Indegy is partnering with the Open Information Security Foundation (OISF), the nonprofit organization that owns and manages Suricata, the network threat detection engine. The integration will combine Indegy’s patent-pending active device-based threat detection with Suricata’s open source network threat intelligence to provide end-to-end protection for operational technology (OT) environments. The companies will collaborate to make attack signatures and rules gathered from industrial networks available and actionable to the broader OT security community for the first time.
Recent attacks such as TRITON, Dragonfly 2.0, and CrashOverride/Industroyer have demonstrated that today’s Industrial Control Systems (ICS), most of which are now connected to enterprise IT systems, are no longer isolated from cyber threats. While open source sharing of threat intelligence on new attacks and signatures is commonplace in IT, it still does not exist in the OT world. The integration of the Indegy Industrial Cyber Security Suite and Suricata both strengthens OT networks and provides industrial organizations with the ability to access signatures and rules from the community and operationalize them.
Active Device and Network OT Threat Detection
The Indegy and Suricata method inspects every packet in an OT network against a comprehensive signature database for attacks or compromised assets. This advanced threat detection capability spans dozens of categories including suspicious network behaviors, malware command and control, DoS attacks, botnets, informational events, exploits, vulnerabilities, network attacks, exploit kit activity, and more. Organizations can use this intelligence to implement predefined policies or create custom policies that white and/or blacklist specific granular activities that may be indicative of cyber threats or trigger alerts when unintended operational changes occur.
Indegy-Suricata solution features include:
- Early warning of reconnaissance activity
- Integrated threat intelligence from a global security ecosystem
- Access to constantly updated signatures from the Suricata community
- Pre-configured rules that provide the best defense for ICS environments
- Automated reporting
The Indegy Industrial Cyber Security Suite with Suricata integration will be available in the fourth quarter of this year from Indegy and its partners worldwide. For greater insights, visit the Open Information Security Foundation (OISF) and Indegy.