Network Monitoring and Secure Access to Production Floors

The manufacturing environment has undergone many changes in recent years, the result of globalization, fluctuations in the price of raw materials and consumers’ demand for high quality.

To stay competitive, manufacturers increasingly rely on IOT and other “Smart Factory” technologies. These technologies maximize efficiency and quality, and can be controlled from anywhere, 24/7, with real-time updates from the factory floor.

The downside of the Smart Factory is exposure to cyber threats. And though awareness has been developing steadily, most manufacturers that invest in cyber security technologies still purchase IT security solutions, even though such systems won’t protect their production processes.

Industrial Control Systems (ICS), which run the production floor, are fundamentally different from IT networks; therefore, many attacks on the ICS network would not be detected by IT security solutions. What’s needed is a solution designed specifically for ICS networks.

Radiflow’s end-to-end solution combines its powerful Secure Gateway and its iSID Intrusion Detection System (IDS). Together they enable the detection of sophisticated cyber-attacks aimed at disrupting production processes.

The Radiflow 3180 Secure Gateway provides access to the production floor, with different access rights for each stakeholder. The Gateway’s authentication proxy authenticates each user and restricts the user’s access based on role or predefined tasks (e.g., for a maintenance technician, the Gateway would restrict which PLC To access, during which time slot, the types of commands approved for use, etc.) Furthermore, all sessions are recorded for auditing purposes.

Radiflow’s secure gateway enables manufacturers to maximize production line uptime by granting remote access to PLC vendors for monitoring their device’s behavior and overall health.

Radiflow’s iSID Industrial Intrusion Detection System (IDS) was designed to protect production floor operations by capturing and logging suspicious network traffic and detecting anomalies, such as unusual network scanning and changes in the production process model.

This is achieved through real-time analysis of all network traffic, which is validated against a dynamic baseline network behavior model created by the IDS (using passive network scanning). The IDS will issue alerts for anomalies in the production floor that may indicate an insider attack (e.g. a malware on one of the PLCs.)

Features

Maintenance Logging

Monitor and record all activities performed during maintenance sessions.

Secure data collection

Unidirectional DPI firewall between the corporate network and the production floor.

Network Modeling

Display of network assets and connectivity changes, based on passive self-learning of the ICS network.

Anomaly detection

Detection of all changes in the production process sequence, abnormal memory access.

Policy management

Per-session policies  fortowards validation of specific commands and operational parameter ranges.

Asset management

Monitoring and alerting for firmware changes, as well as configuration or critical command changes.

Implementation