Group-IB Threat Hunting Framework

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Group-IB
Websitehttps://www.group-ib.com/
Company size (employees)500 to 999
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• Control over the environment
Detects topology changes on the OT network and abnormal interaction that doesn’t comply with AI-built communication map. On top of protocol support, Industrial Sensor provides a configurable detection policy configuration tool to set up detection rules that fit specific client needs.
• Automated software integrity control
Controls the integrity of either firmware or software used in PLCs
• Broad protocol support
Modbus, S7comm, S7comm+, UMAS, OPCUA, OPCDA, IEC104, DNP3, DeltaAV, CIP, and others

Brief Overview

Group-IB Threat Hunting Framework (THF) is a single solution for complex protection of IT and OT segments in any organization. It is based on adversary-centric approach to detection and mitigation of targeted attacks and our patented technologies.
To detect attacks in the technology segment of an enterprise, Group-IB recently developed Group-IB THF Sensor Industrial module. Analyzing data packets of technological protocols with its own behavioral rules, Group-IB THF Sensor Industrial allows to detect the transfer of illegitimate control commands between the levels of the APCS, to detect the use of service commands of the APCS for the purpose of flashing the PLC, replacing the control program, stopping technological processes, and other violations.
The module supports both open protocols – CIP, DNP3, IEC 60870-5-104, IEC 61850-MMS, Modbus TCP, OPC-DA, OPC-UA, MQT, and some proprietary – Siemens, Schneider Electric, Rockwell Automation, Emerson. If the required protocol is not on the compatibility list, Group-IB experts are ready to add it within a few weeks.
THF Sensor Industrial does not affect technological processes, it works in a mirror mode. A good addition to the system is the use of Group-IB THF Huntpoint module on the workstation f operators and engineers, which will record actions on critical machines inside.