Network Monitoring Partnership

Monday, July 25, 2016 @ 05:07 PM gHale


By Gregory Hale
In a move to bring manufacturers additional visibility and detection capabilities, an OT security provider and an IT networking security provider are partnering in a move to monitor the industrial environment.

With an already complex industrial network poised to become even more sophisticated with the Industrial Internet of Things (IIoT) to help boost productivity and profitability, SCADAfence decided to partner with Gigamon to provide a joint cybersecurity solution.

RELATED STORIES
Network Monitoring Tool Updated
HUG: Threats Hike, but there are Solutions
The Wireless Edge
ICS Components Still Connected to Internet
Ransomware Masked as Rockwell Update

With the industry just at the beginning stages of adopting IIoT, the idea of increased network visibility through a monitoring solution is becoming one of the hot trends in the industry. It only makes sense with more sensors bringing in more data and more connections from multiple locations, the attack surface for systems already under siege, remains poised to become much larger.

The hope is by adopting IIoT, manufacturers will become more productive, easier to manage and more cost-effective to operate. However, the major technology changes taking place have exposed mission critical systems. That is where more network visibility comes into play.

“Gigamon developed a technology that allowed a tapping in on an environment for a network and collecting network traffic from various locations within the network without interrupting the activity that is occurring,” said Yoni Shohet, co-founder and chief executive at SCADAfence. “They are mostly selling to the IT environment and they are interested in working with the industrial network.”

SCADAfence is taking a core IT solution and adding in its OT expertise.

“Gigamon is collecting the traffic and they need an application that will analyze it to provide different benefits for the users. We are partnering to use the Gigamon platform to passively and in a non-instrusive manner, collect traffic from various locations within the network and aggregate them to a centralized location. Then the SCADAfence solution can analyze it to provide customers with visibility, detection capabilities and risk management activity within the industrial environment.”

The offering provides Gigamon’s technology to provide visibility of network traffic from across the ICS/SCADA environment. The network traffic then goes to SCADAfence’s continuous monitoring solution, which analyzes the internal communications, including industrial protocols deep packet inspection (DPI).

The goal of the partnership is to:
• Detect a variety of cyber-attacks, from previously-known malware and disclosed vulnerabilities to new, sophisticated attack vectors
• Monitor and detect non-malicious operational threats such as misconfigurations and human errors
• Increased, industrial protocol context-aware, network visibility including automatic asset discovery, asset inventory and network topology
• Enhanced and faster response to events while determining root cause to minimize reoccurrence