Nowadays Industrial Control Systems are becoming large networks that can be accessed remotely, thus making them increasingly vulnerable to sophisticated security breaches.
The main purpose of the intrusion detection system is to identify entities attempting to breach the Industrial Network.
Standard intrusion detection systems include: Network Based (NIDS) and Host Based (HIDS). Our NIDS enables performing system installation without impacting the control environment.
The appliance is passive, and keeps track of all traffic on monitored segment(s).
It conducts real-time traffic analysis and packet logging, protocol analysis and content matching for disallowed application commands and default passwords.
Moreover, it detects new unauthorized systems on the network. It detects the following signature-based attacks variations/probes:
- OS fingerprinting
- Stealth port scans • Automatic signature updates
- Detects Modbus TCP, DNP3, ICCP and other SCADA / control system signatures
- Has the ability to detect usage of default passwords and commands of interest (reset, shutdown, etc.)
Our HIDS monitors performance and security events on the host system. It knows your system’s baseline of normal activities and alerts on abnormalities. In addition, it enables using application whitelisting.
• Real-time traffic analysis and packet
• Powerful event correlation
• Network activity scanning
• Agent designed for critical
• Limited CPU and network bandwidth
• No reboot required after installation
• Deep system health and performance
• Automatic data collection