iRISK – Industrial Risk Analytics
Improve network management and increase threat-mitigation ROI with business-driven Industrial Risk Analytics
Business-Driven Industrial Risk Analytics
Each and every asset, protocol, port or other network element in an industrial network introduces an inherent amount of risk.
The amount of risk reflects the vulnerability of the asset to known threats and the criticality of the business process the asset belongs to, and is available in the form of a CVE (Common Vulnerabilities and Exposures) document.
For operators seeking to further optimize their risk mitigation expenditure, Radiflow’s iRISK Industrial Risk Analytics solution provides the actual impact of the introduced risk, which can be quantified either monetarily or based on its health, environment and safety (HSE) effects. Offered as a cloud service, the iRISK analytics process can be done either continually or on an ad-hoc basis, without the need for on-site permanent deployment.
Applying a unique quantitative (data-driven) approach (rather than a human-qualitative approach one), iRISK weights the network’s digital production (asset, protocols, etc.) image and business process prioritization from Radiflow’s iSID, based on the likelihood of a risk materializing, on historical IT & OT protocol attack data (used as benchmarks for similar networks), and on IT & OT vulnerability data (CVSS).
The weighted data is used to run network-wide attack simulations and inter-asset attack vectors. The ultimate result is a comprehensive real-world assessment report, as well as risk prioritization and recommendations for mitigation.
The actual impact of a cyber-risk accounts the criticality of the business process it’s associated to (as defined in iSID) and the likelihood of an attack.
iRISK combines network and business process information from iSID with research data to provide an accurate, real-world risk assessment
Assess real-world impact
Assess the actual business-related impact of an industrial network’s overall cyber-risk
Contextual risk assessment
Contextual assessment of threat likelihood, based on analysis of historical data and IT/OT CVSS reports
Support for IEC 62443 Reporting
Central-location deployment (using iSAP Smart Collectors) or local deployment at remote sites
Increase ROI with reduced overall cyber-risk as well as data-driven risk mitigation and asset management
Automatically-generated risk analytics and risk impact reports, based on up-to-date OT TI
iRISK is offered as a service, eliminating the need for permanent on-site deployment.
Risk Visibility and Recommendations
iRISK’s automatically generates a full risk-status report, detailing network properties, overall risk score, extent of risk introduced by devices and protocols, likelihood of lateral threat movement between business processes, potential attack paths and more. The process is triggered automatically each time a change is detected on the network.
In addition, iRISK provides applicable remediation recommendations according to NIST guidelines, specifying which corrective actions improve network’s security posture.
For example, iRISK would recommend that the operator segment the network or allow only firewalled access to certain assets, which eliminate several attack vector exploits and improve the cyber risk score by a certain amount.
Part of Radiflow’s Full-stack industrial cybersecurity solution
iRISK is an integral part of Radiflow’s OT-dedicated network security solution, alongside the iSAP Low-bandwidth Smart Collector, iSID Industrial Threat Detection & Network Visibility and iCEN: Central management for multiple instances of iSID. The overall solution responds to the needs or industrial organizations of all types and sizes, including organizations who choose to use the services of an managed security services provider (MSSP).
Compliance with IEC 62443 CSMS
iRISK provides compliance with the relevant sections in IEC 42443 CSMS regarding risk assessment:
- 62443-2-1: Define your Business Rationale (based on the nature and magnitude of financial, HSE, and other potential consequences should IACS cyber incidents occur.)
- 62443-1-1 3.2.88: Risk assessment process that systematically identifies potential vulnerabilities to valuable system resources and threats to those resources; quantifies loss exposures and consequences based on probability
- 62443-2-1 A.22.214.171.124: Automated Risk and Vulnerability assessment report
- 62443-2-1 A.126.96.36.199.3: Automated High level Risk Assessment report
- 62243-2-1 188.8.131.52: Conduct risk assessments throughout the lifecycle of the IACS
- 62243-2-1 184.108.40.206: Maintain vulnerability assessment records
- Mitigation Recommendation & Prioritization