Understand what communicates, why it communicates and where controls are needed
Industrial networks often develop over many project phases, expansions and vendor packages. Over time, undocumented links, flat network segments, unrestricted protocols and remote-access paths can make the environment difficult to manage and protect. An industrial network review creates visibility of the current architecture and identifies practical improvements without treating the plant as a standard office network.
Review scope
Network architecture
- Physical and logical topology
- Switch structure
- Ring or redundant architecture
- Network hierarchy
- Control-system boundaries
- Package-unit connections
- IT and OT interfaces
Segmentation
- VLAN design
- Subnet structure
- Broadcast domains
- Routing boundaries
- Zone definitions
- Safety-system separation
- Control and supervisory layers
- Engineering-access paths
Communication flows
- PLC-to-PLC communication
- PLC-to-SCADA communication
- HMI communication
- Historian connections
- OPC communication
- Modbus TCP
- Time synchronisation
- Engineering traffic
- Vendor communication
- Internet or cloud-connected paths
Protective controls
- Industrial firewalls
- Access-control lists
- Router rules
- Switch port security
- Unused-port management
- Remote-access gateways
- Jump hosts
- Demilitarised zones where applicable
- Monitoring points
Availability and resilience
- Single points of failure
- Redundancy
- Loop prevention
- Broadcast exposure
- Network storms
- Critical communication dependencies
- Time-source dependencies
- Recovery configuration
- Configuration backups
Documentation
- Network drawings
- IP address lists
- VLAN lists
- Port maps
- Firewall rules
- Communication matrices
- Device inventory
- Remote-access documentation
- Zones-and-conduits diagrams
Typical deliverables
- Current-network summary
- Architecture observations
- Network diagram updates
- Communication-flow findings
- Segmentation findings
- Exposure points
- Remote-access findings
- Availability concerns
- Documentation gaps
- Prioritised recommendations
- Proposed target architecture at an agreed level
- Optional engineering workshop
Review planned around operational constraints
The review is normally performed using available drawings, configuration exports, interviews and agreed non-disruptive observations. Active scanning or intrusive testing is not performed unless it is explicitly agreed, appropriately authorised and considered safe for the industrial environment.
Explore related inspection services
Select a related service or contact route for your requirement.
OT Cybersecurity
Overview of OT cybersecurity assessment services.
Learn more →IEC 62443 Assessment
IEC 62443-aligned review of architecture, access controls and lifecycle activities.
Learn more →OT Security Gap Analysis
Structured comparison of current OT security posture against agreed requirements.
Learn more →Request a Consultation
Submit network information and review requirements.
Open request form →Contact
Discuss industrial network review requirements with Kalman Control.
Learn more →