Rhebo – Threat detection & network stability for OT and IoT in industry and critical infrastructures
Increasing Availability of Infrastructures
With the digitalization of industrial processes, industrial companies and critical infrastructures can optimize operations even faster, reduce costs and react to market requirements. The industrial control systems (ICS) form the nervous systems of the successful digital transformation.
High availability and cyber security thus become decisive factors in protecting networked systems. Both are endangered by increasing complexity, vendor heterogeneity and connection to external networks. The challenge for CISOs, security experts as well as control engineers is to eliminate all risks before plant disruptions occur.
In addition to preventive measures, the security and monitoring strategy must therefore incorporate two core functionalities:
- Visibility of all assets and communication activities for a substantiated risk analysis and hardening of the systems
- Real-time reporting and detailed analysis of all conspicuous events in the ICS for rapid risk elimination
Rhebo supports operators of automated production facilities and critical infrastructures in sustainably reducing cyber security risks and increasing plant availability by means of industrial anomaly detection.
ICS Monitoring and Threat Defence
The Rhebo network monitoring with anomaly detection complements the signature-based attack detection of firewalls and IDS with a behavior-based content analysis. This means that even unknown attack patterns, human errors and manipulation via authorized user profiles are reliably detected.
Rhebo ICS monitoring also enables visualization and inventory documentation of the ICS and its communication profile. This enables setting up and monitoring zones and conduits in accordance with IEC 62443.
Network monitoring not only monitors the network boundaries or individual systems. Instead, network monitoring observes all processes that take place within the ICS. The extensive coverage of industrial protocols and processes also allows continuous protection tailored specifically to industrial networks. This allows operators to address the threat development posed by the increasing number of IoT devices. In addition to attacks and manipulation, technical error states are also reported. In this way, operators can immediately and systematically mitigate any threat − whether relevant to security or operations.
Rhebo Industrial Protector
The connection to Internet services, remote access points and the lack of security by design of industrial components increase the risk of malfunctions, manipulation via remote access, cyber attacks and technical errors in the ICS. The industrial network monitoring system Rhebo Industrial Protector monitors all communication within an industrial control systems (ICS). The system learns the communication pattern of normal operation within a very short time. Subsequently, the communication is continuously analyzed down to the level of the frame contents using deep-packet inspection driven anomaly detection. Any deviation from the regular communication pattern is reported in real-time as an anomaly. Analysis and reporting are entirely non-reactive and passive, preventing the overload or disturbance of the ICS processes. The network monitoring detects and reports both processes relevant for cyber security and technical error states. Risk assessment, network maps, raw data storage, filters and interface integration support the efficient analysis and mitigation of attacks and errors. Operators and security experts can actively react to risks, prevent disruptions, and protect supply.
Detailed And Automated Asset Tracking
Rhebo Industrial Protector recognizes and analyzes in real-time every component that communicates within the industrial control system. This provides you with up-to-date documentation of all components and their properties.
This information includes:
- vendor, device name,
- IP address, MAC address,
- version of firmware,
- serial number, known vulnerabilities.
Additional you get detailed information about:
- communication profiles,
- communication volumes,
- connections to other devices (system context diagram),
- quality of connections regarding cybersecurity and technical flawlessness.
ICS Monitoring To Detect Technical Error States
Technical error states often cause a search for the needle in the haystack. Rhebo Industrial Protector shortcuts the search. The ICS network condition monitoring function reports communication processes that indicate a malfunction in real-time:
- increased roundtrip times,
- communication interruptions,
- retransmissions,
- checksum errors,
- windows size 0
Overload conditions, physical damage, misconfiguration and the degradation of network performance are immediately detected and the sources of error are directly identified.In addition, Rhebo Industrial Protector assesses the performance of your ICS on a daily basis with a quality score.
Rhebo Industrial Protector supports you to actively:
- secure process stability,
- increase overall equipment effectiveness and
- establish condition-based maintenance and operations