These network monitoring products provide some of the functionality needed to close some of the major cybersecurity gaps.
iSID (Industrial Threat Detection) & Network Monitoring
iSID provides automated asset inventories, vulnerability management workflows, and anomalous system behavior detection. Passive network monitoring is used to create a digital image of a system’s assets and communication patterns using deep packet inspection (DPI). The digital image provides users with the detailed information they need to manage vulnerabilities and evaluate security advisories efficiently. Also included in iSID are passive network monitoring and the digital image, which can be used to address a variety of other security needs that can arise in OT environments:
- Network Visibility – Detects changes in system networks and behavior (e.g., new devices, new connections, new sessions).
- Cyber Attacks – Network monitoring for incoming traffic and known threats to industrial networks, including PLCs, RTUs, and industrial protocols.
- Policy Monitoring – Monitoring of network traffic for violations of user-defined policies. This includes things like valid commands (e.g., “write to controller”) and valid operational ranges (e.g., “don’t set turbine speed higher than 800 rpm”).
- Maintenance Management – Detecting erroneous commands executed during system maintenance activities on the network. Users can set up work orders for specific devices and time slots, and maintenance logs can be used for compliance reporting and troubleshooting.
- Anomaly Detection – When comparing the network message with the digital image, abnormal behavior is detected, considering factors such as device sampling time and changes in operational values.
- Operational Behavior Monitoring – Auditing remote devices (PLCs, RTUs, and IEDs) and alerting on any firmware changes or configuration modifications (e.g., software updates or turning edge devices on and off) and activity logging.
If you have a large facility that needs on-site threat monitoring, iSID can be deployed either centrally or locally at each remote site. iSID can also be extended with additional products from Radiflow. A central management console that aggregates information from multiple sites (iCEN), smart probes that collect network information from remote sites (iSAP), and a DPI gateway that enforces NERC CIP and IEC-62443 zoning requirements (iSEG).
Image source: arcweb.com
CIARA (OT Risk Assessment & Management) for Network Monitoring
CIARA is Radiflow’s latest product. It offers sophisticated network monitoring and risk simulation capabilities that can be used to guide mitigation efforts and plan security investments. CIARA’s simulation combines information about the system, known vulnerabilities, current security controls, and known threat actors to generate a detailed, system-specific evaluation of security risks. A demo of this product impressed ARC with its comprehensiveness and decision-support capabilities. CIARA’s risk assessment process consists of four steps designed to meet the recommendations in IEC-62443-3-2:
Step 1 – Getting to know your network
An assessment of risk begins with identifying all of the assets, vulnerabilities, connections, and protocols that an attacker could leverage in an attack. The image can be obtained from iSID or through integrations with other network monitoring solutions.
Step 2 – Defining Network and initial risk assessment
A security zone and conduit are taken into consideration. The recommended target security levels for each zone are based on asset types (which can be adjusted by the user). Using the MITRE ATT&CK framework, Mandiant, and other sources of information, threats, and their associated techniques and tactics are identified based on industry and geography.
This data is used to generate estimates of the likelihood of successful compromises based on simulations of attacks. Initial security assessments are conducted on unmodified systems to establish a solid baseline. Every time a user wants to assess risks after changes to the system or threat landscape, they repeat this step. Simulating these cases takes into account all security controls already in place.
Step 3 – Identifying the Risks and Security Gaps in Each Zone
Users can view radar charts that illustrate the security status of each zone relative to its security level target value. In addition, it provides a list of security controls that can be used to mitigate unacceptable risks. Those security controls can be selected and their risk reduction impact can be seen. It can also automatically recommend controls based on what will lead to the greatest risk reduction. Recommendations can also take budget constraints into account.
Step 4 – Develop a risk mitigation plan and implement security controls
As security controls are applied, CIARA is updated to provide an ongoing assessment of system security. CIARA is an innovative product that helps industrial companies manage security throughout the lifecycle of an industrial system. It can be used by security consultants during security assessments to identify risks and recommend security investments. Using it, owners can periodically assess the risks associated with proposed system changes and identify actions they should take in response to changes in the threat landscape. MSSPs can use CIARA to understand the significance of system alerts and develop security recommendations for their clients.
Network Monitoring Services by On-Demand Engineers
Technology has grown tremendously in this digital age, which means they need for network engineers is extremely high. There are many network engineer professionals available on the market. Professionals who are skilled, talented, and certified are always in demand by companies in need of their specific networking project needs. The role of a network engineer varies from company to company and project to project.
Among the responsibilities of a Network Engineer are installing and configuring hardware and software, creating system backups, and monitoring system performance.
On a freelance marketplace like FieldEngineer (FE), you can find on-demand network engineers to help you reduce hiring costs. Get started today!
