You are here
OT Monitoring & Anomaly Detection – A Joint RAD & Rhebo Solution
With the integration of Rhebo Industrial Protector on the RAD SecFlow IoT gateways, utilities and other critical infrastructure system operators gain complete visibility and cybersecurity for the remote operation of their plants. Rhebo, a Landis+Gyr company extends the stateful firewall on the gateway with powerful network monitoring and anomaly detection at the substation level. New types of attacks, malware activity and technical error states can be detected and corrected before malfunctions occur.
360° Security Against Disruptions
Companies in the energy and gas sector often operate their facilities via remote control. Communication through mobile, broadband or VPN networks must therefore be specially secured. With more than 320,000 new malware variants and increasingly specialized attack methods every day, the detection of novel attack patterns is all the more important. In order to ensure a quick response to incidents and prevent a spillover to other locations or to the network operation center (NOC), detection must be ensured at the affected facility.
With RAD’s SecFlow Industrial IoT Gateway, companies create the basis for a secure and economical connection of remote-controlled energy systems. The gateway enables the secure connection of RTUs, smart meter aggregation devices and IoT base stations via wireless or fiber optic networks. RAD's pre-installed stateful firewall analyzes incoming communications for known attack signatures and blocks them if necessary.
With Rhebo Industrial Protector, the firewall function is extended by ICS monitoring with anomaly detection. The Rhebo sensor runs as an embedded function on the SecFlow device utilizing edge computing capabilities of the SecFlow-1v. Rhebo Industrial Protector continuously analyzes the communication in the industrial control system (ICS) on the level of the individual sites (e.g. substation, solar park, wind power plants, heat pumps, network operation center (NOC). Any deviation within the communication from the expected pattern is identified, evaluated and reported in real-time. This allows operators to advance their intrusion detection system to identifying anomalies including:
- New devices and network users
- Changed device communication behavior
- Critical activities such as firmware updates and changes in PLC operation modes
- Bypassing of security mechanisms through physical and virtual components
- Reconnaissance activities such as network scans and lateral movement
- Device-related vulnerabilities
- Technical error states (e.g. cyclical telegrams, communication errors, misconfigurations)
A detailed network map and connection overview additionally create a complete real-time picture of the network. Operators can thus establish full visibility of their ICS as well as its current security status and risk exposure at any time.
As the SecFlow is connected to sensors deployed in the field, the hosted Rhebo Industrial Protector within the SecFlow is able to detect field-level attacks that aren't visible at higher levels
Network Condition Monitoring for Increased Availability
Rhebo Industrial Protector provides detailed information on network quality and performance. Technical error states that impair communication processes are reported in real-time.
The embedded Rhebo Industrial Protector thus ensures consistently high availability, security and efficiency in critical infrastructures. The deployment of Rhebo Industrial Protector is done via the central RADview control interface. This provides a highly cost-efficient roll-out of in-depth cybersecurity and availability management to any amount of substations.
By hosting both networking and non-networking functions on the same hardware, the SecFlow reduces the number of devices in the network. In addition to a built-in router and LTE modem, the SecFlow features such functionalities as a PLC, LoRaWAN gateway, a protocol converter, a video surveillance DVR, and more. It differs from other available IIoT hardware by:
- Handling different functionalities that would otherwise require different appliances
- Support for any media connection that’s available on site in the same device
- Protocol conversion – allowing field equipment to connect to the network even if it doesn’t speak new IIoT “languages”
Your advantages with Rhebo and RAD
- 360° visibility from network to devices, from NOC to remote-controlled facilities
- Substation level monitoring for local cybersecurity and detection of attacks, espionage, vulnerabilities and technical error states
- Advanced intrusion detection system with combined stateful firewall and anomaly detection
- Improvement and assurance of plant availability and security of supply through early detection of technical error conditions
- Increased actionability through integrated risk assessment and forensic data storage
- Cost-efficient, container-based deployment via central RADview interface
To learn more about the integrated solution of Rhebo and RAD, contact us at [email protected]
- Power Utilities
- Water Utilities
- Oil & Gas Companies
- Transportation companies
- Critical infrastructure operators
- Operational Technology Networks
- Industrial IoT
- Industry 4.0
These devices include RTUs, smart meter aggregation devices, IoT base stations or concentrators, CCTV cameras, point-of-sale devices, and more. RADview’s security information and event management (SIEM) enables collection of all security events detected in the network. The system collects events from SecFlow devices and displays them visually on customizable dashboards.
Allowing secure connectivity over wireless or fiber networks – either public (e.g., cellular) or private, the SecFlow-1v connects all types of industrial devices, including RTUs, smart meter aggregation devices, IoT base stations or concentrators, CCTV cameras, point-of-sale devices, WiFi base stations, and more.