Nowadays Industrial Control Systems are becoming  large networks that can be accessed remotely,  thus making them increasingly vulnerable to  sophisticated security breaches.

The main purpose of the intrusion detection system  is to identify entities attempting to breach the  Industrial Network.

Standard intrusion detection systems include:  Network Based (NIDS) and Host Based (HIDS).  Our NIDS enables performing system installation  without impacting the control environment.

The appliance is passive, and keeps track of all  traffic on monitored segment(s).

It conducts real-time traffic analysis and packet  logging, protocol analysis and content matching  for disallowed application commands and default  passwords.

Moreover, it detects new unauthorized systems on  the network.  It detects the following signature-based attacks  variations/probes:

  • OS fingerprinting
  • Stealth port scans  • Automatic signature updates
  • Detects Modbus TCP, DNP3, ICCP and other  SCADA / control system signatures
  •  Has the ability to detect usage of default  passwords and commands of interest (reset,  shutdown, etc.)

Our HIDS monitors performance and security  events on the host system.  It knows your system’s baseline of normal activities  and alerts on abnormalities.  In addition, it enables using application whitelisting.

ADVANTAGES
• Real-time traffic analysis and packet
logging
• Powerful event correlation
capabilities
• Network activity scanning
• Agent designed for critical
infrastructure
• Limited CPU and network bandwidth
utilization (configurable)
• No reboot required after installation
• Deep system health and performance
details
• Automatic data collection

IDS APPLICATION CAPABILITIES