Skip links

Safetech ICS Detect

ICS Detect services bundle provides a turnkey Honeypot solution - a set of networked applications that mimic the behavior of real devices in industrial control systems (ICS) and record and report any malicious activity. This solution facilitates early detection of threats, captures information about attackers' techniques and tools, diverts their attention from critical production systems, serves as an educational tool for ICS security courses, and enables the evaluation of existing security measures such as NDR, IDS, firewall- SIEM systems and platforms.

Solution overview

Key operational components in industrial environments and critical infrastructures, Industrial Control Systems (ICS) are increasingly in need of cyber protection. In recent years, they have been systematically attacked by hackers, do not natively include components for detecting and monitoring intrusion attempts, and do not allow running tests to detect vulnerabilities and/or possible breaches. However, any possible disruption to the operational status of industrial control systems can have costly or even dangerous consequences.

To overcome these limitations, many companies use honeypot solutions, specially designed to attract attackers and study their methods, tools and behavior. Honeypot solutions work as false targets: they are deployed alongside production systems in the network, where they act as a real attack surface, imitating the way a common equipment (SCADA, DCS or PLC) works, but without affecting the operation of the processes of production. With Honeypot technology, these companies have the ability to detect intrusion attempts, identify attack paths and targets, and gain time for remedial action.

Main functionalities of Safetech ICS Detect

Safetech Innovations has developed the ICS Detect bundle of services, which delivers a Honeypot solution specifically designed for ICS systems and SCADA networks.

At the heart of the Honeypot solution is an application that connects to the Ethernet network and behaves, from a communication perspective, like a real PLC or HMI device. Once accessed by an attacker, the application records the communication and sends alerts to monitoring systems, the SIEM platform and the security team, providing the details of this communication.

In parallel, the solution transmits valid responses to the attacker’s requests without disclosing real data. This gives the customer’s security team time to investigate and identify the attacker, the attack path and the intended targets, as well as to apply blocking and remediation measures.

Through the integration services offered, the Safetech solution can be configured so that when an attempt to communicate with a Honeypot device is detected, the connection is immediately blocked by commands sent to a firewall.

At the same time, through the Honepypot solution and a Safetech’ proprietary set of scripts, delivered as-a-Service, we offer to the organizations that operate SCADA networks the opportunity to verify the operation of their internal processes and means of protection, allowing them to simulate certain types of cyber attacks. Based on the information obtained after testing, companies can detect and fix specific problems without exposing themselves to operational risks.

Thus, organizations can test their:

  • protection capabilities and network resilience,
  • the efficiency of detection methods and devices,
  • speed and effectiveness of response measures,
  • the level of staff training for cyber attacks.

The content of Safetech ICS Detect bundle

The bundle developed by Safetech includes:

  • Putting into operation a set of Honeypot systems for the detection of threats on SCADA industrial control systems;
  • SaaS delivery of a Safetech’ proprietary web application, integrated in the Honeypot solution, which simulates an HMI device;
  • Simulation services of specific attacks on operational environments, for testing the vulnerability of internal processes and the security of the systems used;
  • Customization Services – The honeypot can be configured to mimic PLC or HMI devices in the customer’s operational network;
  • Integration Services – Safetech integrates the Honeypot with the client’s SIEM platform to send alerts to it and with firewall systems to block attack sources;
  • Training and consulting services to train the client’s internal IT teams and improve security processes. Safetech conducts training sessions that include an introduction to the operation of SCADA systems, presentation of attack modes, detection methods and defense techniques specific to operational SCADA networks.

Safetech services ensure increased adaptability to specific requirements

The Safetech ICS Detect services bundle is primarily aimed at organizations that operate SCADA networks, utilities and energy providers, industrial manufacturers and can be quickly customized to adapt to the specific requirements of each organization. Using Safetech ICS Detect, companies get:

Rapid detection of unauthorized access attempts and attacks on ICS systems and SCADA networks,

Alerting the security team and delivering detailed information about attacks,

Automatic blocking, by integration with a network firewall, of attacks or unauthorized access attempts,

Testing the level of security of SCADA networks and protection capabilities of organizations,

Improving the threat and attack response capability of internal security teams.

Safetech ICS Detect helps prevent attacks and their associated financial losses, as well as protect the organization's reputation. At the same time, it facilitates the identification of potential vulnerabilities and the effects that their exploitation can generate, thus ensuring organizations the opportunity to strengthen their security posture by adopting additional protection measures.

ics detect