Network Monitoring and Secure Access for Manufacturing
The manufacturing environment has undergone many changes in recent years, the result of globalization, fluctuations in the price of raw materials and consumers’ demand for high quality.
To stay competitive, manufacturers increasingly rely on IoT and other “Smart Factory” technologies. These technologies maximize efficiency and quality, and can be controlled from anywhere, 24/7, with real-time updates from the factory floor.
The downside of the Smart Factory is exposure to cyber threats. And though awareness has been developing steadily, most manufacturers that invest in cyber security technologies still purchase IT security solutions, even though such systems won’t protect their production processes.
Industrial Control Systems (ICS), which run the production floor, are fundamentally different from IT networks; therefore, many attacks on the ICS network would not be detected by IT security solutions. What’s needed is a solution designed specifically for ICS networks. Many production facilities rely on a mix of DCS systems and supporting SCADA with PLCs for secondary systems, adequate protection requires an ICS-dedicated, multi-prong approach which includes full visibility into the OT network; identification of threats; real-time monitoring of anomalies and OT-aware firewalls for zone segregation.
A Multi-Faceted Approach to Industrial Cybersecurity
Radiflow’s end-to-end solution combines its powerful Secure Gateway and its iSID Intrusion Detection System (IDS). Together they enable the detection of sophisticated cyber-attacks aimed at disrupting production processes.
The Radiflow 3180 Secure Gateway provides access to the production floor, with different access rights for each stakeholder. The Gateway’s authentication proxy authenticates each user and restricts the user’s access based on role or predefined tasks (e.g., for a maintenance technician, the Gateway would restrict which PLC To access, during which time slot, the types of commands approved for use, etc.) Furthermore, all sessions are recorded for auditing purposes.
Radiflow’s secure gateway enables manufacturers to maximize production line uptime by granting remote access to PLC vendors for monitoring their device’s behavior and overall health.
Radiflow’s iSID Industrial Intrusion Detection System (IDS) was designed to protect production floor operations by capturing and logging suspicious network traffic and detecting anomalies, such as unusual network scanning and changes in the production process model.
This is achieved through real-time analysis of all network traffic, which is validated against a dynamic baseline network behavior model created by the IDS (using passive network scanning). The IDS will issue alerts for anomalies in the production floor that may indicate an insider attack (e.g. a malware on one of the PLCs.)
Dedicated, comprehensive solution
Radiflow’s solution suite for OT networks provides multi-layered cyber-protection, adaptable to the topology and operational characteristics of each user:
- The iSID Industrial Threat Detection system is a server-based software that analyzes all OT network traffic (via mirrored stream) to generate and display a network topology model, which serves as a baseline for detecting exceptions on the network. iSID packs six detection engines, each for a distinct threat vector or operational aspect: network visibility, maintenance management, cyber attack detection, policy monitoring and enforcement, anomaly detection and operational behavior measuring.
- The iSAP Smart Probe is a cost effective solution that enables collection of data from sub-networks to a central iSID server making it ideal for large chemical facilities with multiple primary DCS networks and secondary SCADA/PLC networks. iSAP enables sending data traffic to a central iSID without taxing the network, thanks to Radiflow’s advanced industrial compression algorithms.
- Radiflow’s Ruggedized Secure Gateways provides DPI-firewalled access to production processes, with configurable access rights for different stakeholders. The Gateways’ authentication proxy authenticates each user and restricts the user’s access based on role or predefined tasks.
Monitor and record all activities performed during maintenance sessions.
Secure data collection
Unidirectional DPI firewall between the corporate network and the production floor.
Display of network assets and connectivity changes, based on passive self-learning of the ICS network.
Detection of all changes in the production process sequence, abnormal memory access.
Per-session policies fortowards validation of specific commands and operational parameter ranges.
Monitoring and alerting for firmware changes, as well as configuration or critical command changes.