Industrial Cybersecurity Solutions
Industrial Defender ASM® collects both configuration state and event data, supporting regulatory compliance requirements and industrial cybersecurity monitoring efforts.
Monitoring is the first step in building a unified security and compliance management strategy that supports operational requirements. The centralized collection, correlation and archiving of events enables critical infrastructure owners, security analysts, control engineers and operators to quickly identify and respond to operational and security threats in their ICS. Monitoring is the backbone of a sustainable security and compliance capability by providing situational awareness.
The ASM collects both configuration state data and event data. The data collected supports regulatory compliance requirements as well as security monitoring.
| Learn how Industrial Defender mitigates OT cyber risks for large oil & gas companies. Read White Paper |
 |
Common Security Events Monitored by Industrial Defender ASM®
Asset Configuration State Data
For detection of changes
 |
Installed software inventory including versions |
|
OS including version and patches installed |
|
Firmware including version |
|
Listening ports and services |
|
Local firewall rules (including change detection) |
|
Removable media installed (e.g. USB device) |
|
Malicious code detected/AV |
|
Failure of event logging |
User Accounts
|
Generic and shared user accounts |
|
Local and A/D accounts |
|
Password parameters and age |
System Access and Authentication
|
Failed login and access attempts |
|
Successful logins |
|
User account locked |
|
Policies modified |
|
Privilege raised |
|
Removable media installed (e.g. USB device) |
|
Malicious code detected/AV |
|
Failure of event logging |
Firewall Information & Events
|
Firewall rules (including change detection) |
|
Blocked execution (packet) |
|
Blocked unauthorized file |
|
Policies modified |
Asset Resource Utilization
|
CPU usage over time |
|
RAM usage over time |
|
Disk space |
|
Swap space |
Device Status
|
Connectivity lost |
|
Shutdown |
|
Rebooted and boot checksum |
|
Backup failure |
Device Configuration
|
Serial number |
|
Interface board(s) |
|
Mainboard parameters |
|
Policies modified |
This list is not all encompassing. The data collected varies for each device, dependent upon the manufacturer, model, and version.