Description
OT (Operational Technology) is typically known to represent conventional manufacturing, industrial process controls, robots and PLC/DCS (Programmable Logic Controller/ Distributed Control System) that operates without networking capabilities.
However, with the advent of networking technology and there is an increasing demand to integrate systems into different machines and processes into high-speed data highway, which allows better performance, real-time data exchange and real-time control.
HMI (Human Machine Interface) used to be proprietary mini or micro-computers. Cost pressure and the need for faster time to market, have driven HMI manufacturer to adopt Windows based OS and PC.
Nonetheless, by harnessing the latest software and networking technology to achieve better performance, ICS has also subjected itself to: -
❖ Viruses
❖ RATs (Remote Administration Tools)
❖ Worms
❖ Myriad of malwares
That are commonly used to attack IT networks and
IT systems.
The convergence of IT/OT is driving the desperate need in new security capabilities.
A constantly enlarging attack surface of OT is also driving the need to deploy an adaptive security strategy to OT, which includes adoption of detection, prevention and predictive capabilities. The most viable solution to these problems is a product with the features that: -
❖ Help to mitigate threats
❖ Intelligently preserve OT environment and
operations viability to guarantee safety
❖ Provides a single integrated, actionable
platform to deliver the right information with
precision
Another Key Challenge arises as computers and networks required for these systems becomes larger, with increase complexity, and tightly interconnected,
Examples of these requirements would be:
❖ Redundant and resilient network designs
❖ Need of remote access and security
Asset Discovery
No effective monitoring could be possible without understanding the environment. Our advance Asset Discovery mechanism, allows us to map out the logical network diagram of the monitored environment.
Characterization of data flow between nodes on the network can provide insights to the behavior of the ICS network under normal condition.
Upon detection of anomalies which deviates from the “learned behavior” (Normal Condition), ADPICS alert algorithm will trigger alerts with detail information of the violations. For instance, any newly added computers such as a client HMI to the network, will also trigger an alert. However, if this is the intended design, then the operator could simply accept the alert as “normal” and the newly added node will be accepted as part of the network. Given a different scenario, whereby an
EWS (Engineering Workstation), is connected without consent or by an insider with malicious intent, this alert will be useful as it will have to be acknowledged and logged for forensic or periodic reporting purpose.
Dashboards can be customized based on the criticality of data or information. Some of the customised widgets
includes: -
• Alert Manager Quick Summary View
• ICS Network Environment Summary
• Intelligence Sensors Monitoring
• Real-time Network Traffic Monitoring
• On-demand ICS-related Monitoring Chart
Alert Manager
An anomaly could happen anytime and without a real-time alerting system, these critical assets would be at risk. The Alert Manager provides the operator with the first-hand information of all probable anomalies that were detected, thus immediate remedial action could be performed effectively to prevent further escalation
of any signs of anomaly.
Multiple attentive notifications are available at ADPICS user interface such as alerts notification alarm, Quick summary table of alerts in common dashboard. By selecting specific alert in Alerts Manager, a detailed alert or potential threat information is provided to reduce the hassle of troubleshooting and forensic efforts.
Alert status updating mechanism for operator or management will provide a comprehensive surveillance on alerts to mitigate any potential threat happens to the ICS.
Artificial Intelligent for intelligent threat detection
AI-powered threat detection engine, by using Machine Learning algorithm in anomaly detection in real-timed
manner that provides labor and hassle-free anomaly detection process in real-time. This feature minimizes
false-positives with highly sensitive and calibrated machine learning algorithms.
More detail about NetEon Communication Sdn Bhd