Blog

Providing Scalable ICS Visibility for Converged IT-OT Cybersecurity

Erin Anderson | May 23, 2019

SilentDefense 4.0 is here. What does this mean for you? We think it will change the game for cybersecurity stakeholders, from CISOs and SOC managers to those out in the field. Here’s why:

Connected devices will grow by 900 million this year, with 85% being IoT and OT devices 1. This device explosion is increasing the visibility gap between cybersecurity stakeholders and their network. Organizations with extensive, geo-distributed industrial networks are now forced to reconcile this visibility gap resulting from the IT-OT convergence trend. Cybersecurity stakeholders, including CISOs and SOC managers alike, are unable manage the resources required to continuously audit their growing network and seamless integration of siloed tools and existing cybersecurity infrastructure.

SilentDefense 4.0 provides the right support for scalable OT visibility to facilitate richer integrations between conventional IT systems and new OT security requirements, and ultimately, better communication between IT and OT cybersecurity stakeholders.

With SilentDefense 4.0, CISOs and SOC managers alike can now monitor a fleet of remote ICS networks from a single pane of glass to analyze issues holistically, including devices involved and the context of an alert. An optional selective scanning technology provides even deeper asset visibility when needed. This data collection and aggregation automation provided by our active module is especially helpful for utilities because it can reduce operating costs and lower their risk of NERC CIP compliance violation fines.Building on our partnerships and research, this release also offers extended OT, IT and smart meter protocol support.

Here’s a quick overview of all the exciting new features included in SilentDefense 4.0:

The Enterprise Command Center (ECC)

The ECC enables both IT and OT cybersecurity stakeholders to achieve local and global control of their SilentDefense installations on a single pane of glass. It allows CISOs and SOC managers alike to rapidly identify and remediate cyber and operational threats in real time. The innovative user interface presents operating status and alerts in various dynamic dashboard views ideal for daily operations management tasks. With the ECC, users gainahigh-level view of the status of the entire OT infrastructure, which helps facilitate deployments in large, complex organizations with multiple chains of responsibility for the management of security information.

Benefits include:

  • Global asset inventory and compliance monitoring
  • Cross-site investigation to compare behaviors of different regions from a single location
  • Reduced mean time to respond (MTTR) through real-time awareness and contextual information
  • Easy switch between regions, networks and sites to increase productivity
  • Better understanding of threats due to contextual analysis
  • Reduced downtime, revenue loss, and degradation of brand due to cyber incident

A Selective Active Module

When combined with the completely passive SilentDefense sensor, our selective active module, ICS Patrol, merges passive anomaly detection with active cybersecurity capabilities to non-intrusively extend ICS network visibility and operating intelligence. Provided as a separate, optional component in the form of a modular add on to SilentDefense, ICS Patrol is carefully driven by the passive system and selectively queries specific hosts based on one or more asset inventory characteristics. This enriches alert details with valuable contextual data of devices that otherwise may have been not visible.

Benefits include:

  • More detailed asset inventory
  • Deeper assessment of vulnerabilities and risks
  • Improved threat hunting capabilities
  • Easier standards and regulatory compliance

Extended Protocol Support
SilentDefense 4.0 has extended protocol support for 130+ IT and OT protocols, over 2,100 industrial-specific threat checks, 3,000+ IoCs, and support for the DLMS/COSEM protocol commonly found in smart meters.

To learn more about the features included in SilentDefense 4.0 and how they support a converged IT-OT cybersecurity strategy, check out our launch page.

Forescout CTA SilentDefense-4

1 Multiple IDC forecasts