Cyberbit SCADAShield

Additional Info

CompanyCyberbit Ltd.
Websitehttp://www.cyberbit.com
Company size (employees)100 to 499

Overview

SCADAShield is a deep-packet inspection solution which provides unprecedented visibility into network communications, detects operational deviations, continuity risks, known vulnerabilities, and unknown “zero-day” ICS/SCADA threats. SCADAShield integrates with Cyberbit’s proprietary incident response and endpoint security systems to provide the first IT to OT detection and response platform.

Key features and benefits:

Visibility – Network Mapping: Upon deployment SCADAShield scans every node in the entire network to produce a complete, accurate network mapping of all IP and serial assets and protocols used to provide unprecedented visibility into the network and highlight potential risks.

Granular Deep Packet Inspection (DPI): Unlike traditional systems, which analyze RTU and PLC or historian logs to look for potential threats, SCADAShield uses granular Deep Packet Inspection (DPI) to inspect communication packets at byte-level and exposes anomalies at higher, more reliable rates.

Unknown Threat Detection – Automatic Base-Line and Rule Generation: SCADAShield monitors network traffic and automatically learns legitimate communication patterns so it can then detect anomalous communication that may indicate malicious activity or potential downtime. SCADAShield automatically generates whitelists and detect anomalies and zero day threats.

Known Threat Detection: SCADAShield identifies known ICSSCADA CVE’s, devices and protocol vulnerabilities, exploits and security issues, flagging actionable alerts for mitigation.

Deviations from Operational Restrictions: SCADAShield detects attempts to violate operational restrictions, whether as a result of human error or a malicious action.

Customizable Dashboards and Actionable Reports: Create and tailor custom dashboards and reports according to their preferences, transforming terabytes of monitoring data into actionable insights. Users can slice and dice data based on any desired combination including ad-hoc reports for a specific need. For instance, to investigate the use of opcodes over time.

Real-Time Forensics: Analysts and managers can easily access both historical and real-time network data to investigate events in real-time, look at past events

How we are different

• Full visibility of the ICS/SCADA network - maintains a network map based on deep packet inspection, to provide more insights about evasive threats and abnormal communications. Detects, in real-time, abnormal activities, unknown threats, operational deviations and known vulnerabilities


• Complete IT/OT Platform - by integrating with Cyberbit’s EDR and incident response automation and orchestration, Cyberbit provides a complete solution for detecting and responding to threats across IT and OT networks an addresses the growing concern of the converging attack surface, and IT to OT “multi-vector” attacks.


• Unmatched incident response – including remediation recommendations, alert reasoning and off-the-shelf response plans