Key Concepts

CoreSight relies on several fundamental concepts to model and secure your cyber-physical architectures.

1. Assets

An asset represents any hardware or software entity detected or declared on the network.

• IT Assets (Information Technology): Servers, workstations, switches, routers, firewalls.
• OT/ICS Assets (Operational Technology): Programmable Logic Controllers (PLC), Human-Machine Interfaces (HMI), sensors, actuators, SCADA servers.
• ANSSI Assets: Organizational entities, business processes, informational assets.

2. Relations (Edges)

Relations model the physical or logical links or dependencies between assets:

• Network Link: Specific TCP/UDP flow or general communication.
• Application Dependency: A Web service depending on a database.
• Physical Link: Network cabling from a device to a switch.

3. Security Zones

Inspired by the IEC 62443 standard, CoreSight allows you to partition the network into homogeneous security zones. Each zone groups assets with similar security requirements and defines clear boundaries to analyze inter-zone flows (via firewalls).

4. Vulnerabilities & Risk Score

CoreSight associates known vulnerabilities (CVEs) extracted or ingested with each asset. The global risk score (from 0 to 10) is dynamically calculated by combining:

• The maximum severity of associated CVEs (CVSS scores).
• The inherent criticality of the asset defined by administrators.
• The asset's position in the network (internet exposure).