SecurityMatters – SilentDefense
SecurityMatters’ flagship product SilentDefense™ enables cyber-resilient industrial environments by ensuring the underlying network is healthy and threat-free at all times. SilentDefense provides instant OT network and process visibility, and reports internal and external cyberthreats in a clear and actionable way. As a result, operators can easily identify the source of a threat and take quick responsive action.
Asset Inventory and Network Map
- Obtain full knowledge and awareness of your network through SecurityMatters automatic asset inventory and device fingerprinting features
- Browse through the interactive network map to understand device behavior, threats and vulnerabilities
- Filter and export the information for reporting and backup
Visual Network Analytics
- Monitor real-time network flows and industrial protocol operations through SecurityMatters numerous graphs and widgets
- Customize and filter your views to analyze device behavior
- Investigate historical data to perform visual forensic analysis
Network and Process Anomaly Detection
- Learn and validate network communications and process operations with the most indepth analysis of industrial protocols
- Identify rogue and malfunctioning devices, intrusions and attacks
- Detect undesired configuration changes before they can affect the process
Industry-Specific Threat Libraries
- Detect a wide variety of ICS-specific threats with SecurityMatters, which leverages over 800 built-in signatures and controls
- Extend SecurityMatters built-in detection capabilities by defining custom checks for your industrial environment
- Hunt for emerging threats and prevent the spread of existing ones
SecurityMatters empowers industrial operators with unrivaled visibility,
- See what your network devices are doing
- Assess risks, threats and vulnerabilities
- Understand the current resilience state of your network
- Catch known and unknown threats at their earliest stages
- Pinpoint weak spots and current inefficiencies
- Gather all evidence required for incident response
- Know what's going on at all times
- Anticipate problems and threats
- Prioritize incident response and mitigation activity
SILENTDEFENSE VERSION 3.13
SilentDefense 3.13 offers unprecedented visibility, proactive threat hunting capabilities and detailed vulnerability analysis. This version of SilentDefense is designed to help users implement a robust cyber defense strategy based on the proactive exploitation of intelligence information. New features and benefits include:
- Threat Intelligence Ingestion
- Forensic Time Machine
- Multi-Factor File Dissection
Electric power generation, transmission and distribution are carried out using different processes, vendors and technologies, but are all subject to a large number of common threats. These include network misconfiguration, device malfunction or misbehavior, insider threats and cyberattacks, such as those that affected the Ukrainian power grid in 2015 and 2016.1
The distributed architecture of electric power transmission and distribution networks, and electric power generation based on renewable sources (hydroelectric, solar and wind), add additional complexity, as both central and remote sites as well as their communications need to be protected.
With numerous projects in this industry, SecurityMatters has a proven track record of delivering value to electric power companies, providing visibility into their complex heterogeneous environments and detection of all the threats they are subject to. Our SilentDefense solution successfully identifies various networking and operational problems affecting grid operation, as well as intrusions by external attackers.
In recent years, the oil industry has been the target of many cyberattacks. Oil extraction (upstream), transportation (midstream) and refining (downstream) are carried out in large and complex infrastructures. With the current lack of visibility into network communications, it is almost impossible for oil industry operators to prevent the propagation of cyberthreats.
By using SecurityMatters SilentDefense, oil companies have an instrument to detect cyberattacks at an early stage and prevent their propagation. Furthermore, in previous oil industry projects, SilentDefense has proven valuable in identifying several operational problems and misconfigurations, boosting network cyber resilience.
SecurityMatters has supported gas infrastructure operators in maintaining a cyber-resilient industrial environment since 2013. In these years, our SilentDefense solution has reported several threats to the operational continuity of these companies. For example, it has identified device misconfigurations which required prompt vendor intervention, as well as insecure communications to remote stations that harmed the environment’s security.
SilentDefense is currently deployed at gas storage and pipeline monitoring facilities, protecting them from internal and external threats and cyberattacks.
Protecting drinking and wastewater management facilities is fundamental in guaranteeing the safety and well-being of the civilian population. Accidental or deliberate contamination of drinking and wastewater may result in widespread illness as well as environmental pollution. As this has happened in the past, it is vital to limit the possibilities of it reoccurring.
Monitoring these critical environments with SilentDefense helps our customers make their security perimeter stronger and identify any possible system misuse or attempt to tamper with the process. In addition, it provides a means of identifying other threats to the network’s cyber resilience, such as device malfunction and operational errors.
Incidents to the manufacturing of chemical products can pose serious consequences to personnel safety and the environment. For example, production errors and mishandling of chemicals can lead to fire, explosions and other hazards to human life, as well as polluting the surrounding environment. Incidents can originate from multiple causes, including malfunctioning equipment, operational errors and device misbehavior.
SecurityMatters’ SilentDefense platform is employed at large chemical plants to monitor the production network and provide operators with real-time visibility of network activity and threats, enabling early response and remediation.
The production of pharmaceutical drugs is subject to numerous insider threats. For example, uncontrolled configuration changes and mistakes in the production process may result in an incorrect dosage and therefore ineffective or even harmful drugs; production lines can stop due to device malfunction that is not identified and handled in time.
Additionally, key intellectual property such as drug formulas are stored in production equipment (servers and PLCs) that can become targets of external attackers. Industrial espionage operations are increasingly more common in the OT world, and production networks are often poorly protected.
Utilizing SilentDefense makes production networks more secure and cyber resilient by identifying security breaches and intrusion attempts at a preliminary stage.
The manufacturing industry includes the heavy industry (such as metals and steel), food and feed, automotive and the production of other soft and hard goods. Several manufacturing facilities feature tight integration between production floors and back-office networks in order to enable real-time processing and analysis of data for business purposes. Despite having clear business advantages, this tight integration facilitates the spread of external threats from server networks to production networks, potentially leading to incidents such as the one that occurred at a German steel factory in 2014.1
Other production networks consist of isolated cells with limited connectivity to external networks. This isolation protects production networks from external threats, but cannot guarantee protection from common operational incidents. In particular, equipment malfunction or failure often results in unexpected process disruptions, requiring extensive time and effort to investigate and resolve.
SecurityMatters SilentDefense supports manufacturing companies by enabling them to quickly identify external threats to the production network, as well as the source and extent of internal threats and operational incidents. In addition to helping accelerate remediation, SilentDefense provides dramatic operational savings to these companies.
A country’s infrastructure, such as roads, railways, tunnels, bridges, dams and buildings, are all controlled by industrial control systems that maintain their correct functioning. Hacks into road sign systems and public transport have occurred in the past,1 exploiting the fragile or non-existent cyber security countermeasures protecting them.
External and insider threat actors can exploit remote connectivity between central control systems and remote sites to perform undesired operations, such as opening dams and bridges or controlling road signs and signaling systems. Building automation components such as air conditioning in server rooms or hospital equipment can be easily shut down by system misuse or malfunctions.
The SilentDefense platform’s early warnings enable the identification and mitigation of flaws before they affect the infrastructure’s correct operation.