24x7 ICS, SCADA & OT MDR
Home / Services & Solutions / Managed Services / 24x7 ICS, SCADA & OT MDR
Overview
24x7 Threat Monitoring of Industrial Control Systems (ICS), SCADA Networks and OT environments require a specialized approach and expertise. Beyond Command and Control, there are Field Devices and Communication networks that must be considered as part of the attack surface. Critical Infrastructure has become a high-value target for many state-sponsored attackers and this bad actor activity is on the rise, so 24x7 threat monitoring is now a necessity.
The Challenge
Attackers work 24x7, while most organizations technical support staff do not… This creates delayed response to cyber threats, and attacks on critical infrastructure can have devastating consequences. Additionally, most SIEMs and XDRs don't have support for many legacy protocols and devices, so visibility is very limited and purpose-built toolsets are needed. Exacerbating the challenge is the effort required to analyze all security events, which can be unrealistic without outside help. Not to mention tighter cybersecurity budgets and the fact that recruiting and retaining cybersecurity analysts is probably the most challenging it has been in decades.
How We Deliver It
InfoSight's Security Operations Center (SOC) operates as your own trusted cybersecurity team providing you with real time 24x7 threat monitoring, analysis, escalation, and where possible triage and remediation. We bring a co-managed approach to security monitoring, and we accomplish our tasks by delivering multiple security packages for comprehensive threat detection.
We enable non-disruptive monitoring of distributed ICS networks for changes in topology and behavior, using multiple security packages, each offering a unique capability pertaining to a specific type of network activity:
NETWORK VISIBILITY: Using passive scanning of all OT network traffic, iSID creates a visual network model for all devices, protocols and sessions, with alerts upon detected topology changes (e.g. new devices or sessions.)
CYBER ATTACK: The Cyber Attack package handles known threats designed to the ICS network, including PLCs, RTUs and industrial protocols, based on data from open-source intelligence as well as our own cyber research.
POLICY MONITORING: Define/modify policies for each network link, for validating specific commands (e.g. “write to controller”) and operational ranges.
ANOMALY DETECTION: The Anomaly Detection package creates a behavioral network model using multiple parameters, including device sequence sampling time, and more, toward detecting behavioral anomalies.
OPERATIONAL BEHAVIOR: Monitor and audit the management of devices (PLC, RTU & IED) at remote sites, with alerts for firmware changes or configuration modifications (e.g. software updates or turning edge devices on or off) and activity logging.
MAINTENANCE MANAGEMENT: Limit network exposure during scheduled maintenance by creating work orders for specific devices during set time windows. A log report of all maintenance activities is issued upon session completion.
Just the Facts
Key Benefits
Central-location deployment
Collectors) or local deployment at remote sites
Network traffic analysis of ICS protocols based on DPI
Supervision over configuration changes in PLCs
Model-based anomaly detection analytics, signature-based
detection of known vulnerabilities
Non-intrusive network operation
Low false-alarm rate
Central management of multiple iSID instances using iCEN