With the amendment of the IT Security Act this year, those responsible for the security of IT and network control technology in critical infrastructure must expect very clear requirements for their security strategy. At the heart of this is the obligation to have a system for detecting cyber attacks. Mostly, this is referred to as intrusion detection systems - IDS for short.
In our opinion, this does not go far enough. Because IDS typically function on the basis of signatures. This means that they only recognize what is already known as a threat. In addition, they only see what happens at the network boundaries. From our many years of experience with energy suppliers, distribution network operators, water companies and industrial enterprises, we know that the really dangerous attacks do not follow known signatures. IDS cannot see them. And once a hacker is in the system, he can move freely - precisely because IDS only monitors the network border.
Rhebo Industrial Protector closes exactly this gap. Not only does our industrial network monitoring monitor the entire communication occurring in the network control system. With the help of anomaly detection, even unknown dangerous processes are detected in real-time. This means that operators of critical infrastructure can quickly fend off even new types of attacks. And attackers can already be stopped in the preceding phase of scouting - the so-called reconnaissance.
