Solution, Process and Current Status
The first stage in the project was conducting a thorough OT-security assessment. This involved analyzing a few days’ worth of operational data traffic by Radiflow’s iSID Industrial Threat Detection system, operating in Learning Mode.
Once completed, iSID provided a detailed network model, including all assets, ports, open connections and protocols and vulnerabilities/risks associated with different assets.
As expected, the network model revealed a slew of vulnerabilities, from lack of segmentation between critical systems and networks to mundane configuration issues, such as use of default passwords or unpatched devices.
The results of the network analysis were processed by the Radiflow team members that had accompanied the project since inception, resulting in a comprehensive status report and mitigation plan.
Then, in collaboration with the client, the detected vulnerabilities were remedied, resulting in a “clean” baseline topology model which was used thereon for ongoing monitoring, threat detection and alarming also incorporated iSID, this time in Detection Mode.
In addition, using rule-based alerts for specific devices, iSID created a central monitoring point for critical systems, with alerts for exceeding different sensor or controller values, as well as changes to controller logic or adding devices to the network.