September 20th, 2015 – Sentryo, a cybersecurity solutions vendor for the Industrial Internet and machinetomachine networks, announces the immediate release of Sentryo ICS CyberVision.
ICS CyberVision is designed to protect critical industrial networks. It helps to minimize the risk of industrial networks being compromised by providing the network manager with full situational awareness. This includes a map of all communication flows within the network as well as detailed reports providing a full inventory of network devices, and detailed information about all identified vulnerabilities. ICS CyberVision relies on machine learning technology to build a model of the system which will allow for the detection of abnormal events. Finally, ICS CyberVision facilitates incident response by gathering all of the information required for forensic investigations.
In a first for the cybersecurity market, this solution has been developed in cooperation with leading industrial partners including the Commissariat à l’Energie Atomique (Nuclear Energy Commission). ICS CyberVision is the appropriate response to the cybersecurity challenges faced by industrial systems in fields such as energy, transport, manufacturing and public infrastructure.
ICS CyberVision relies on passive sensors that analyze flows on the network in order to extract metadata which characterizes the operation of the command and control network. This data is then aggregated on the CyberVision server which dynamically generates a network map, providing the manager with a snapshot of the situation. This allows them to see what devices are connected, with whom these devices communicate and where points of weakness exist. Sensors are placed on the network according to its topology and the risk analysis. This will typically be behind the SCADA stations on the control network behind the outbound connections (firewall or wifi) on the field network.
Installing ICS CyberVision does not require any changes to the existing network topology. The sensors used are “plug and play” and easy to deploy. They work in “diode” mode ensuring that under no circumstances could they interfere with the network. Additionally, ICS CyberVision does not require a lengthy and cumbersome configuration.
Currently, when there is a serious security incident, cybersecurity experts spend weeks reconstructing the history of the operation to find out the root cause of the incident. To avoid this, ICS CyberVision acts like a flight recorder, recording and organizing all relevant information. According to Laurent Hausermann, Sentryo COO, “Bridging the gap between OT (Operational Technology) professionals and IT professionals is a major challenge and a key success factor in the effective protection of industrial networks. By providing a common language and helping them to share the same perception of risk, ICS CyberVision facilitates collaboration between these two worlds.”