ABEGuardOT — FAQ

It is both, unified in one platform. ABEGuardOT handles the full operational picture: what assets you have, what their current state is, what vulnerabilities exist, what patches are approved and pending, who is logging in, what USB devices are connecting, what the firewall and antivirus status is, and what CISA and NIST are currently warning about. The goal is not just to see risk — it is to let your team act on it immediately from one place.

ABEGuardOT consolidates more than 25 individual OT security and management functions into one platform: asset inventory, vulnerability management, patch management with vendor approval tracking, credential monitoring, USB device control, OS and service monitoring, group policy tracking, software and hardware management, CISA and NIST advisory alerts, remote view and recording, lifecycle management, backup monitoring, file change tracking, a built-in Syslog server, and automated reporting. These are capabilities that most organizations currently address with five to ten separate tools — or not at all.

ABEGuardOT is a centralized OT Asset Management and Security Visibility Platform built specifically for Industrial Control Systems (ICS), SCADA, Distributed Control Systems (DCS), and PLC environments. It was developed by engineers with 30+ years of process control automation experience — not an IT security company that adapted an existing product for OT. ABEGuardOT gives plant and control system engineers full visibility of all OT assets, vulnerabilities, patches, credentials, and system changes from a single interface.

IT asset management tools are designed for corporate networks running standard enterprise software. They assume network scanning is safe, that systems can tolerate reboots during business hours, and that all devices speak standard IT protocols. OT networks are different. PLCs, DCS controllers, and SCADA systems are often running 24/7 processes where unexpected traffic or a forced reboot can cause production outages or safety incidents. ABEGuardOT uses a passive folder-based agent — no network scanning, no system-level installation, no DLL changes, no reboots required. It collects data without touching the controller logic.

ABEGuardOT is built for control systems engineers, OT security teams, plant managers, and operations staff at industrial facilities. The interface is modeled after familiar OT tools (resembling CAD and DCS operator interfaces), not IT security dashboards. Alerts are managed like process alarms — with acknowledge, shelve, and ignore capabilities that OT personnel already understand.

Yes. ABEGuardOT includes a built-in Syslog server and a RESTful API. The Syslog server allows events and conditions to be forwarded to any external Syslog-compatible system. The RESTful API allows any data collected by ABEGuardOT to be shared securely with third-party applications including SIEM platforms, data historians, ERP systems, and custom dashboards.

Yes. ABEGuardOT automatically collects and ingests CISA (Cybersecurity and Infrastructure Security Agency) alerts and advisories. When CISA publishes a new ICS advisory, ABEGuardOT cross-references it against your asset inventory and generates alerts for affected devices. This is built into the platform — no separate subscription or manual process is required.

Yes. Reports can be scheduled to run automatically and delivered by email in Excel, CSV, HTML, or PDF format. This enables hands-off compliance reporting, management dashboards, and shift handover summaries with no manual effort.

ABEGuardOT cross-references device data against NIST.gov, Microsoft, and individual vendor databases to identify applicable vulnerabilities for every asset in the process network. Multiple dashboards allow you to focus on the highest-risk, lowest-remediation-complexity threats first. Vulnerabilities are displayed with CVE details, severity scores, vendor approval status, and recommended remediation steps.

ABEGuardOT tracks all available and installed patches for monitored assets and compares them against vendor-specific approval lists. In OT environments, applying an unapproved patch can void vendor support or introduce instability — ABEGuardOT lets you import approved patch lists from Schneider, Honeywell, Emerson, and other vendors so you only see patches cleared for your specific systems. The Deployment Manager allows you to push Windows patches, Windows Defender updates, McAfee updates, and custom updates to individual stations or your entire inventory.

ABEGuardOT can manage assets and conditions across multiple plants, refineries, or facilities from a single server and interface. The overview dashboard shows a geographic or hierarchical view of all sites, with key metrics for each — percentage of devices patched, antivirus status, OS lifecycle status, backup completeness, active conditions, and vulnerability counts. Site-to-site comparisons are available to identify which plants are lagging on security posture.

OT systems run for decades. Components go end-of-support, vendors stop releasing firmware updates, and hardware becomes impossible to source — often without the plant being aware. ABEGuardOT’s Lifecycle Management module tracks the support status of every hardware component, firmware version, operating system, and application across your inventory and alerts you when end-of-support dates are approaching. This allows proactive budget planning and risk-informed decisions rather than discovering that a critical DCS component has been unsupported for two years.

Remote View allows control system engineers to view the live screen of any server monitored by ABEGuardOT. Sessions can be recorded, creating an audit trail of what happened on any monitored system. This has proven particularly valuable for incident investigation (to determine exactly what changed and when) and for training scenarios (to capture and replay how procedures were executed).

ABEGuardOT includes 70+ pre-configured alert conditions covering authentication events, hardware thresholds, security status, USB activity, vulnerability exposure, antivirus status, backup status, and more. Each alert can be acknowledged, shelved, or ignored — the same workflow OT operators use with process alarms. Alerts can be sent to individuals or specific groups (for example, sending credential alerts to IT while sending DCS firmware alerts to the Controls team and patch status to Management). Users can also create custom alert conditions with no limit on complexity.

SCCM and Intune are IT management tools designed for domain-joined Windows devices running standard enterprise software. They do not understand OT-specific data (DCS controller firmware, PLC configuration, vendor patch approval lists, OT protocol communication). They cannot distinguish between an IT workstation and a DCS engineering workstation, and applying standard IT policies to OT systems can cause instability. ABEGuardOT is vendor-aware, OT-protocol-aware, and designed to work alongside (not replace) your OT vendor’s existing management tools.

No. ABEGuardOT complements your existing OT vendor software — it does not replace it. It provides visibility and management across your entire multi-vendor OT environment from a single pane of glass, which your individual vendor tools cannot do since each vendor only sees their own equipment.

Yes. ABEGuardOT scales from small single-site deployments to global multi-site enterprises. The server requirements for a small deployment are modest (a quad-core server with 16GB RAM handles up to 50 devices). Pricing reflects the actual scope of deployment — you are not paying for large-enterprise infrastructure you do not need.

Network-based OT detection platforms (that use passive network taps and deep packet inspection) are strong for threat detection and protocol analysis. They are designed for large enterprise OT/IT integration scenarios and come with significant cost, sensor hardware requirements, and IT-oriented interfaces. They do not include patch management, do not have built-in Syslog servers, do not offer remote view, and do not handle lifecycle management. ABEGuardOT is not a replacement for network monitoring in every scenario, but for mid-sized to large industrial facilities that need comprehensive OT asset management with practical tools their engineers can actually use, ABEGuardOT covers significantly more ground at a significantly lower cost.

IT security scanning tools operate by actively probing network devices for open ports, services, and vulnerabilities. In IT environments this is acceptable. In OT environments — where PLCs and DCS controllers are running continuous processes — unsolicited network traffic can cause unexpected behavior, communication timeouts, or controller faults. Tenable OT (formerly Indegy), Nessus, and similar tools were built on IT scanning heritage and require significant tuning to avoid disrupting OT systems. ABEGuardOT uses a passive folder-based agent with no active scanning of controllers. It was designed from the start for OT — by engineers who have spent their careers working inside process control systems.

Yes. IEC 62443 requires organizations to maintain an accurate asset inventory, track software and firmware versions, manage patches, monitor for security events, and control access to industrial systems. ABEGuardOT directly addresses these requirements through its asset inventory, patch management, vulnerability management, credential monitoring, and alert system modules.

ABEGuardOT supports several NERC CIP requirements including asset identification and inventory (CIP-002), security patch management (CIP-007), physical and electronic access controls monitoring (CIP-006, CIP-007), and incident response support through audit logs and remote view recording. Contact ABEware to discuss your specific NERC CIP compliance requirements.

Yes. ABEGuardOT maps to the five NIST CSF functions: Identify (asset inventory, vulnerability assessment), Protect (patch management, access control monitoring, USB device management), Detect (condition monitoring, CISA/NIST alert integration, anomaly alerting), Respond (alert routing, remote view, query tool), and Recover (backup monitoring, lifecycle management, change tracking).

Contact ABEware by email at sales@abeware.com or by phone at +1 508-446-3393. The team will walk you through a live demonstration of ABEGuardOT against a real OT environment.

ABEGuardOT is priced competitively — often matching or beating the cost of single-function point solutions that cover only a fraction of what ABEGuardOT provides. Multi-system purchases receive significant discounts. Contact sales@abeware.com for pricing specific to your environment size.

ABEware serves any industry operating OT/ICS environments including chemicals, utilities and water treatment, oil and gas, metal and mining, petrochemicals, pharmaceuticals, pulp and paper, and food and beverage manufacturing.

ABEGuardOT supports Windows 7 and Windows Server 2008 R2 and newer. Many OT environments run on legacy Windows versions that cannot be patched or upgraded without extensive vendor requalification — ABEGuardOT is built with this reality in mind and does not require upgrading underlying systems to deploy.

Yes. Emerson DeltaV is a supported DCS environment. ABEGuardOT can inventory DeltaV assets, monitor system changes, track vulnerabilities cross-referenced against NIST and Emerson’s own advisories, and manage the full lifecycle of DeltaV components.

Yes. ABEGuardOT has native support for Honeywell Experion DCS systems. It can monitor assets, track firmware and OS versions, manage vulnerabilities, and apply patch management workflows that respect Honeywell’s vendor-approved patch schedule.

Yes. Control Logix, MicroLogix, and Compact Logix are all supported.

Yes. Both Schneider Electric EcoStruxure Foxboro DCS and EcoStruxure Triconex (including Tricon, Trident, CX, and Tri-GP safety systems) are supported.

ABEGuardOT supports managed devices from Cisco, Fortinet, Palo Alto Networks, Advantech, Netgear, Gigamon, Blackbox, Buffalo Tech, Enterasys/Extreme Switches, Watchguard, and QNAP/Synology NAS drives, among others.

Windows 7 through Windows 11, Windows Server 2008 R2 through Windows Server 2022, and Linux distributions including Ubuntu, CentOS, Debian, Fedora, Redhat, OpenBSD, and FreeBSD. VMware ESXi, VCenter, and Hyper-V are also supported.

ABEGuardOT supports all major OT/ICS vendors including: Rockwell Allen Bradley (Control Logix, MicroLogix, Compact Logix), Schneider Electric EcoStruxure Foxboro DCS, Schneider Electric EcoStruxure Triconex (Tricon, Trident, CX, Tri-GP), Honeywell Experion, Emerson Delta V, Siemens Simatic 7, HIMA, and Omron PLC. Custom drivers are also available using standard OT/IT protocols including OPC DA, OPC UA, Ethernet IP, SNMP, MQTT, CIP, Modbus, and LLDP.

Both options are supported. ABEGuardOT can be deployed on-premises within the plant network, or as a cloud-based solution depending on your security and operational requirements.

No traditional installation is required. The agent is dropped into a designated folder and runs from there. It leaves no Registry entries, makes no DLL changes, and does not require a system reboot. If a customer wants to stop collecting data, they simply delete the folder. There is no uninstaller needed.

No. All asset data is collected, managed, and stored on your own servers. Nothing is transmitted externally. This is a deliberate design decision to maintain data sovereignty, support regulatory compliance, and meet the security requirements of critical infrastructure operators.

Yes. ABEGuardOT supports clustered deployments, allowing the workload to be spread across multiple smaller servers rather than a single large machine.

Yes. ABEGuardOT is designed for air-gapped, network-segmented, and legacy-heavy OT environments. All asset data is stored locally. No internet connection is required for the platform to function. CISA and vulnerability database updates can be managed through your controlled update process.

ABEGuardOT uses a lightweight folder-based agent — a folder placed on the C: drive of monitored systems. The agent is a standalone executable with no Registry dependencies and no DLL changes. It collects data using PowerShell commands encapsulated in Python scripts and transmits data back to the ABEGuardOT server on a schedule defined by the customer. It can even run from a shared network location in some configurations, requiring no local copy on the monitored machine. No active scanning of controllers or PLCs occurs, which eliminates the risk of disrupting running processes.

A typical deployment is completed within 3 hours. This is significantly faster than competing solutions that require sensor hardware, enterprise manager installation, and extended configuration periods.

For up to 25 concurrent users monitoring up to 50 devices: a quad-core 3GHz CPU, 16GB RAM, and 100GB of storage (SSD preferred). For larger environments: 50 users/100 devices requires an 8-core system with 32GB RAM; 150 users/250 devices requires a 16-core system with 64GB RAM. ABEGuardOT can also be deployed as a server cluster to distribute workload. For environments larger than 250 devices, contact ABEware for custom sizing.