Cybersecurity for OT just got better
The growing digitization in industrial automation applications introduces critical cybersecurity threats into traditional industrial applications. Such risks include targeted attacks on operational technology, or OT, as well as IT attacks that span into OT networks. These risks are especially critical to distributed SCADA networks that span multiple remote sites, where an attack can result in catastrophic disruption of national infrastructure services.
iSID-PA is an industrial threat detection app for the Palo Alto Networks’ Cortex Framework. The Cortex Framework enables organizations to quickly deploy new security capabilities without needing to provision additional hardware or software. It also offers a suite of APIs developers can use to connect innovative apps with rich data, threat intelligence and enforcement points. Organizations gain immediate security value from apps developed by an open ecosystem of trusted innovators.
The iSID-Cortex integration provides Cortex user with a host of new capabilities, including:
- Auto-mapping of all OT assets, including their detailed inventory parameters.
- Enrichment of Palo Alto Firewall’s detection rules with detection information from iSID (e.g. newly detected assets, vulnerability data)
- Alerts on known vulnerabilities in deployed PLCs as well as attempts to use known exploits of IT and OT devices.
- DPI analysis of all sessions detecting deviations from predefined operational policies.
Radiflow iSID and Palo Alto Networks’ Cortex
Radifow iSID is a threat detection system for ICS/SCADA networks. The tool enables monitoring of industrial networks by mapping the IT and OT assets, and then providing situational awareness as well as real-time alerts on any behavioral anomalies.
iSID uses multiple security engines in parallel, each offering a unique capability. These engines detect potential anomalies, such as changes in network topology in the session used between devices, use of known exploits, deviations from predefined DPI policies of M2M sessions and changes in PLC configurations.
The Palo Alto Networks’® Cortex prevents successful cyberattacks through intelligent automation. Cortex combines network and endpoint security with threat intelligence and accurate analytics to help streamline routine tasks, automate protection and prevent cyber breaches.
Tight integrations across the platform and with ecosystem partners deliver consistent security across clouds, networks and mobile devices, natively providing the right capabilities at the right place across all stages of the attack lifecycle.
Use Case: Logic change in industrial controllers is not well protected.
- Response: Monitor maintenance sessions to each controller and validate each change process.
- Benefit: Radiflow iSID understands the maintenance protocols of the industrial controllers. It monitors and raises alerts on suspicious operations in addition to validating the content of any firmware or logic changes.
Use Case: Up-to-date inventory information on industrial assets and their vulnerabilities is lacking.
- Answer: Radiflow iSID monitors operational parameters that each controller publishes and compares them to known vulnerabilities.
- Benefit: iSID provides up-to-date inventory information for the industrial network.
Basic Elements and Data Flow