Incorporating Radiflow’s iSID in a managed OT SOC

   Apr 10, 2018 | Radiflow team

In recent months, Radiflow, a leading provider of industrial cybersecurity solutions for critical infrastructure, has launched a new program to enable its value-added partners to offer managed Security Operations Center (SOC) services for Operational Technology (OT) networks with industrial control systems (ICS) and supervisory control and data acquisition(SCADA) systems.
The need for a highly professional, cost effective integrated SOC solution has become eminent following the recent increase in cyberattacks on ICS/SCADA installations around the world.

 

At the core of Radiflow’s OT SOC tool kit is the company’s iSID Industrial IDS (Intrusion Detection System). iSID protects OT networks and ICS/SCADA environments by alerting on breach attempts and cyberattacks into the OT network by flagging potential risks based on deep network learning and asset mapping. iSID offers six security packages, for Network Visibility, Cyberattack Detection, Policy Monitoring, Routine Management, Asset Management and Behavior Monitoring, to cover each and every operational situation and scenario.

 

 

 

OT SOC

 

 

For its OT SOC partners, Radiflow also provides its iSAP Smart Probe for collecting, efficiently and securely transferring OT network traffic from customer sites to the managed SOC. This solution provides the following benefits:

 

Patented traffic compression, reaching ratios of 1:10 – drastically reducing the bandwidth requirements between remote sites and the central analysis location
Complete preservation of original traffic information required for analysis, such as MAC address and TTL, which in some cases may be lost (e.g. during transit through a router)
Secure and robust transport method, which overcomes practical ICS segregation, such as one-way-links
Protection of customer information by whitening network traffic during inter-site flow
For customer sites where an online link from the remote site to the SOC is not available, Radiflow provides its iREC Recorder to passively capture the site’s network traffic and send it for offline analysis at the SOC.

 

The program was launched following an extensive implementation at a managed OT SOC operated by YANAI, a prominent Israeli electrical engineering company. YANAI’s SOC, which is manned 24×7 by both cybersecurity and industry (electricity, water, etc.) experts, enables the quick detection and professional management of cyber events at customer sites. Furthermore, by sharing resources, customers are able to reduce OPEX and practically eliminate CAPEX, while utilizing equipment that would be outside the reach of individual operators.

 

The inclusion of iSID within YANAI’s triple-tier SOC has allowed YANAI to broaden its target customer base, adding customers from the electricity, renewable energy, water, building management and other industries. By transitioning to a managed OT SOC, YANAI’s customers were able to improve their cybersecurity operations and lower their operational and human resources costs.

 

Radiflow’s OT SOC partner program is targeted at system integrators already working in the OT space that want to extend their service offering and provide their customers with ongoing managed security services.The OT SOC program can also serve as an entry point for IT managed security service providers (MSSPs) that want to enter the OT space. For these partners, Radiflow provides a powerful toolkit for analyzing events from multiple OT customers. Furthermore, the toolkit provides ongoing trend information so that Managed SOC operators can quickly detect emerging threats.

 

Radiflow also provides its OT SOC partners with extensive knowledge transfer and support for conducting initial and ongoing security assessments of customer OT operations, including mapping of operational assets, analyzing revealed threats and vulnerabilities, and providing recommendations for a risk mitigation plan.

 

Download this Case Study in PDF format

Additional Resources

Request Demo Contact Us
Skip to content