iSID - Industrial Threat Detection
Radiflow’s iSID Industrial Threat Detection System for SCADA networks is a server-based software that analyzes the OT network traffic in order to protect against cyber threats.
iSID combines two distinct competences: SCADA/ICS modeling and Anomaly detection. It receives a parallel (mirrored) stream of all network traffic and analyzes it to both generate and display a network topology model, and serve as a baseline for detecting exceptions indicating unauthorized traffic.
iSID’s functionality can be further enhanced through integration with third-party solution providers’ offerings, including Production Database (Historian) Value Analysis from Aperio and Vulnerability Intelligence from dark-web sources by Sixgill.
Six detection engines:
- Self-Learning of the SCADA network topology
- Passive Scanning and optional Active Scanning
- View events from the entire network (with optional filtering)
- Central Management of maintenance operations
- Policy configuration for specific time slots
- Auditing for all activities performed during maintenance
- Known PLC vulnerabilities
- Known Protocol vulnerabilities
- Sensitive commands
- Policy Monitor on every link (Detection mode)
- Integration with Radiflow Gateway for policy enforcement.
- Central Management of Radiflow Gateways.
- Learning device Sampling time
- Passive Machine Profiling
- Detecting abnormal memory access to devices
Measuring Operational Behavior
- Detecting abnormal Delays in the link
- Detecting abnormal rate of packet dropping
- Detecting abnormal rate of retransmit