Indegy offers network appliance to improve industrial controllers’ protection

Another security supplier has announced an appliance it says will give operational and IT security teams greater visibility into changes made to supervisory control and data acquisition (SCADA) networks.

Israeli startup Indegy said its appliance protects crucial programmable logic controllers (PLCs) and remote terminal units (RTUs), which run industrial machines in factories and utilities on networks separate from data networks.

“Indegy gives 100 per cent visibility into what they industrial controllers are doing at any given moment, and provides alerts and information about changes in configuration,” CEO Barak Perelman said in an interview.

Barak Perelman
Barak Perelman

Operators of networks with industrial control systems have long been warned the security on those devices is less than ideal, leaving vital utilities and industries open to compromise. Numbers on Canadian attacks aren’t easy to come by, but in fiscal 2015 almost 300 incidents at critical U.S. infrastructure were reported to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). It believes many more went unreported or undetected

The problem with many industrial controllers is they were designed years ago in an era before cyber attacks were thought of. “Even authentication –the fact you need a user name an password to change how a turbine operates in a power plant  — does not exist in 90 per cent of these facilities,” said Perelman. “Essentially a determined hacker or a employee within a critical company can easily inflict damage a destruction of industrial equipment if he wishes.”

The Indegy appliance plugs into the mirror port on a SCADA network to replicate traffic. After conducting an asset inventory of all devices on the network a deep packet inspection engine analyzes both the application layer open protocols and vendor proprietary configuration layer communications.

Administrators can create application-layer and identity-based policies to alert or block changes. Rules can be based on specific process control commands, asset types, user role, network location, or time of day.

One unique facet of industrial controllers is that they can be accessed directly for maintenance, giving an attacker the opportunity to do the same. Indegy can be set to regularly query and verify controllers’ settings.

Data captured from the appliance (or appliances installed at multiple sites) is viewed on a dashboard that can be seen by operational as well as IT security teams.

Through a RESTful API, data can also be forwarded to security information and event management suites such as Splunk, IBM’s QRadar and Hewlett-Packard Enterprises’ ArcSight.

While most SCADA networks in today are IP-based, Indegy also support older serial networks.

Indegy will compete against network security appliances  from vendors such as Palo Alto Networks, Attvio Networks, Radiflow, Sophos’ Cyberoam and others. Perelman said Indegy’s solution is the only one that gives visibility to the ICS control layer.

Indegy is priced the same way as any other network appliance, he said, but gave no details. The appliance is sold direct from the company and through industrial integrators.

ALSO SEE ICS-CERT’s Seven steps to defend industrial control systems

Christian Renaud, research director for the Internet of Things at 451 Research, noted in an interview that because ICS/SCADA networks haven’t completely picked up on best practices learned in IT security because data and operational networks have traditionally been separate. That is changing, and Indegy, he said, is helping bridge that divide by being able to watch for unapproved changes in the ICS control layer in a non-intrusive way. “It’s a logical first step for IoT security,”

“Currently any system with industrial controls systems and SCADA there are going to be unprotected gateways,” he added, so having defence in depth is vital.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now