RTAPSCADA.com    |    Teltone.com

Industrial Defender  

Products

Host Intrusion Detection

 

Protect Critical Assets from Malicious Activity

Securing legacy control workstations from malicious activity is a challenge due to the fact that these systems are often resource-constrained. Traditional IT security solutions such as antivirus software can cause unnecessary activity and can negatively impact the availability and reliability of the control system.

To assure the highest levels of availability, Industrial Defender complements perimeter defense and network intrusion detection with Host Intrusion Detection Sensors (HIDS). Software sensors monitor the health and integrity of specific control applications and host platforms (such as DCS workstations, SCADA servers, HMI operator stations, historians, substation routers and other IP networks systems and devices) using an architecture designed to accommodate the network and processor limitations typical of most installed control systems.

Control Application Monitoring

Each HIDS device is typically customized for the control applications running on a specific control system and designed for minimal impact on older control workstations which are often resource-constrained. Industrial Defender works with leading suppliers of control systems to design and qualify HIDS that maximize visibility into system integrity without impacting operations. Examples of control vendors supported are GE, Itron, ABB, Emerson, Foxboro, Rockwell and Schneider.

Tight Integration with Security Event Manager

The Host Intrusion Detection Sensor technology is tightly integrated into the Industrial Defender Security Event Management (SEM) platform to provide operations personnel with a single "pane of glass" from which to monitor their security infrastructure for threats or malicious activity. The level of information reported to the SEM console can be tailored to accommodate 10, 100 or 1,000 Mbps networks, while consuming less than 1% of network bandwidth and less than 3% of CPU capacity on legacy systems.

Host Security Monitoring

In order to further lock down critical systems, Industrial Defender monitors important changes at the operating system level. These threats include detecting the insertion of removable media such as CDs or memory sticks. The system also looks for, and alerts on, failed login attempts, failed password change attempts, password aging, total users and root users. Due to the prevalence of Windows platforms, and the significant differences between Windows and UNIX or Linux, a separate Microsoft registry subagent is also provided, which detects and alerts on any important changes in Windows configuration information.

Host Performance Monitoring

In addition to assuring security and availability, Industrial Defender HIDS provides a significantly greater degree of visibility into systems and network operations. HIDS reports a full range of leading performance metrics, including resource usage (CPU, disk and swap usage), network traffic, hardware status (CPU temperature, fan speed), system uptime, system configuration and event log status.