
    • Traffic patterns across the network

Use Cases

  • Validate SRA enforcement by identifying traffic that does not pass through Cyolo
  • Detect unauthorized communication paths between OT assets
  • Gain visibility into unmanaged or unknown devices
  • Prepare for segmentation by understanding real traffic flows and dependencies

Notes

  • This feature is fully passive and safe for sensitive OT environments.
  • No agents, scanning, or active probing are required.
  • Initial release supports Cisco switch integration.