Traditionally, control systems are separated from secure networks, such as a corporate IT network and the Internet. As a result, their separation combined with physical and safety precautions could be deemed sufficient to ensure industrial control systems’ security. More and more companies with industrial control systems start to connect their OT networks with IT networks, thereby making OT networks more accessible to potential attackers.
OT protection is namely based on Scada Anomaly Detection (SAD). This system listens passively to all OT network traffic. Based on information thus acquired, the system performs network mapping, makes an inventory of all devices, and draws OT network topology.
Using data collected from the production system or other industrial production process, the system learns to identify any abnormal behavior. This process is based on the behavioral analysis concept. The system is highly flexible, able to react in near real-time to operating and security incidents, such as malware and viruses, unauthorized tampering with machinery, etc.
This diagram describes OT networks’ behavioral analysis. Scada Anomaly Detection (SAD) device is connected to a network switch mirror port, performing passive monitoring of all communication, subject to behavioral analysis. Based on this analysis, the system can detect network operating and security problems.
SAD solution is integrated with an industry-standard switch (Ruggedized Switch) that offers port monitoring while also providing security for VPN connections, either via a private network or a public mobile network. Furthermore, it includes serial port concentrator (terminal server) that allows for integrating devices communicating via serial lines.
blue, the colour of rivers, represents the flow of data communications - Green, the indicator of starboard on ships will help with navigation and improve the quality of communications