StealthWatch for SCADA Security
Because they were largely built on proprietary systems never meant to be connected to the Internet, SCADA systems pose a significant challenge when it comes to cyber security. Increasingly finding their way online via connections to corporate networks, these systems are now being exposed to much greater risk than ever intended. Evolving industry regulations such as NERC CIP and FISMA/NIST are also forcing critical infrastructure providers to take a closer look at their security procedures to meet tougher compliance requirements.
Due to the time-sensitive and crucial operations of SCADA systems, conventional security practices such as patching, which cause downtime and introduce changes to the system, are not always practical options. With Lancope’s StealthWatch System, SCADA operators can obtain the in-depth network visibility and security intelligence needed to detect unusual activity and thwart cyber-attacks without jeopardizing critical functionality. Instead of relying on signature updates, StealthWatch leverages NetFlow and other flow data already inherent within existing infrastructure for cost-effective network behavior anomaly detection.
StealthWatch can help ensure SCADA security and regulatory compliance by:
- Identifying all connections to the SCADA network
- Separating SCADA systems from other network segments
- Creating a baseline of normal network behavior for quick detection of anomalies
- Monitoring the entire network 24/7 to alarm on both known and zero-day malware, as well as advanced threats including APTs
- Uncovering insider threats caused by negligent employees, misconfigured systems, policy violations, unauthorized access, malicious insiders or compromised machines
- Leveraging application, device and identity awareness to more accurately pinpoint the source of threats
- Providing a complete audit trail of all network activity for more effective forensic investigations
- Reducing the complexity of compliance reporting