Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organisation. It is based on an adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
To detect attacks in the technology segment of the enterprise, Group-IB recently developed the THF Sensor Industrial module. Analyzing data packets of technological protocols with its own behavioral rules, THF Sensor Industrial allows you to detect the transfer of illegitimate control commands between the levels of the APCS, to detect the use of service commands of the APCS for the purpose of flashing the PLC, replacing the control program, stopping technological processes, and other violations.
The module supports both open protocols – CIP, DNP3, IEC 60870-5-104, IEC 61850-MMS, Modbus TCP, OPC-DA, OPC-UA, MQT, and some proprietary – Siemens, Schneider Electric, Rockwell Automation, Emerson. If the required protocol is not on the compatibility list, Group-IB experts are ready to add it within a few weeks.
THF Sensor Industrial does not affect technological processes in any way, everything works in mirror mode. A good addition to the system will be the use of the THF Huntpoint module on the APM of operators and engineers, which will record actions on critical machines inside.