Positive Technologies releases world's first free ICS security monitoring solution

PT Industrial Security Incident Manager, the line of products for industrial control system (ICS) security from Positive Technologies, now includes a new streamlined version: PT ISIM freeView Sensor. Intended for basic ICS security monitoring, this version is free of charge and easy to configure. No special technical knowledge is needed. Downloading and getting started with PT ISIM freeView Sensor takes just minutes.

Paolo Emiliani, Industry and SCADA Research Analyst Manager at Positive Technologies, said: “Securing ICS/SCADA networks is one of the most challenging tasks for any IS department. Traditionally, companies have had to laboriously define roles and areas of responsibility, keep network information up to date, evaluate the state of protection, and weigh the costs of protection against the risks of a hack.”

Emiliani continued: "Mass-market security solutions, such as antivirus products, are of little help. But ICS-focused tools tend to be niche offerings of dubious worth that companies cannot try before they buy. PT ISIM freeView Sensor changes this picture. There is now a free way to inventory ICS networks and monitor ICS cybersecurity. Instead of getting overwhelmed, companies can gradually evolve and improve their ICS security stance without financial or technical risk.”

PT ISIM freeView Sensor, provided as a virtual appliance (virtual machine), connects to the mirror/SPAN port of a router on the ICS network. The virtual appliance accesses a copy of ICS traffic (supported protocols include CIP, IEC-104, MMS, Modbus TCP, OPC DA, Profinet DCP, S7, Spabus, ARP, DHCP, DNS, FTP, HTTP, ICMP, SNMP, SSH, Telnet, and TFTP). Since it handles only a copy of traffic, PT ISIM freeView Sensor does not have any impact on ICS performance or operations.

Companies can take back control of their ICS networks with consistent use of PT ISIM freeView Sensor. Features include:

  • Taking inventory of ICS network assets – visualization of network topology with hosts, connections, and groups of hosts
  • Monitoring ICS data flows – full picture of normal host interactions thanks to learning mode, which helps to subsequently detect anomalous behavior and flag incidents
  • Detecting attacks and unauthorized system administration

In addition to performing basic security tasks, PT ISIM freeView Sensor helps users gain the experience needed to get the most out of premium versions of PT Industrial Security Incident Manager. Premium versions come with full technical support, more supported protocols, and more comprehensive support for third-party integration (such as industry-specific systems). Other benefits of premium versions: intelligent site-aware parsing of traffic, any-time mimic visualization of network assets, site-specific detection scenarios, provision of incident information to an ICS SOC, and enhanced regulatory compliance.

Premium versions of PT Industrial Security Incident Manager come with PT Industrial Security Threat Indicators (PT ISTI). Even without additional configuration, this combination can detect up to 80 percent of the most dangerous and important threats facing ICS networks. These threats include: early-stage attacks and related preparations against ICS software and hardware, misconfiguration, abnormal parameter values, use of potentially insecure networking methods, and unauthorized ICS administration commands. PT ISTI helps to proactively detect ICS network vulnerabilities, including those exploited by ransomware and other malware.