Do you have visibility into the factory floor and processes while data networks live in a parallel universe?
Operational Technology (OT), whether factories or other infrastructure, is increasingly getting connected, but often lacks behind the IT networks in cybersecurity monitoring. Do any of the following challenges sound familiar?
Lack of visibility on network assets and missing dynamic tracking of the new assets
Missing network segregation or no mechanisms to verify the segregation
Network connectivity has evolved over time and is unclear
In this situation, it is beneficial to start from identifying the assets and connections first. While an IT-like approach, e.g. attack detection is useful also in the OT networks, jumping straight to the deep end can lead to noise and false positives.
How SensorFleet can help
SensorFleet NDR solution hosts and runs a diverse set of network monitoring capabilities (Instruments) on a single open platform. The user can build visibility into their networks in a stepwise approach, e.g.:
- Add Instruments like Asset Guard, Beacon and PortDiff for inventorying the assets and connections, hardening and closing the unnecessary services while at it.
- Once the baseline has been established, use these same Instruments for continuous integrity monitoring.
- The next step could be systematic log collection with the help of Log Forwarder, or attack detection with the Suricata IDS Instrument.
- Now you have comprehensive 24/7 detection capabilities up and running. Maybe it’s good time to add Instruments aiding in forensics, such as Netflow collector and Traffic Recorder? It is just few clicks away.
Processing the results
While SensorFleet provides tools for processing the alerts and built-in forensic Instruments, many customers opt for exporting the data into a SIEM. We provide interfaces for an easy SIEM integration to various platforms, e.g. Azure Sentinel, Elastic Stack and many more.