Network Traffic Visibility and Security for ICS/SCADA

The proper functioning of industrial control systems lies behind crucial processes, such as energy distribution, machinery, water management and many others. With the technological shift towards interconnectivity, now they are vulnerable to external influences more than ever. Any change in the network can lead to a restriction or a complete shutdown, which directly impacts the organization and their customers alike. Flowmon’s network visibility intelligence enables companies to avoid such risks, deal with security threats and enhance IT operations.

Ensure Reliability and Security of Your Industrial Network

Back in the olden days, engineers didn’t have to worry about security since Industrial Control Systems were traditionally completely isolated from the enterprise network or internet and nobody could expect any radical modifications to the infrastructure itself. With the rise of IoT devices, automation and Industry 4.0 or interconnecting with enterprise networks, ICS environments face revolutionary changes. To take back control and maintain order of such critical services, IT professionals around the world are turning to Flowmon to get complete network visibility. The solution is designed to provide early detection and response capabilities as well as hard data for disaster recovery planning and retrospective forensic analysis.


Technical Report no. FIT-TR-2020-02 Faculty of Information Technology, Brno University of Technology

Flowmon empowers manufacturers and utility companies to ensure reliability of their industrial networks confidently to avoid downtime and disruption of service continuity. This can be achieved by continuous monitoring and anomaly detection so that malfunctioning devices or security incidents, such as cyber espionage, zero days or malware, can be reported and remediated as quickly as possible. The solution delivers a whole set of enterprise-class features for:

  • Real-time network traffic visibility to know what is using the network and how
  • Efficient reporting supporting heterogeneous environments, different perspectives and locations
  • Proactive detection of threats, botnets, zero days, abuse of unpatchable services and other risks undetectable by signature and rule based solutions
  • Automated anomaly detection, quick troubleshooting of network failures and configuration issues

With Flowmon You Benefit from

  • Complete monitoring of extensive networks to provide the source of truth and troubleshooting capabilities to remediate malfunctioning services and restore business-as-usual. Deep understanding of traffic characteristics, connection reliability, performance and content. Learn more about our network monitoring based on NetFlow.
  • Security by artificial intelligence instead of signature/rule based. Execute your security policy across the network confidently. Monitor all infrastructure and end point devices connected to the network easily. Use advanced artificial intelligence to protect your sensitive data and deal with APTs, zero day threats and sophisticated malware. Our behavior anomaly detection technology is recognized by Gartner.
  • Ease of Use. A well-arranged GUI, comprehensible dashboards and drill-down capabilities help to troubleshoot efficiently.
  • Compliance with directives such as EPCIP or NIS by providing early detection and warning of attacks and breaches caused by non-secure devices, absence of technological security design and processes, irregular patching and obsolete equipment and OS.
  • Comprehensive reporting. Flowmon provides precise and detailed automatic reporting fitting the specific needs.

Flowmon SCADA Monitoring and Security Scheme

From their technical nature, firewalls and IPS are only effective for intra zone traffic (between L2 and L3), which might be sufficient for enterprise networks but not for SCADA/ICS environments. Therefore, the most vulnerable mission critical parts of the network remain insecure. Flowmon goes beyond these traditional security approaches when delivering visibility into intra zone (within L2) and thus provides a full insight into the traffic.

Technological NetworkFlowmon Specializes inScada ServersFirewallsL3PLCL1L0HMI / OperationsL2Corporate NetworkL4DMZL3.5Internet / Public Cloud Technological NetworkFlowmon Specializes inL3.5L4L3L2L1L0PLCFirewallsHMI / OperationsScada ServersDMZCorporate NetworkInternet / Public Cloud
Firewalls protect communications between the perimeter of the network and the DMZ. However they do not provide any visibility and detection methods insie of the Scada environment. The easiest way to intrude and attach the Scada system is to bring an infected laptop and connect to the networke.g. during planned maintanance. Malicious activity will never be visible to the Firewall.

Flowmon specializes in the monitoring of  communications inside IP networks. It provides a deep understanding of all communication between servers and end stations inside the Scada network as well as communications between Scada servers and HMIs. It provides comprehensive troubleshoot capacity to tackle configurations issues, errors, as well as performance degradation. Leveraging machine learning and anomaly detection Flowmon can detect suspicious behaviour even if no signatures are available for thtat type of malicious behaviour.

muni

“Flowmon Solution is one of the essential tools we use for network monitoring and network security. I appreciate the ease of deployment in the network, the quick training of our technicians as well as good support.”

Vít Moravec

Head of project management

Demo

See Live Flowmon Demo

Explore a fully interactive product and see what issues it can tackle for you.

Launch Demo
Trial

Request Free Trial

Get no-obligation 30-day trial of Flowmon in your network.

Get your trial today