Rockwell launches cybersecurity threat detection service

Rockwell Automation Australia

Monday, 18 September, 2017

As the number of industrial security threats continues to rise, manufacturers are taking a closer look at risks to their environments. Rockwell Automation has launched a new threat detection service to help manufacturers and industrial operators monitor, detect and respond to increasingly complex security threats.

Designed specifically for industrial networks, the set of services map normal network behaviour and use Rockwell Automation monitoring services to detect and alert operators of irregularities and potential threats in real time.

“We are seeing security threats bypass network perimeters more easily,” said John Kuenzler, director of Strategic Advisory Services, ARC Advisory Group. “In general, if you can’t prevent a threat before it enters the perimeter, the next best thing is to detect when it gets inside and has the potential to affect operations.”

The first step in successfully detecting threats is to be able to inventory the OT environment. The threat detection service is said to take a product-agnostic approach to creating an asset inventory across both IT and OT systems in an industrial operation, mapping all of the end user’s network assets and how they communicate with each other.

“Our threat detection services are a passive, non-intrusive security solution,” said Umair Masud, consulting services portfolio manager, Rockwell Automation. “This is crucial because we don’t want to adversely impact complex, industrial control systems by introducing new traffic onto the network.”

Once the entire environment is charted, the tool identifies normal operating procedures and creates a baseline. Any deviations from this baseline are annunciated in the form of context rich alerts. The alerts are integrated with Rockwell Automation monitoring services to help inform the response and recovery process. This process includes incident impact analysis, containment and eradication protocols.

The end user is alerted if a security threat is detected, and the predetermined response plan is enacted based on the criticality of the anomaly. This plan includes defined workflows that safely outline the recovery steps to be taken to return to a fully operational state.

The new set of services is built on top of threat detection software created by Claroty, an Encompass Product Partner of the Rockwell Automation PartnerNetwork program.