Tripwire Visibility for ICS: Getting From Data Mountains to Event Nuggets
If you operate an industrial network, you know that it is important to recognize operational errors and malicious changes as fast as possible to prevent unsafe and costly conditions from emerging. But achieving this goal requires you to be able to ingest enormous volumes of data and reduce this to an actionable volume of events that indicate the presence of a problem.
You don’t have days to get this done. You need an answer in a matter of minutes.
Tripwire, a Belden company, and Claroty have teamed up to blend the power of log management with continuous threat detection to achieve this objective. Both companies have an extensive pedigree in industrial security that makes their collaboration a powerful combination. In this blog post, I would like to discuss how the Tripwire Visibility for ICS systems can be used to accomplish amazing feats of data distillation – a claim which you probably don’t see often enough.
Sherlock Holmes once said, “When you have excluded the impossible, whatever remains, however improbable, must be the truth.” The process Mr. Holmes followed in detection is essentially the same that Tripwire Visibility performs to isolate operator errors and hacker penetration. Finding the interesting data is a process of throwing out the uninteresting data. Obviously, that’s a little easier said than done.
Fortunately, the nature of ICS networks makes the elimination of uninteresting data easier than it might otherwise be.
Unlike IT networks, ICS networks are designed to manufacture a consistent product experience and to perform service operations consistently and predictably. Every candy bar or gallon of gas produced on a production line should be identical. Every time a consumer plugs in a fan or vacuum into a wall socket, the power received should be within an acceptable tolerance range. Unexpected change is (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Stephen Wood. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/tripwire-visibility-ics/
