Securing industrial control systems (“ICS”) against cyber attacks is a very difficult challenge. ICS networks connect thousands of devices, often decades old and ranging from simple sensors to sophisticated SCADA servers. The range of operating systems, protocols, and chipsets dwarfs the range seen in IT systems, which are fairly consolidated by comparison. This complexity increases the ICS attack surface and makes traditional security approaches either infeasible or incomplete. And while ICS networks are exposed to classic IT threats like denial-of-service attacks, the past five years have seen new threats like Stuxnet and Dragonfly that target ICS first. Industrial control systems run a lot of the critical infrastructure supporting modern life, and vulnerabilities in these systems mean vulnerabilities in our power grid, manufacturing plants, and water treatment centers, among others.
At Symantec, we have been working on this problem for years. We have put together a suite of solutions that identify and authenticate devices, lock down ICS endpoints and ensure the software running on them hasn’t been tampered with. This month we launched Anomaly Detection for ICS, which is security analytics built from the ground up for the ICS space.
Anomaly Detection for ICS deploys at the network level and passively monitors traffic in order to learn the system and create a model of expected behavior. Anomaly Detection for ICS then automatically looks for anomalous behavior relative to that learned model, without the user creating any rules or policies. Proprietary machine learning algorithms help Anomaly Detection for ICS do deep packet inspection of any industrial protocol as well as look for subtle, correlated anomalies across the system. This approach to ICS security monitors legacy and simple devices that can’t be directly locked down, and can detect zero day attacks because it does not rely on signatures.
There is no silver bullet product to solve ICS security, but the best solution is a defense in depth approach that protects up and down the stack. With the launch of Anomaly Detection for ICS, Symantec adds network monitoring to its existing solutions in authentication, endpoint, application, cloud, and data center security for industrial systems.