In the age of Industry 4.0, industrial networks, such as SCADA networks, are not isolated anymore. They need to be open so that they can be easily connected to other industrial networks, industrial control systems but also the central process management and accounting like in SAP systems. Additionally, collaborations in processing and automation across companies and continents require de facto a connection to the Internet. This makes these industrial networks vulnerable to various types of network attacks. Since industrial networks often control critical processes, such electricity and water distribution, it is crucial that they are protected in the best possible way. This is where cognitix Threat Defender comes in.
Threat Defender can be installed at all interconnection points in an Industry 4.0, SCADA and other production network. This means Threat Defender can be deployed on all layers of an industrial network and also between the layers:
• On the Enterprise & Planning layer, Threat Defender monitors, analyzes and protects the Enterprise IT network.
• On the Control & Monitoring layer, it monitors, analyzes and protects SCADA networks.
• On the Production layer, it monitors, analyzes and protects production systems from external and internal threats.
cognitix Threat Defender uses its low latency, layer-2-based packet processing core to enforce behavior-based policies. If it is set up in whitelisting mode, Threat Defender only allows specified protocols and signals to pass through the network. This effectively blocks any undesired traffic. Threat Defender also uses behavior anomaly detection based on machine learning to detect abnormal machine to machine communication.
Multiple Threat Defenders installed in an industrial network can upload their monitoring logs to Threat Central, the cognitix central management and reporting platform to analyze incidents. With the additional Threat Analytics, machine learning is used to detect hidden patterns in the traffic. Based on the analysis results, security experts can make predictions and devise suitable strategies to enhance the security and operation of the system.
Threat Defender supports (detects and understands) the most common M2M protocols such as SCADA, Siemens S7Comm, IEC61850, OPC UA, Modbus, MQTT, AMQP, BACnet, DNP3, JBK3000 and many more in addition to the >10.000 'standard' layer 7 applications and protocols. Individual extensions and support for vendor-specific protocols and protocol extensions can also be easily added.