Radiflow’s proposed solution was based on the company’s iSID Industrial Threat Detection System. The solution called for an instance of iSID to be installed locally at each production plant.
As each plant incorporated multiple subnets, an instance of Radiflow’s iSAP Smart Collector was installed on each subnet to send a mirrored stream of all TCP/IP data traffic to the local iSID. And while sending such volumes of data over the plant’s LAN would typically overload the network, iSAP’s proprietary filtering and compression algorithms are able to greatly reduce data volume, saving the need to make changes to the customer’s LAN.
The collected TCP/IP data is used by iSID to self-learn the network and construct a network topology model, which includes all assets, ports and protocols, along with their full properties, as well as mapping each to its appropriate business process.
This model serves to provide full visibility into the OT network and for detection of attempted attacks, violation of access policy to the industrial controllers, management of maintenance activities and monitoring of logic changes on controllers.
What’s more, iSID is able to prioritize the risk associated with each specific controller by weighing in the criticality of each business process and analyzing the interplay between different systems.
iSID also integrates into SIEMs by different vendors at each plant, providing the customer with a unified alerting system.