Leidos has just enhanced its Industrial Defender ASM® to support passive monitoring of ICS assets, now combining market leading active monitoring with full passive monitoring support. Adding passive monitoring support increases key asset visibility capabilities and enhances our customer’s ability to detect and prevent anomalous behavior.
WHAT IS ICS PASSIVE MONITORING?
ICS/SCADA systems were not designed to interface with modern IT security architecture. Typically they lack local intelligence or security awareness. Most ICS/SCADA systems are protected only by a firewall, leaving OT security operators with little understanding of who or what may be trying to penetrate and breach there systems. Passive monitoring helps fill this ICS visibility gap.
Passive monitoring deploys non-invasive network sensors that capture the communication between SCADA and PLC devices looking for possible threats. These devices listen to network traffic and have a learning capability that captures the typical communication between devices and report out when anomalous activity is detected.
The type of anomalous activity that can be detected through their learning capabilities;
- New Communication path or new device detected.
- Command to Start/Stop/Reload/ Firmware upload
- Repeated “stroking of a valve or other device” for example changing a pressure tanks set point from 0%, to 100% and repeating this process until the device has a catastrophic failure.
CHARACTERISTIC OF “GOOD PASSIVE MONITORING” TECHNOLOGY
Good passive monitoring technology takes advantage of reverse engineering proprietary communication protocols by capturing packet data while specific commands are sent to ICS devices.
- By understanding the ICS specific protocols such as CIP, DNP3, Modbus, they are able to extract important information from the communication between the PLC and SCADA systems.
- Ingest, normalize and package typical controller related traffic as operational and security events, e.g. PLC Stop/start/restart/firmware upload, Malware, Syn-floods.
- The ability to collect additional detail about the ICS devices, such as Serial Number, Model Number, Vendor, Firmware version, etc.
- Develop baselines and track changes to these assets.
Leidos has partnered with three market leading passive monitoring solutions; Nozomi Networks, ClarOTy and Security Matters to provide best of breed solutions to our customer’s needs for passive monitoring. Each of these solutions have been integrated with Industrial Defender ASM® and will be offered for sale by Leidos. We look forward to extending our Industrial Defender ASM with these new passive monitoring capabilities for our customers! Below is a short brief of each partners solution offer and pointers to their respective web sites.
Nozomi Networks – www.nozominetworks.com
The integrated Leidos and Nozomi Networks’ solution adds ICS intrusion detection and passive asset discovery and monitoring to Leidos’ Industrial Defender ASM. This strengthens the ASM’s ability to safely identify operational technology network assets and adds cutting-edge detection capabilities.
ClarOTy – https://www.claroty.com/
The Claroty platform is an award-winning suite of integrated products specifically designed for OT or ICS environments. It provides comprehensive protection, detection and response capabilities – yielding unmatched cyber risk management for OT or ICS networks.
SecurityMatters - https://www.secmatters.com
The SecurityMatters flagship product, SilentDefense, is an innovative OT network monitoring and intelligence platform that empowers industrial operators with unrivaled visibility, threat detection capability, and control of their network. Leidos will now offer the SilentDefense platform as one of their solutions to the complex security challenges faced by ICS asset owners in the utility and energy sectors today.