General Description
Radiflow’s iSID Intrusion Detection System (IDS) for SCADA networks is a server-based software that analyzes the OT network traffic in order to protect against cyber threats.
The iSID IDS system combines two distinct competences: SCADA/ICS modeling and Anomaly detection. It receives a parallel (mirrored) stream of all network traffic and analyzes it to both generate and display a network topology model, and serve as a baseline for detecting exceptions indicating unauthorized traffic.
Six detection engines:
Network Visibility
- Self-Learning of the SCADA network topology
- Passive Scanning and optional Active Scanning
- View events from entire network (filtering optional)
Maintenance Management
- Managing Maintenance operations at a central place
- Configuring Policy for short and specific time
- Auditing entire activities during the maintenance
Cyber Attacks
- Known PLC vulnerabilities
- Known Protocol vulnerabilities
- Sensitive commands
Policy Monitor
- Policy Monitor on every link (Detection mode)
- integration with Radiflow Security Gateway will be able to enforce policies.
- Central Management of Radiflow Gateways.
Anomaly Detection
- Learning device Sampling time
- Passive Machine Profiling
- Detecting abnormal memory access to devices
Measuring Operational Behavior
- Detecting abnormal Delays in the link
- Detecting abnormal rate of packet dropping
- Detecting abnormal rate of retransmit
