INDUSTRY

The number of attacks on Operational Networks is increasing from year to year. These are particularly vulnerable, as security was not a priority when they were designed. Devices in such networks have an incomparably longer life expectancy, even up to 10 years, and at the same time any changes and updates are undesirable, as we often can not afford to fail. 

Outdated protocols that already have known vulnerabilities are also common, and it is not possible to replace them without replacing the entire system.

IT / OT

IT / OT comparison

Due to the differences between information and operational technologies, cybersecurity in industry needs to be addressed in a slightly different way. The tools and good practices used are similar, but their configurations, purpose, and priorities vary widely.

In the world of cyber security, we know three security concepts: Integrity, confidentiality and accessibility. Their order of priority, however, is reversed between IT and OT.

OT

Accessibility

Integrity

Confidentiality

PRIORITY

HIGH

MEDIUM

LOW

IT

Confidentiality

Integrity

Accessibility

This means that in the industry, the failure of the System is the last thing we want. While in information networks the outage is to some extent acceptable, the confidentiality and accuracy of the information is more important.

Detection of Anomalies in OT

The traffic flowing through the Operating Networks is much more predictable, mostly the same devices communicate with each other using the same protocols.

Therefore, safety anomaly detection systems can operate with very high accuracy. To operate, they need a copy of all the traffic we make by mirroring the interfaces on the switches. This traffic is brought to the analytical server, where the system in the initial phase of learning creates a network model that includes all devices present in the network, connections between them and many other data that can be collected in a passive way.
Various methods are used to detect anomalies, the main ones being the comparison of traffic with the created model, the base of already known attacks in OT environments, etc.

Get in touch.

We will get back to you within 24 hours.