iSOC – Radiflow for MSSPs
Radiflow’s ICS/IIoT Security Solution for Managed Security Service Providers (MSSPs)
Features
Single-pane access
Single-pane access to all tenants’ iSID Industrial Threat Detection systems through the iCEN Central Provisioning & Alerting platform
Cloud topology-enabled
Cloud topology-enabled data analysis for ICS/IIoT intrusion detection
Low-bandwidth
Secure, low-bandwidth data collection and transfer using Radiflow’s iSAP industrial-grade collector and compression engine
CVE feed integration
Integration with leading industry CVE feeds for vulnerability database updates and alerts
IOC pushing
Pushing of Indications of Compromise (IOC) to select iSID systems
Reporting
Export of templated analysis reports for use in governance and compliance reports
Sample reports generated by Radiflow iSID
A holistic, single-pane ICS/SCADA security suite for MSSPs
Radiflow’s MSSP offering addresses the critical challenges facing ICS/IIoT security service providers: assuring secure and efficient data collection, analysis and transfer, as well as provisioning multiple detection engines, in a cloud environment.
With Radiflow’s offering, MSSPs are able to offer their ICS/IIoT-based tenants a unified, end-to-end solution suite, designed from the ground up for industrial operations:
- iSAP – data acquisition and transfer: at the OT network level, the iSAP hardware-based industrial-grade collector conveys (via GRE tunnel) an encrypted, bandwidth-efficient mirrored data stream to the iSID Industrial Threat Detection system at the MSSP. iSAP can also act as an IIoT switch, accepting ICS protocols and securely sending northbound traffic.
- iSID – threat and vulnerability detection: installed per-MSSP tenant, iSID provides real-time alerting for threats and vulnerabilities detected in the OT network. It provides visibility and insight to OT Asset Discovery, with full attributes for type, vendor, project and middleware version, as well as ICS/IIoT protocol-based deep packet inspection.
For cyber-reporting compliance, iSID exports compliant templated reports for visibility (including an inventory of all OT assets, network links, protocols, attack types and more), monitoring, and alert statistics.
iSID integrates with leading industry CVE feeds. When a new vulnerability relevant to a tenant asset data base is published, the tenant will be notified via iCEN. If requested, additional threat intelligence services can be integrated to push IOCs (Indications of Compromise) to iSID.
Sample reports generated by Radiflow iSID
iCEN – Single-pane central alerting, monitoring and provisioning platform
Installed and operated by the MSSP, iCEN provides single-pane monitoring, alerting and provisioning for multiple tenants’ iSID systems.
iCEN is available for both Multi-VM and Multi-Stack tenant deployments, allowing tenants to optimize their shared monitoring costs. To assure tenant separation, Radiflow does not recommend shared network and shared application deployments.
- iCEN Alert Monitoring: the single-pane iCEN cyber monitor module displays alerts triggered by all tenants’ iSID systems. In addition, iSID can interface with leading SIEM vendor to monitor IT and OT environments.
- iCEN Management: as a multiple iSID management platform, iCEN enables system monitoring, health checks and provisioning of threat intelligence updates such as attack signatures. iCEN’s single pane dashboard will alert the MSSP for malfunctions or overloads at any iSID instance belonging to tenants.
The iCEN management platform interface
Secure operation in Multi-VM or Multi-Stack environments
To prevent data leakage from one tenant to the another via iCEN, a special tokenizing solution has been applied which sends only de-classified information to the shared monitoring application.
MSSP Tier-1 SOCs will receive alert metadata to notify clients and proceed to incident response.
In certain scenarios Tier-2 & 3 SOCs will be able to log into the iSID on the relevant tenant for deeper incident investigation.
Implementation
Click to view full-size image