As the number of industrial security threats continues to rise, manufacturers are taking a closer look at risks to their environments. The new threat detection services from Rockwell Automation help manufacturers and industrial operators monitor, detect and respond to increasingly complex security threats.
Designed specifically for industrial networks, the new set of services map normal network behavior, and use Rockwell Automation monitoring services to detect and alert operators of irregularities and potential threats in real time. Integrating industrial security software from providers who understand operational functions within industrial protocols can help secure and optimize the industrial control network while offering visibility across all levels of the OT environment. This means not only threat detection, but real-time monitoring and deep network insights across your assets.
“We are seeing security threats bypass network perimeters more easily,” said Sid Snitkin, vice president, ARC Advisory Group. “In general, if you can’t prevent a threat before it enters the perimeter, the next best thing is to detect when it gets inside and has the potential to affect operations.”
The first step in successfully detecting threats is to be able to inventory your environment. The threat detection services take a product-agnostic approach to create a robust asset inventory across both IT and OT systems in an industrial operation. Diving deep into industrial network protocols, threat detection software maps all of the end user’s network assets and how they communicate with each other.
“Our threat detection services are a passive, nonintrusive security solution,” said Umair Masud, consulting services portfolio manager, Rockwell Automation. “This is crucial because we don’t want to adversely impact complex, industrial control systems by introducing new traffic onto the network.”
Once the entire environment is charted, the tool identifies normal operating procedures and creates a baseline. Any deviations from this baseline are annunciated in the form of context rich alerts. The alerts are integrated with Rockwell Automation monitoring services to help inform the response and recovery process. This process includes incident impact analysis, containment and eradication protocols.
The end user is alerted if a security threat is detected, and the predetermined response plan is enacted based on the criticality of the anomaly. This plan includes defined workflows that safely outline the recovery steps to be taken to return to a fully operational state.
The new set of services is built on top of threat detection software, created by Claroty, an Encompass Product Partner of the Rockwell Automation PartnerNetwork program.