Step 2: Network security monitoring and IDS

Rhebo Industrial Protector

Detect cyber attacks, anomalies and error states in your OT with a network intrusion detection system (NIDS)

Cybersecurity does not end at the network perimeters.

Modern automated industrial networks must be secured like a modern nation state. The OT monitoring with next generation OT threat and intrusion detection Rhebo Industrial Protector advances the existing perimeter firewall security by integrating a holistic anomaly and intrusion detection within the Operational Technology. Even successful attacks via security gaps in the firewall, brute force, zero-day exploits, internal perpetrators, backdoors or stolen credentials are detected at an early stage.

Rhebo Industrial Protector provides enterprise-ready OT-dedicated security. It advances the existing perimeter firewall security by integrating holistic anomaly detection that does not interfere with the critical industrial processes.It is the seamless transition from your OT risk analysis to continuous monitoring with threat and intrusion detection in your Operational Technology - from the central OT to the edge.

Your advantages

What You Get…

with the 2nd step on your OT security journey

Optimized OT visibility & OT security

… through real-time visualization of communication behavior of all OT and IIoT assets (protocols, connections, frequencies) with the OT

Advanced actionability

… through real-time reporting and localization of cyber attacks, manipulation attempts and technical error states across the entire infrastructure

Extended intrusion detection

… through early identification of attacks via backdoors, previously unknown vulnerabilities and internal adversaries that firewalls fail to detect (defense-in-depth)

Hardened legal compliance

… through continuous monitoring of OT communication and integrated IDS according to international standards and national IT security laws

How it works

Rhebo OT monitoring with anomaly detection

Real-time Threat & Intrusion Detection

Rhebo Industrial Protector monitors all communication within, to and from the operational technology 24/7. The monitoring is integrated non-intrusively and passively at key points of the OT. Any communication that indicates cyberattacks, tampering, espionage or technical error conditions is reported in real time. This allows early detection of progressive attack patterns as outlined by the MITRE ATT&CK for ICS framework (see left). Companies can then respond quickly to risks and professional attack pattern to ensure the security and availability of their industrial processes. For distributed IIoT devices, active security automation can be optionally implemented to strengthen fleet protection.

Cross-location Monitoring for Internal OT Security

Rhebo Industrial Protector can be easily integrated across multiple sites and operated centrally. The sensors are installed as lightweight hardware or an integrated software solution on existing security gateways, network components and IIoT edge devices. For distributed IIoT edge devices, an active version with security automation is also available to ensure real-time fleet security.Companies gain visibility and clarity across their entire networked, industrial infrastructure at all times - and ensure end-to-end OT security.

Detailed Documentation & Threat Intelligence

Rhebo Industrial Protector continuously visualizes and documents all active devices and systems in operational technology networks. Important properties such as firmware status, protocols, behavior patterns and existing CVE vulnerabilities are documented on a daily basis. Any identified anomaly is recorded with all details as PCAP. The threat intelligence information can be forwarded to SIEM systems or other security components.

‍Companies gain a comprehensive picture of their risk exposure and can react to threats quickly and in a targeted manner.