Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organization. It is based on adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
To detect attacks in the technology segment of an enterprise, Group-IB recently developed Group-IB THF Sensor Industrial module. Analyzing data packets of technological protocols with its own behavioral rules, Group-IB THF Sensor Industrial allows to detect the transfer of illegitimate control commands between the levels of the APCS, to detect the use of service commands of the APCS for the purpose of flashing the PLC, replacing the control program, stopping technological processes, and other violations.
The module supports both open protocols – CIP, DNP3, IEC 60870-5-104, IEC 61850-MMS, Modbus TCP, OPC-DA, OPC-UA, MQT, and some proprietary – Siemens, Schneider Electric, Rockwell Automation, Emerson. If the required protocol is not on the compatibility list, Group-IB experts are ready to add it within a few weeks.
THF Sensor Industrial does not affect technological processes, it works in a mirror mode. A good addition to the system is the use of Group-IB THF Huntpoint module on the workstation f operators and engineers, which will record actions on critical machines inside.