Industrial cybersecurity provider, Indegy, received a patent for its software technology that detects misconfigurations and hostile attacks in industrial control networks using active querying.
The technology is part of the Indegy Industrial Cybersecurity Suite, which provides active and passive detection of threats in industrial control system (ICS) based environments.
Industrial Control Systems use Programmable Controllers (PLC and DCS) to manage processes. Any changes to the firmware, application logic or configuration parameters of a controller, whether caused by human error or intentionally by an attacker, can result in potentially life threatening physical and environmental damage.
“This patent recognizes Indegy for inventing the active detection of cyber threats to industrial control systems which accomplishes more than passive network monitoring alone and provides visibility customers cannot do without,” said Mille Gandelsman, CTO of Indegy. “Our unique combination of both active and passive threat detection provides complete visibility into all operational network activity, including changes made directly on control devices that elude competitive approaches.”
The patented technology works in the following way:
• The product requests that a controller, which controls one or more field devices in an industrial control network, report the code it is currently using.
• It compares the code reported by the controller with a stored baseline version of the code.
• When a discrepancy between the code reported by the controller and the baseline version is detected, it automatically issues a notification.
• It also reduces the number of devices needed to achieve 100 percent visibility since it eliminates the need to tap into every network switch.
• It works in environments that don’t even have managed switches.
The Indegy Industrial Cybersecurity Suite is purpose-built to provide real-time situational awareness and visibility into ICS networks. It combines behavioral anomaly detection with policy based rules for comprehensive threat detection and mitigation, and unique visibility into asset inventory. Industrial facilities including critical infrastructure such as utilities, water, energy, pharmaceutical and manufacturing use Indegy to automate operational oversight processes, identify human errors such as misconfigurations and failed maintenance, and protect against malware, cyber attacks and insider threats.