Home / Services & Solutions / Managed Services / 24x7 ICS, SCADA & OT MDR

Overview

24x7 Threat Monitoring of Industrial Control Systems (ICS), SCADA Networks and OT environments require a specialized approach and expertise. Beyond Command and Control, there are Field Devices and Communication networks that must be considered as part of the attack surface. Critical Infrastructure has become a high-value target for many state-sponsored attackers and this bad actor activity is on the rise, so 24x7 threat monitoring is now a necessity.


The Challenge

Attackers work 24x7, while most organizations technical support staff do not… This creates delayed response to cyber threats, and attacks on critical infrastructure can have devastating consequences. Additionally, most SIEMs and XDRs don't have support for many legacy protocols and devices, so visibility is very limited and purpose-built toolsets are needed. Exacerbating the challenge is the effort required to analyze all security events, which can be unrealistic without outside help. Not to mention tighter cybersecurity budgets and the fact that recruiting and retaining cybersecurity analysts is probably the most challenging it has been in decades.


How We Solve It

InfoSight's Security Operations Center (SOC) operates as your own trusted cybersecurity team providing you with real time 24x7 threat monitoring, analysis, escalation, and where possible triage and remediation. We bring a co-managed approach to security monitoring, and we accomplish our tasks by delivering multiple security packages for comprehensive threat detection.

We enable non-disruptive monitoring of distributed ICS networks for changes in topology and behavior, using multiple security packages, each offering a unique capability pertaining to a specific type of network activity:

  1. NETWORK VISIBILITY: Using passive scanning of all OT network traffic, iSID creates a visual network model for all devices, protocols and sessions, with alerts upon detected topology changes (e.g. new devices or sessions.)

  2. CYBER ATTACK: The Cyber Attack package handles known threats designed to the ICS network, including PLCs, RTUs and industrial protocols, based on data from open-source intelligence as well as our own cyber research.

  3. POLICY MONITORING: Define/modify policies for each network link, for validating specific commands (e.g. “write to controller”) and operational ranges.

  4. ANOMALY DETECTION: The Anomaly Detection package creates a behavioral network model using multiple parameters, including device sequence sampling time, and more, toward detecting behavioral anomalies.

  5. OPERATIONAL BEHAVIOR: Monitor and audit the management of devices (PLC, RTU & IED) at remote sites, with alerts for firmware changes or configuration modifications (e.g. software updates or turning edge devices on or off) and activity logging.

  6. MAINTENANCE MANAGEMENT: Limit network exposure during scheduled maintenance by creating work orders for specific devices during set time windows. A log report of all maintenance activities is issued upon session completion.


Just the Facts

  • 24x7x365 Staffed SOC

  • 100% US based SOC 2 Certified Operations Center

  • Only US-based W2 employees

  • Providing both Security and Network Infrastructure Support

  • Support for Cloud, Datacenter or Hybrid networks

  • Monitoring of Applications, DBs, Security, Infrastructure, Server or Serverless

  • Offering Device-based or consumption-based pricing models

  • 24x7 or off-peak 7pm-7am coverage available

  • Cyber liability insurance coverage

  • Federally regulated and critical infrastructure client experience

  • 24+ years of successful outcomes

Key Benefits

Central-location deployment

Collectors) or local deployment at remote sites

Network traffic analysis of ICS protocols based on DPI

Supervision over configuration changes in PLCs

Model-based anomaly detection analytics, signature-based

detection of known vulnerabilities

Non-intrusive network operation

Low false-alarm rate

Central management of multiple iSID instances using iCEN

Why InfoSight?

24x7x365 US-based SOC/NOC

25+ years Regulatory Compliance experience (GLBA, PCI, HIPAA, NERC, AWIA, etc.)

SOC 2 Certified

Offering comprehensive cybersecurity Awareness Training Solutions

Managed Services for On-premise Data center, Cloud and Hybrid environments

Flexible pricing models that can be 24x7, 8x5, OR off-peak 7pm to 7am only coverage

MSP & MSSP Solutions for both IT & OT ICS environments

Certified Experts (CISSP, CISA, CEH, OSCP, AWS, AWWA, etc.)

Virtual ISO Programs that bridge the communication gap between IT and OT networks

Bringing the Future into Focus!