Safetech ICS Detect, a Honeypot solution adapted to local market requirements
Key operational components in industrial environments and critical infrastructures, Industrial Control Systems (ICS) are increasingly in need of cyber protection. In recent years, they have been systematically attacked by hackers, do not natively include components for detecting and monitoring intrusion attempts, and do not allow running tests to detect vulnerabilities and/or possible breaches. However, any possible disruption to the operational status of industrial control systems can have costly or even dangerous consequences.
To overcome these limitations, many companies use Honeypot solutions, specially designed to attract attackers and to allow analysing their methods, tools and behaviour. Honeypot solutions work as simulated targets: they are deployed alongside production systems in the network, where they act as a real attack surface, imitating the process control equipment (SCADA, DCS or PLC), but without affecting the normal operations and the production processes. With Honeypot technology, these companies have the ability to detect intrusion attempts, identify attack paths and targets, and gain time for remedial action.
What does Safetech’s Honeypot solution offer?
In response to market requirements, Safetech Innovations developed ICS Detect, a bundle of services that includes a Honeypot solution for ICS systems and SCADA networks.
At the heart of the Honeypot solution is an application that connects to the Ethernet network and behaves, from the communication perspective, like a real PLC or HMI device. Once accessed by an attacker, the application records the communication and sends alerts to monitoring systems, the SIEM platform and the security team, providing the details of this communication. In parallel, the solution transmits valid responses to the attacker’s requests, without disclosing real data. This gives the customer’s security team time to investigate and identify the attacker, the attack path and the intended targets, as well as to apply blocking and remediation measures.
Through the integration services offered, the Safetech solution can be configured so that when an attempt to communicate with a Honeypot device is detected, the connection is immediately blocked by commands sent to a firewall.
At the same time, through the Honepypot solution and a set of scripts, delivered as-a-Service, Safetech offers organizations that operate SCADA networks the opportunity to verify the operation of their processes and protection systems, allowing them to simulate certain types of cyberattacks. Based on the information obtained after testing, companies can detect and fix specific problems without exposing themselves to operational risks.
Thus, organizations can test their:
• protection capabilities and network resilience,
• the efficiency of detection methods and devices,
• speed and effectiveness of response measures,
• the level of staff training for cyberattacks.
What is included in the Safetech ICS Detect package?
The service package developed by Safetech includes:
- putting into operation a set of Honeypot systems for the detection of threats to SCADA industrial control systems
- SaaS delivery of a web application, integrated in the Honeypot solution, which simulates an HMI device.
- simulation services of specific attacks on operational environments, for testing the vulnerability of internal processes and the security of the systems used.
• customization services – The Honeypot can be configured to mimic PLC or HMI devices in the customer’s operational network.
- integration services – Safetech integrates the Honeypot with the client’s SIEM platform for receiving alerts, and with firewall systems to block attack sources.
- training and consulting services to train the client’s internal IT teams and improve security processes. Safetech conducts training sessions that include: an introduction to the operation of SCADA systems, a presentation of attack modes, detection methods, and defense techniques specific to operational SCADA networks, etc.
Increased adaptability to specific requirements
The Safetech ICS Detect bundle is primarily aimed at organizations that operate SCADA networks, utilities and energy suppliers, industrial manufacturing companies, and can be quickly customized to adapt to the specific requirements of each organization.
Using the Safetech ICS Detect bundle of services, companies get:
• rapid detection of unauthorized access attempts and attacks on ICS systems and SCADA networks,
• alerting the security team and delivering detailed information about the attacks,
• automatic blocking, by means of a network firewall, of attacks or unauthorized access attempts,
• testing the security level of SCADA networks and the protection capabilities of organizations,
• improving the threat and attack response capability of internal security teams.
Safetech’s customers thus achieve a rapid increase in the level of protection of their operational environments, proactively improving their security posture and minimizing risks.
For more information about the Safetech ICS Detect bundle of services and for commercial offers, please contact us at [email protected] or by phone at 021 316 05 65.