Overcoming the complexity of Smart Manufacturing
Cyber threats to Operational Technology networks have in recent years been on the rise. Using widely-available tools, criminals, and increasingly nation-state actors, have set their sights on critical infrastructures, manufactures and other industrial operations that utilize ICS systems due to these systems’ inherent vulnerabilities and the high financial losses to manufacturing enterprises due to down-time of production lines.
Today’s manufacturing organizations face unique challenges and needs:
- Identifying, managing and mitigating risk: Industrial networks typically host an array of devices by multiple vendors. Understanding the risk introduced by each and the interplay between different business processes is key to adequate protection.
- The human factor: The widespread reliance on IoT-based automation, as well as the subsequent need to grant network access to in-house as well as 3rd-party (vendors, system integrators) personnel, have greatly increased manufacturers’ exposures to cyber-threats, either through malicious or erroneous human activity.
- Incident investigation & auditing: The transition to remote cloud-based industrial operations requires organizational changes as well as new tools for analyzing incidents, logging and reporting.
Dedicated Tools and Methods for Securing Industry 4.0
Industrial cyber security is one of the core features of transitioning to Industry 4.0.
The interconnectivity between the enterprise and its business partners and customers, the introduction of Industrial IoT devices and the dramatic increase in communication protocols (in the physical and application layers, smart logistics and production management, vertical integration between IT systems and OT networks and many other areas) all increase the complexity of the enterprise digital environment and its exposure to external and internal threats.
While many production facilities rely on a mix of DCS systems and supporting SCADA with PLCs for secondary systems, adequate protection requires a multi-prong approach to OT security: OT network visibility, identification of threats, real-time monitoring, OT-aware firewalls for zone segregation and risk management.
In addition, manufacturers need to prove compliance with various governing standards and regulations (e.g. IEC-62443).
Radiflow provides manufacturers with the tools to protect, visualize and safely maintain their systems:
- A complete visual model of the OT network: assets, connections, protocols and vulnerabilities
- CIA (Confidentiality, Integrity & Availability, as well as Safety) per-business process risk evaluation, using iRISK
- MSSP/SOC ready with alert prioritization triage and multi-iSID system management solution
- Attack vector and attacker capability analysis for alert prioritization and optimizing risk mitigation investment
- Compliance enabler for IEC 62443 and other common standards and regulations
- Strong vendor support and strategic partnerships with leading solution providers
Monitor and record all activities performed during maintenance sessions.
Secure data collection
Unidirectional DPI firewall between the corporate network and the production floor.
Display of network assets and connectivity changes, based on passive self-learning of the ICS network.
Detection of all changes in the production process sequence, abnormal memory access.
Per-session policies fortowards validation of specific commands and operational parameter ranges.
Monitoring and alerting for firmware changes, as well as configuration or critical command changes.
Dedicated, comprehensive solution
Radiflow’s solution suite for OT networks provides multi-layered cyber-protection, adaptable to the topology and operational characteristics of each user:
- The iSID Industrial Threat Detection system is a server-based software that analyzes all OT network traffic (via mirrored stream) to generate and display a network topology model, which serves as a baseline for detecting exceptions on the network. iSID packs six detection engines, each for a distinct threat vector or operational aspect: network visibility, maintenance management, cyber attack detection, policy monitoring and enforcement, anomaly detection and operational behavior measuring.
- The iSAP Smart Probe is a cost effective solution that enables collection of data from sub-networks to a central iSID server making it ideal for large chemical facilities with multiple primary DCS networks and secondary SCADA/PLC networks. iSAP enables sending data traffic to a central iSID without taxing the network, thanks to Radiflow’s advanced industrial compression algorithms.
- Radiflow’s Ruggedized Secure Gateways provides DPI-firewalled access to production processes, with configurable access rights for different stakeholders. The Gateways’ authentication proxy authenticates each user and restricts the user’s access based on role or predefined tasks.
Three-Tier Protection for Industrial Organizations
iSID: Industrial Threat & Vulnerability Detection
- System-wide visibility
- Auto-learning of assets, links & business processes
- Multiple security engines; Attack Vector Analysis
- Non-intrusive DPI analysis
- PLC monitoring for configuration changes
- Central or local (on-site) deployment
iCEN: Central Monitoring & Management for iSID
- System-wide view of assets, iSID health, alerts & maintenance status
- Centralized provisioning
- Dual display modes: map and tabular
- Local and remote (using AD)u00a0user management
- Ideal for OT-MSSPs
iSAP: Smart OT Data Traffic Collector
- Collection of all LAN traffic via port mirroring
- Compressed, filtered stream with unidirectional encrypted tunneling, for low-bandwidth connections
- Single iSAP per remote site
iSEG: Secure DPI-Firewall Gateways
- Authentication Proxy Access (APA) for user authentication & pre-configured task-basedu00a0access
- User activity log within each remote access session for compliance & auditing; validation ofu00a0user behavior using a per-port DPI firewall
- IPsec VPN for secure inter-site connectivity between manufacturing facilities
- Ruggedized appliances with Ethernet & Serial interfaces
- iSIM remote management dashboard for large iSEG arrays
CIARA: Industrial Risk Analysis & Management
- Assess the actual business-related impact of cyber-risk in OT networks with uniqueu00a0calculation of likelihood of attack
- Plain-language, prioritized mitigation recommendations
- Treat intelligence (TI)-based risk analytics and risk impact reports
- IEC 62443 reporting support
iSOC: MSSP Framework
- iSID and CIARAu00a0Optimized operation in OT-MSSP SOC setting
- iCEN for managing multiple instances of iSID
- Integration with leading industry CVE vulnerability database update and alert feeds