New threat detection services from Rockwell Automation, designed specifically for industrial networks, map normal network behavior and use the company’s monitoring services to detect and alert operators of irregularities and potential threats in real time.
The first step in successfully detecting threats is taking inventory of the environment, according to Rockwell Automation. Threat detection services reportedly take a product-agnostic approach to create a robust asset inventory across both IT and OT systems in an industrial operation. Diving deep into industrial network protocols, threat detection software maps all of the end user’s network assets and how they communicate with each other.
“Our threat detection services are a passive, nonintrusive security solution,” says Umair Masud, consulting services portfolio manager, Rockwell Automation. “This is crucial because we don’t want to adversely impact complex, industrial control systems by introducing new traffic onto the network."
Once the entire environment is charted, the tool identifies normal operating procedures and creates a baseline. Any deviations from this baseline are annunciated in the form of context rich alerts. The alerts are integrated with Rockwell Automation monitoring services to help inform the response and recovery process. The process includes incident impact analysis, containment and eradication protocols. The end user is alerted if a security threat is detected and the predetermined response plan is enacted based on the criticality of the anomaly. The plan includes defined workflows that safely outline the recovery steps to be taken to return to a fully operational state.
For more information, visit: www.rockwell.com
