Security

Industrial Cybersecurity Solutions

Industrial Defender ASM® collects both configuration state and event data, supporting regulatory compliance requirements and industrial cybersecurity monitoring efforts.

Monitoring is the first step in building a unified security and compliance management strategy that supports operational requirements. The centralized collection, correlation and archiving of events enables critical infrastructure owners, security analysts, control engineers and operators to quickly identify and respond to operational and security threats in their ICS. Monitoring is the backbone of a sustainable security and compliance capability by providing situational awareness.

The ASM collects both configuration state data and event data. The data collected supports regulatory compliance requirements as well as security monitoring.

Learn how Industrial Defender mitigates OT cyber risks for large oil & gas companies.
Read White Paper

Common Security Events Monitored by Industrial Defender ASM®

Asset Configuration State Data
For detection of changes

Installed software inventory including versions
OS including version and patches installed
Firmware including version
Listening ports and services
Local firewall rules (including change detection)
Removable media installed (e.g. USB device)
Malicious code detected/AV
Failure of event logging

User Accounts

Generic and shared user accounts
Local and A/D accounts
Password parameters and age

System Access and Authentication

Failed login and access attempts
Successful logins
User account locked
Policies modified
Privilege raised
Removable media installed (e.g. USB device)
Malicious code detected/AV
Failure of event logging

Firewall Information & Events

Firewall rules (including change detection)
Blocked execution (packet)
Blocked unauthorized file
Policies modified

Asset Resource Utilization

CPU usage over time
RAM usage over time
Disk space
Swap space

Device Status

Connectivity lost
Shutdown
Rebooted and boot checksum
Backup failure

Device Configuration

Serial number
Interface board(s)
Mainboard parameters
Policies modified

This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.