iSOC – Radiflow for MSSPs

Radiflow’s ICS/IIoT Security Solution for Managed Security Service Providers (MSSPs)

Features

Single-pane access

Single-pane access to all tenants’ iSID Industrial Threat Detection systems through the iCEN Central Provisioning & Alerting platform

Cloud topology-enabled

Cloud topology-enabled data analysis for ICS/IIoT intrusion detection

Low-bandwidth

Secure, low-bandwidth data collection and transfer using Radiflow’s iSAP industrial-grade collector and compression engine

CVE feed integration

Integration with leading industry CVE feeds for vulnerability database updates and alerts

IOC pushing

Pushing of Indications of Compromise (IOC) to select iSID systems

Reporting

Export of templated analysis reports for use in governance and compliance reports

Sample reports generated by Radiflow iSID

Sample reports generated by Radiflow iSID

A holistic, single-pane ICS/SCADA security suite for MSSPs

Radiflow’s MSSP offering addresses the critical challenges facing ICS/IIoT security service providers: assuring secure and efficient data collection, analysis and transfer, as well as provisioning multiple detection engines, in a cloud environment.

With Radiflow’s offering, MSSPs are able to offer their ICS/IIoT-based tenants a unified, end-to-end solution suite, designed from the ground up for industrial operations:

  • iSAP – data acquisition and transfer: at the OT network level, the iSAP hardware-based industrial-grade collector conveys (via GRE tunnel) an encrypted, bandwidth-efficient mirrored data stream to the iSID Industrial Threat Detection system at the MSSP. iSAP can also act as an IIoT switch, accepting ICS protocols and securely sending northbound traffic.
  • iSID – threat and vulnerability detection: installed per-MSSP tenant, iSID provides real-time alerting for threats and vulnerabilities detected in the OT network. It provides visibility and insight to OT Asset Discovery, with full attributes for type, vendor, project and middleware version, as well as ICS/IIoT protocol-based deep packet inspection.

For cyber-reporting compliance, iSID exports compliant templated reports for visibility (including an inventory of all OT assets, network links, protocols, attack types and more), monitoring, and alert statistics.

iSID integrates with leading industry CVE feeds. When a new vulnerability relevant to a tenant asset data base is published, the tenant will be notified via iCEN. If requested, additional threat intelligence services can be integrated to push IOCs (Indications of Compromise) to iSID.

Sample reports generated by Radiflow iSID

Sample reports generated by Radiflow iSID

iCEN – Single-pane central alerting, monitoring and provisioning platform

Installed and operated by the MSSP, iCEN provides single-pane monitoring, alerting and provisioning for multiple tenants’ iSID systems.

iCEN is available for both Multi-VM and Multi-Stack tenant deployments, allowing tenants to optimize their shared monitoring costs. To assure tenant separation, Radiflow does not recommend shared network and shared application deployments.

  • iCEN Alert Monitoring: the single-pane iCEN cyber monitor module displays alerts triggered by all tenants’ iSID systems. In addition, iSID can interface with leading SIEM vendor to monitor IT and OT environments.
  • iCEN Management: as a multiple iSID management platform, iCEN enables system monitoring, health checks and provisioning of threat intelligence updates such as attack signatures. iCEN’s single pane dashboard will alert the MSSP for malfunctions or overloads at any iSID instance belonging to tenants.

The iCEN management platform interface

Sample reports generated by Radiflow iSID

Secure operation in Multi-VM or Multi-Stack environments

To prevent data leakage from one tenant to the another via iCEN, a special tokenizing solution has been applied which sends only de-classified information to the shared monitoring application.

MSSP Tier-1 SOCs will receive alert metadata to notify clients and proceed to incident response.

In certain scenarios Tier-2 & 3 SOCs will be able to log into the iSID on the relevant tenant for deeper incident investigation.

Implementation

Click to view full-size image