RTAPSCADA.com    |    Teltone.com

Industrial Defender  

Products

Security Event Manager

 

Centralized Security and Performance Information

Historically, many control networks have operated as silos, with operators having little to no visibility into other networked computing assets or activity, suspicious or otherwise, beyond their personal domain. Knowledge of real or suspected malicious activity across the network could be an unknown; and unlike the traditional IT world, the OT world has not enjoyed the visibility and understanding of network operations that comes with a robust network management application.

The Industrial Defender Security Event Manager is a central console that monitors activity and protects from threats and vulnerabilities by collecting and correlating all of the event logs generated by devices within the plant, including NIDS, Sensors, Access Management, SNMP and perimeter protection devices. The SEM brings visibility to control system networks, archives event logs, processes logs in real time and generates alerts when suspicious patterns of behavior are observed.

The SEM console provides access to a central repository of “actionable cyber intelligence” where information can be viewed and interpreted. The integrated database is supported by state-based alarm and reporting engines, allowing sophisticated monitoring and reporting functions to be performed in real time through the SEM’s real-time monitoring interface.

Tight Integration and Interoperability

The Security Event Manager integrates tightly with the Industrial Defender Host and Network Intrusion Detection System, Access Manager for secure authentication and access, and with Electronic Perimeter and other devices. Third party devices such as Cisco firewalls, switches, Ruggedcom routers, GarrettCom routers, Bow Networks and Crossbow IED servers are also supported.

Bringing IT-Like Visibility to OT Environments

A critical component of the security infrastructure, the SEM brings IT-like visibility and capabilities never before available on control networks. Operations personnel can now have a network-level view and can easily understand and more intelligently interpret security-related and operationally-related activity. Beyond security, the SEM provides a view into all network configuration, devices, and activity and enables the intelligence to determine if the alerted behavior is actually security related or operational, for example, when a phone line is down. When the SEM first interacts with the NIDS and Sensors, it can immediately identify anomalies in the network – configuration issues that were previously unknown and causing unnecessary activity – that can be easily remedied by operations personnel to establish the proper baseline.

Real-Time Management for Operational Efficiency

The console provides a simple, intuitive user interface requiring minimal training for operations personnel to become proficient in its use. The dashboard is a user-customizable screen that provides all the key information an operator needs to understand the current state of the environment in a single view. A wide array of tools for investigating and managing incidents is provided and a variety of reports (standard or customized) are defined for common functions.