Introducing Industrial Defender ASM 7.1 with New Passive Monitoring Capabilities
Industrial Control Systems and Supervisory Control and Data Acquisition (ICS/SCADA) devices monitor and control critical infrastructure, what tools monitor these systems? ICS/SCADA systems were deployed before the evolution of today’s cybersecurity threats. These systems were not designed to interface with modern IT security architecture. Typically they lack local intelligence or security awareness. Most ICS/SCADA systems are protected only by a firewall, leaving OT security operators with little understanding of who or what may be trying to penetrate and breach there systems. Passive monitoring helps fill this ICS visibility gap.
Passive monitoring deploys non-invasive network sensors that capture the communication between SCADA and PLC devices looking for possible threats. These devices listen to network traffic and have a learning capability that captures the typical communication between devices and report out when anomalous activity is detected.
Why is having Passive Monitoring important?
A large percentage of the deployed SCADA and ICS technology infrastructure was deployed over the past 25 years. The age and complexity level of the technology deployed is not capable of supporting remote monitoring, this presents major challenges to OT security teams to integrate monitoring support of their deployed base.
- PLC devices, generally referred to as controllers, do not have the capability to have agents installed on them.
- ICS vendors restrict what can be installed on their systems.
- Customers are concerned about actively monitoring controllers in sensitive operations.
- Users want a solution that can automatically detect when new assets have been added/removed to the network.
- Customers are looking to collect as much asset detail as possible without having to touch the endpoint. Record keeping of assets is difficult, time consuming and is almost always “out of date” regarding key details such as firmware versions of these devices.
ASM Integrated Passive Monitoring
We have integrated our own passive monitoring technology into our already capable Network Intrusion Detection Sensor (NIDS) making ASM the single most comprehensive vendor for active and passive views into your ICS environment.
Upgraded Network Views
The ASM Asset Topology page now allows you to choose between the existing Asset View and a new Network based View. The new Network View presents a graphical diagram of assets connected to the network, the gateways the assets are connected to, and the devices they report to.
To help you stay ahead of compliance deadlines, a new compliance dashboard feature set allows you to define compliance periods defined by configurable thresholds for compliance actions. You can then monitor assets exceeding the configured thresholds using the compliance widgets and compliance notifications keeping you ahead of the curve before a gap in compliance occurs.
System Created Baselines
Automatic Baselines provide a mechanism for easing the baseline exception tracking and review burden if your ASM is not used to support stringent industry standards such as NERC CIP. Several different settings for automatic baseline modes also gives you the flexibility to create baselines on a schedule that best supports your organization’s baseline update requirements.
ASM REST API – third party integrations now available via Rest API
As a premium feature, ASM offers an application programming interface (API) for use by third party application clients needing to ingest asset-related information into external ticketing or CMDB systems within their enterprise.
The 3rd generation of our Advanced Services Appliance (ASA) and Network Intrusion Detection Sensor (NIDS) support twice the amount of endpoints when compared to our 2nd generation hardware. These new hardware platforms also come with increased resiliency and redundancy built it.
ASM Disaster Recovery (ASM-DR)
ASM-DR delivers data synchronization for seamless failover between two geographically dispersed ASMs. Increasing ASM application availability during localized disasters. This is all managed from a central console when you can see in real-time the status of primary and secondary ASMs. This can also be used to greatly simply DR testing for the purpose of compliance.