Securing industrial networks and operational environments requires a sustained effort, in direct proportion to the age of the built-in equipment and the degree of dispersion of the sites to be protected. But not if you use Cisco Cyber Vision, a solution that does not require the purchase of additional devices or the creation of new networks.

 

Industrial environments are increasingly connected to IT, Internet and Cloud infrastructures, with operational teams needing the information provided by the equipment. However, real-time access to data is considered a risk factor for companies in the production area, energy operators, utility providers, etc.

 

Risk factors in industrial environments

  • Infrastructure heterogeneity. Industrial networks are constantly evolving, and after several years of operation, they become a conglomeration of old equipment and IoT solutions, from various manufacturers.
  • Low visibility. Few companies with a long history in the market currently have detailed information about all the equipment included in the industrial networks and know which devices communicate with each other.
  • Difficulties in detecting attacks. Automation and protection technologies are relatively old and do not cover current requirements, and industrial control systems (PLC, RTU, IED, DCS, etc.) use protocols that IT security solutions do not understand.
  • Lack of communication between IT and Operational departments. Frequently, the two teams do not use the same language and have different priorities, operating separately, with data sets that they do not share.

Such limitations are common especially in the case of utility providers, in whose infrastructure 10-20 year old equipment works with together with new generation IP-based automation and control solutions, in sites at the edge of the network. To overcome these problems, Cisco launched Cyber Vision two years ago, a security solution specifically developed to ensure process continuity and data security, while complying with existing requirements. The main competitive advantage of Cisco Cyber Vision is that it analyzes local direct traffic in network equipment.

Integrating Deep Packet Inspection technology into Cisco equipment is beneficial to IT departments. They can secure the network without having to purchase, install, configure, manage and maintain other devices. At the same time, it is a plus for operational teams, the extended visibility allowing them to intervene proactively in eliminating risks.

 

How Cyber Vision works

  • Automatically discovers and identifies equipment in the industrial network. Cyber Vision creates an inventory of connected devices, delivering information about the model, firmware version, configuration, potential vulnerabilities, etc.
  • Makes a communications map. Identifies the relationships between network equipment and communication models between them. Cyber Vision translates the generated data streams into a tag system that allows a quick understanding of the situation without the need for advanced expertise in the field of communication protocols.
  • Detects threats. Collects and correlates traffic data and performs contextual analyzes, which allow the detection of anomalies that can signal a potential attack. The solution creates, based on historical data and using AI and ML technologies, a reference model of the network and allows the setting of rules and alerts for a wide range of scenarios.
  • Provides actionable information. Cisco’s solution monitors configuration changes, records events in the area of control systems, and provides useful recommendations for eliminating potential risks.
  • Simplifies the audit process. Cyber Vision automatically generates detailed reports that help organizations conduct audits to comply with applicable regulations. (such as the NIS Directive transposed into national legislation by Law 362/2018.)

In order to extend the protection on a multi-level, Cisco Cyber Vision integrates natively with Cisco’s entire portfolio of security solutions, as well as with third-party applications through APIs. Cisco presents Cyber Vision as the first software security product for industrial environments, and although it has been on the market for less than two years, Frost & Sullivan is positioning Cisco as a leader. More details here.

Should you require more details about the competitive advantages of the Cisco Cyber Vision solution, as well as about the Datanet commercial offer, please write to us at sales@datanets.ro