Until recently, passive monitoring has been the standard approach for OT networks because of the critical processes these networks support. However, as industrial organizations embrace Industry 4.0 and with the increasing convergence of IT and OT, industrial infrastructure is now exposed to new advanced threats coming from the external perimeter. Addressing this requires OT security solutions that are more effective and efficient.
Today there is a better understanding of OT devices and protocols and the availability of dedicated security monitoring protocols. Standards like IEC 62351 define network and system management data object models that can be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure.
This makes it possible for industrial security systems to increase their environment awareness by introducing an active interaction with the devices deployed inside the network. This new approach opens an unprecedented number of detection scenarios not possible before, increasing the detection rate, providing better visibility during an incident and offering a cost-effective solution for distributed scenarios.
In this session, Nozomi Networks Co-founder and CPO Andrea Carcano and security researchers from Nozomi Networks Labs will present a live coverage analysis of detecting threats with IEC 62351 and SNMP.