- 82 % of all network operators don’t know what is happening in their networks
- In a new white paper Rhebo summarizes the results of its network condition monitoring projects in Industrial Control Systems (ICS)
- Rhebo releases advancement of its industrial anomaly detection for detailed real-time monitoring of ICS and the support of an efficient, sustainable network management
Leipzig, Germany, February 20, 2018 ‒ Industry 4.0 and the Industrial Internet of Things (IIoT) are not just fundamentally changing the business models of entire industries. At a tangible level, the role of plant operators will also be redefined. They become the key player to ensure the continuity of the company's success with the ICS serving as the nerve center of any Industry 4.0 company.
A recent study by the independent analyst Forrester Consulting shows that companies have yet to recognize this necessity. According to the study conducted in 2017, only 18% of all those responsible for the companies’ networks know who is active in their networks. Thus 82% lack digital transparency ‒ even though transparency is the basic prerequisite for a well-functioning network management and thus for the company’s continuity and overall equipment effectiveness.
White paper: The ICS in IIoT and 4 cases of operational disruptions
These findings underpin the results of several case studies conducted by the German technology company Rhebo GmbH, which is currently rolling out the advancement of its established industrial anomaly detection and network condition monitoring solution Rhebo Industrial Protector 2.0. Results from long-term projects as well as Rhebo Industry 4.0 Stability and Security Audits (RISSA for short) show that time and again companies do not have an overview of all network participants. Nor are the processes, configurations and concrete communication patterns in ICS known and effectively managed. Rhebo presents results from these cases in a current white paper (see below). It outlines the current change in ICS’, sheds light on the risks to continuity and productivity based on four selected case studies and defines the framework for an effective ICS management.
Rhebo Industrial Protector 2.0: Transparency and actionability for ICS operators
The results derive from Network Condition Monitoring cases with Rhebo Industrial Protector. The second generation of industrial anomaly detection for monitoring ICS communication advances the established functions with aspects of data integration and the simplification of anomaly management.
ICS operators profit from Rhebo Industrial Protector 2.0 through:
- faster reaction time due to intelligent risk scoring of anomalies;
- enhanced clarity regarding the current state of their ICS due to expanded filter options;
- increased process stability, continuity and cyber security due to comprehensive digital transparency;
- reduced costs and lean processes due to automated data integration in backend systems like Security Information and Event Management systems (SIEM), firewalls and MES.
Rhebo Industrial Protector 2.0 provides the following expanded functions:
- Asset- and incident-centric Network Condition Monitoring: Rhebo Industrial Protector 2.0 combines the established approach of incident-centric monitoring with a comprehensive asset-based inventory as well as the visualization of communication structures (workflow-centric) within ICS. In conjunction with the proven Deep Packet Inspection technology, all elements in the network become visible. Operators gain complete clarity that strengthens the quality of their industrial control systems.
- Dynamic risk score: The risk assessment evaluates each occurring anomaly individually, according to the impact of the communication contained in the data package, as well as the relevance of the affected components in the network. The initial values for the evaluation can be individually defined by the operator according to the company’s requirements. The risk score thus allows operators to immediately assess the relevance for their production processes and facilitates efficient actionability.
- Intelligent tracking of suspicious incidents: Recurring anomalies or anomalies with identical patterns are identified, correlated, and reported as recurrences. Operators can thus assess whether a network dysfunction is systematic, a suspicious access is retried, or a past countermeasure was breached.
- Full data integration: The detailed anomaly data, including PCAP, can be transferred to any network-integrated backend system. It supports both standard interfaces such as REST-API, as well as all formats common in ICS including Syslog, SNMP and IPFIX. This facilitates the coherent data input for a company’s process optimization, e.g. for preventive maintenance.
- Quick-view filters: Operators can sort anomaly reports by devices, protocol types, functions, and data packet values or commands. The individually configurable filters ensure operators a quick overview and clarity on all incidents in their ICS. Furthermore, they put anomalies in context and thus allow conclusions about their source. In combination with the risk score, this ensures actionability and high efficiency of measures.
- Individual big data automation: Operators can also assign transmission rules to filter categories to send anomaly reports to other backend systems. For example, operators can categorize security-related anomaly reports and have them automatically transmitted them to a firewall every time such an incident occurs. Process-related anomaly reports might be sent to the MES. The automation of data transmission thus supports the division of labor in the company and the establishment of a liability-oriented ticket system.
With Rhebo Industrial Protector 2.0, plant operators can effectively implement their strategy for ensuring the increase of productivity, process continuity as well as cyber security. Rhebo is the only German manufacturer of an industrial anomaly detection comprehensively supporting a detailed real-time network condition monitoring as well as the implementation of an effective defense-in-depth strategy in Industry 4.0 companies.
For further information on Rhebo Industrial Protector 2.0 please refer to https://rhebo.com/en/industries/industrial-automation/.
The white paper »Error vectors in networked productions ‒ Detecting technical errors and cyber attacks in Industry 4.0 before disruptions of operations occur« can be downloaded under https://rhebo.com/de/download/file/whitepaper-stoerungen-in-der-vernetzten-produktion-transparent-machen/ (currently available in German only).
Rhebo is a German technology company that is specialized in ensuring the operational reliability of industrial control systems by monitoring control communications. Rhebo provides hardware, software and services to secure networked industrial control systems and Critical Infrastructures as well as to increase productivity.
Rhebo is listed as one of the 30 top providers for industrial security in Gartner’s »Market Guide for Operational Technology Security 2017«. The company is member of Teletrust – IT Security Association Germany.