Sep 17, 2019 | Radiflow team
Securing a distributed manufacturing operation spanning multiple production facilities is always a challenge. The challenge is compounded when it comes to securing chemical manufacturing operations, due to the devastating environmental damages and threat to human life resulting from of a potential cyber-attack.
When a global specialty chemicals manufacturer, a market leader in its field, published a tender for implementing an enterprise-wide cybersecurity solution for its production lines, twelve of the most prominent OT security vendors applied.
The tender specified the scope and the business objectives of the project:
The tender selection process included a scoring of feature compliance, field proof-of-concept (for both network visibility and for anomaly detection) and visits to reference sites.
The customer’s current cyber-security system deployment covers well its IT networks.
However, when these tools were applied to the OT network, key functional gaps arose such as the system’s inability to handle OT-specific network protocols.
Radiflow’s proposed solution was based on the company’s iSID Industrial Threat Detection System. The solution called for an instance of iSID to be installed locally at each production plant.
As each plant incorporated multiple subnets, an instance of Radiflow’s iSAP Smart Collector was installed on each subnet to send a mirrored stream of all TCP/IP data traffic to the local iSID. And while sending such volumes of data over the plant’s LAN would typically overload the network, iSAP’s proprietary filtering and compression algorithms are able to greatly reduce data volume, saving the need to make changes to the customer’s LAN.
The collected TCP/IP data is used by iSID to self-learn the network and construct a network topology model, which includes all assets, ports and protocols, along with their full properties, as well as mapping each to its appropriate business process.
This model serves to provide full visibility into the OT network and for detection of attempted attacks, violation of access policy to the industrial controllers, management of maintenance activities and monitoring of logic changes on controllers.
What’s more, iSID is able to prioritize the risk associated with each specific controller by weighing in the criticality of each business process and analyzing the interplay between different systems.
iSID also integrates into SIEMs by different vendors at each plant, providing the customer with a unified alerting system.
As the customer operates dozens of facilities with different types of systems and topologies, the project, which is expected to take three years to completion, requires close cooperation between the customer and Radiflow to optimize the solution capabilities which may evolve over the project lifecycle.
Radiflow research team utilizes a machine-learning infrastructure to quickly parse additional protocols and provide full visibility for all the assets in each site where the system is deployed.
The customer has stated the following reasons for selecting Radiflow:
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3
Cybersecurity e Safety: le sfide della Transizione 5.0 | 15 novembre 2024
