Overview

iSID is Radiflow’s industrial threat detection solution for the industrial automation networks of manufacturing and other industrial enterprises.

iSID provides proactively cybersecurity for ICS and SCADA systems on OT networks through non-intrusive monitoring of distributed production environments for changes in topology and behavior.

Features Overview
• Automatic learning of topology and operational behavior
• Network traffic analysis based on DPI protocols
• Non-intrusive network operation
• Supervision over configuration changes in PLCs
• Model-based anomaly detection analytics and signature-based detection of known vulnerabilities
• Central-location deployment or local deployment at remote sites

Multiple Security Packages

iSID enables non-disruptive monitoring for changes in network topology and behavior using six security packages, each offering unique capabilities for a specific type of network activity.

Network Visibility – passively scans all OT network traffic and creates a visual network model for all devices, protocols and sessions with alerts upon detected topology changes (e.g. new devices or sessions)

Cyberattack – handles known threats to OT networks, including PLCs, RTUs and industrial protocols, based on data from external research labs and Radiflow’s own research

Policy Monitoring – defines policies for each network link for validating specific commands (e.g. “write to controller”) and operational ranges (e.g. “do not set turbine to above 800 rpm”)

Maintenance Management – limits network exposure during scheduled maintenance by creating work orders for specific devices during set time windows with log reports of all maintenance activities issued upon session completion

Anomaly Detection – creates a behavioral network model using multiple parameters, including device sequence sampling time, frequency of operational values and more, for detecting behavioral anomalies

Operational Behavior – monitors and audits the management of devices (PLC, RTU & IED) at remote sites with alerts for firmware changes or configuration modifications (e.g. software updates or turning edge devices on or off) and activity logging