The integration of the OT intrusion detection, Rhebo Industrial Protector, into the ecosystem of the SIEM system, Splunk, simplifies the embedding of industrial cyber security into corporate security monitoring and further accelerates the early detection of attack patterns.
Leipzig, December 7, 2023 – Rhebo, a company of the Landis+Gyr group, extends the integration capability of its industrial intrusion detection, Rhebo Industrial Protector, for the widely used Security Information & Event Management (SIEM) system, Splunk. This enables critical infrastructures and industrial companies to visualize the cyber security of their Operational Technology (OT) directly in their SIEM system and correlate it with other information sources. Rhebo has been making this possible for the SIEM system, IBM QRadar, since 2020.
"Especially in complex infrastructures with multi-level cyber security measures, it makes sense to consolidate security monitoring data in a central dashboard," explains Jan Fischer, Director of Sales at Rhebo. "With the integration of Rhebo into Splunk, critical infrastructure and industrial companies now gain not only full visibility for their OT. They can also detect security-relevant and availability-relevant events in their industrial systems in real time and correlate them with alerts from other security tools such as firewalls and IT monitoring in the SIEM system."
With this integration, the anomaly alerts detected by the OT intrusion detection, Rhebo Industrial Protector, are forwarded to the Splunk dashboard as pre-qualified events. This transmission is done via the standard Syslog protocol and contains all the information required for event correlation. This includes information about the involved hosts and the categorization, criticality, and details of the event.
" OT is still a blind spot for many companies," explains Christian Breitenstrom from UNeedSecurity. The Senior Security Engineer supported Rhebo in implementing the API with Splunk. "In the penetration tests that we frequently perform for customers, we usually only need a few minutes to take over an industrial component. This makes it all the more important to be able to correlate irregularities in OT networks with other security events, e.g. from physical security, such as door locking systems. This is where Splunk integration helps to sort out false positives and prevent outages."
With the integration of the Rhebo intrusion detection, incident response teams and information security officers can now also check the security of their operational technology networks with a glance in Splunk, and implement countermeasures at an early stage.
For more information, please visit the Splunk database: https://splunkbase.splunk.com/app/7094
Rhebo provides simple and effective cybersecurity solutions for Operational Technology (OT) and distributed industrial assets for the energy sector, critical infrastructure and manufacturing. The German company supports customers with OT security from the initial risk analysis to managed OT monitoring with intrusion & anomaly detection. Since 2021, Rhebo is part of the Landis+Gyr AG, a leading global provider of integrated energy management solutions for the energy industry, with around 7,500 employees in over 30 countries worldwide.
Rhebo is a partner of the Alliance for Cyber Security of the Federal Office for Information Security (BSI) as well as the Teletrust - IT Security Association Germany. The company was awarded the “Cybersecurity Made In Europe” label for its strict data protection and data security policies. https://rhebo.com/
Head of Marketing
Tel. +49 151 5633 9726