ICS/OT Security

Systems for the protection of the ICS/OT environment are crucial for reducing the risk of incidents from a security perspective and for ensuring the continuity of process tasks within organizations. System protection in the energy, water, oil, natural gas and other industries with common control systems, including SCADA systems, distributed control systems (DCS) and programmable logic controllers (PLC), is executed by implementing a range of solutions.

With the escalating prevalence of highly sophisticated cyberattacks, investing in cybersecurity has evolved from a luxury to an absolute necessity. Within this realm, Operational Technology (OT) security holds its distinctive focal points. Apart from recognizing OT protocols, asset managers prioritize operational continuity over security. Additionally, the prolonged lifespan of assets presents challenges in maintaining up-to-date systems. All of these aspects highlight the unique capabilities required for OT security solutions.

ICS/OT Security

Our solutions:

The IPS device is intended exclusively for work in industrial environments and recognition of industrial protocols. It is used to identify and protect against threats within industrial (OT) networks. The device is intended to operate within 1-3 levels in order to protect critical OT resources, and offers the possibility of micro-segmentation of the OT network. IPS supports two modes of operation: Monitor (IDS) and Prevention (IPS), which means that it can receive a snapshot of traffic via the SPAN protocol or operate as an inline device in such a way that traffic from certain segments passes through it. The main features of the IPS system are:
  • Ability to work on 1-3 levels of the OT system
  • Automatic learning of network behavior and generation of an allow list based on the results
  • Signature-Based Virtual Patching feature
  • Customized hardware modules, with built-in "Hardware bypass" feature
  • Ability to create and adjust the allow list
  • Visibility and protection from Shadow OT networks
  • Advanced protection against unknown threats (Zero-day) through the Zero Day Initiative (ZDI) program
  • Recognition of a large number of industrial protocols
  • Central management of multiple devices via the management console
  • Sending notifications in real time to the administrator's email in the event of an incident
  • Organized display and the ability to customize control panels/dashboards
OT Next Generation Firewall (NGFW), intended for operation in industrial environment, detects and controls the use of industrial applications, offers the possibility of detailed segmentation, protects and filters traffic between the IT and OT network, and offers segmented rule management. It also enables VPN access for remote employees of the OT environment through advanced authentication algorithms. The main features of the OT Firewall system are:
  • Deep analysis of L2-L7 network traffic
  • Ability to create and adjust the allow list
  • Automatic learning of network behavior and generation of an allow list based on the results
  • Signature-Based Virtual Patching feature
  • Advanced protection against unknown threats (Zero-day) through the Zero Day Initiative (ZDI) program
  • Recognition of a large number of industrial protocols
  • Central management of multiple devices via the management console
  • Sending notifications in real time to the administrator's email in the event of an incident
  • Organized display and the ability to customize control panels/dashboards
The ICS antivirus agent offers the ability to detect and respond to specific threats within the OT environment. The ICS agent is made exclusively to work within the OT environment, with the ability to recognize a large number of industrial protocols. The ICS agent does not burden the computer during operation (lightweight agent) and offers complete device protection within the environment by combining features such as: CPS Detection and Response (CPSDR), threat prevention, operations lockdown, and device control. With support for legacy Windows operating systems that are no longer officially supported by the manufacturer (Microsoft), the ICS agent offers the ability to protect legacy computers within an OT environment. The installation of the agent does not require restarting the computer and therefore protects the OT environment from interruptions. One of the features of the system is certainly the recognition of network devices/assets and applications within the OT environment. The main features of the system are:
  • CPS Detection and Response (CPSDR) – generating a unique "fingerprint" of a device using application, network, system and user login telemetry
  • Multi Method threat prevention – protection against known and unknown advanced threats using patternless ML/AI detection technology
  • Operational Configuration Lockdown – configuration locking on critical devices within the OT environment
  • Trusted Peripheral Control – control of unauthorized devices such as USB and other external devices
  • OT/CPS Context-Focused Database – visibility of more than 8,000 applications, devices and certificates achieved through cooperation with OT equipment manufacturers
  • Long-Term OS Support – support for new and outdated Windows operating systems
  • Device Resource Management – device protection without heavy resource load
Portable device for scanning workstations offers the ability to scan workstations without using an agent. The device can perform anti-malware scanning on Windows and Linux operating systems without additional configuration on the workstation. During the scan, the device collects information about installed applications on the workstation, as well as additional information such as current operating system vulnerabilities, if they exist on the scanned workstation. With built-in LED indicators, during scanning, the device sends information about the current scan status (Threat detected, Threat detected and cleared, Threat not detected). The system administrator has the ability to customize the scanning method, as well as the actions after the scan is done. The main features of the system are:
  • Ability to delete or send malicious files to quarantine
  • Built-in LED indicators for displaying status during scanning
  • Support for scanning on workstation startup
  • Support for timed scans
  • Support for Windows and Linux operating systems
  • Updating malware samples and security definitions
The removable storage checker is a comprehensive cybersecurity solution designed to protect industrial and operational technology environments against external threats without disrupting plant operations. The task of the removable storage verification system is to eliminate the risk of unwanted or malicious software intrusion as much as possible. The main features of the device are:
  • Quick Scan – Scans removable storages in less than a minute to remove malware from external and untrusted storage media sources.
  • Adaptability for OT – it is optimized for industrial control environments
  • Secure transfer – enables malware-free file transfer from external media to secure devices within the OT environment
  • Supported file systems: FAT16, FAT32, NTFS, exFAT