Spotting ICS Credential Theft

The Challenge

Preventing Unauthorized Access to My Industrial Network

If one of your employees or suppliers uses valid credentials to gain unauthorized access to your industrial network, would you know about it? How long would it take?

What if they gave their credentials to a remote threat actor who then inserts malware onto your control network and deletes log files to disguise their activity? What if a maintenance worker without permission to connect to your industrial network does so anyway – and deliberately or accidentally introduces malware?

Cyber security threats come in multiple forms – external and internal, intentional and accidental. Whatever the root case, detection and early warning are critical to containing risk and potential damage.

The Solution

A Comprehensive Approach to Detecting Cyber Risks and Threats

Nozomi Networks takes a multi-pronged approach to identifying suspicious, unauthorized activity.

Through behavior-based anomaly detection and multiple types of signature and rules-based detection, the solution is able to identify unauthorized activity such as:

  • remote access
  • log file deletions
  • configuration changes
  • downloads
  • controller logic changes
  • edits to PLC projects and more

All detection results are correlated with operational context for detailed insight. For example, the solution checks baselines for network peculiarities such as VPN access and IP ranges assigned to vendors. If a vendor activity falls outside those ranges, an alert is triggered.

When suspicious activity is identified, the solution sends high-priority alerts to security and operations staff, who can then execute the incident response plan to contain and eradicate the threat.

Click to enlarge.

Easily identify suspicious, unauthorized behavior such as remote access, configuration changes, log file deletions, controller logic changes and more.

Advanced Cyber Threat & Risk Detection

Guardian delivers advanced cyber risk identification capabilities that help you uncover operational threats in real-time.

More Operational Visibility & Cyber Security Challenges

Detecting Malware Before It Strikes

I need to know if a persistent threat is on my oil & gas network before it hijacks my data or disrupts my processes.

Mitigating ICS Cyber Incidents

I need to reduce my operational risk by identifying accidental and unintentional insider threats quickly.

Understanding My System Vulnerabilities

Knowing which vendor’s RTUs, PLCs and other devices are at risk would help me focus my cyber security efforts.


Want to Know More?