MSSP (Managed Security Service Providers) have been around for a decade and are serving a critical need in securing mid-sized organizations from cyber threats. Cybersecurity As-A-Service is particularly useful for organization that don’t have the necessary resources to erect and maintain their own SOC (Security Operations Center). These organizations buy and install security products (such as firewalls and endpoint security ) and these are remotely monitored by an MSSP, providing the client the peace of mind that a team of security experts is monitoring their IT assets and will be alerted and will handle any security incident that can threaten their organization.
Until now, these services were limited to IT systems, and were unable to monitor ICS networks. With the growing need to secure these systems, Industrial facilities are now asking their MSSPs to take over the OT/ICS security as well. The challenge is that existing ICS security solutions are difficult to deploy, expensive, require installation of physical devices in the OT network and are “in-band” which potentially exposes the facility to external threats. Industry is trying to migrate IT security solutions to OT, but is struggling…why?
IT ≠ OT:
IT does not equal OT and as such an “IT Asset” is not the same as an “OT Asset”. An example of an IT asset is a server; storing data. An example of an OT asset is a critical machine; providing a process. Security for IT focuses on data integrity and data security. Security for OT focuses on process continuity and keeping the equipment or process intact.
The SIGA solution:
The SigaPlatform™, was designed with an out-of-band architecture in mind and serves as a unidirectional monitoring system. SIGA has already deployed this solution in a large chemical manufacturing client that has several remotes sites, managed from a central location. By doing so, SIGA has effectively delivered an MSSP-like deployment, where several locations (each with its own systems) are monitored from a central SOC. After validating the efficacy and accuracy of the solutions in additional applications, SIGA now offers the SigaPlatform™ for SOC and managed service providers (MSSPs).
How SIGA’s technology works:
SIGA’s core solution is a next generation anomaly detection platform which copies and analyzes raw data based on fully out-of-band hardware, reliable encrypted data delivery and multi layered analysis aiming to identify process abnormalities and generating new and valuable operational insights.
The SIGA solution is comprised of a hardware layer installed in the critical infrastructure, to measure low-level electric signals, and a software layer applying advanced analytics.
The electrical signals are acquired directly from the control loop between the sensors/actuators and the PLC using unidirectional isolators, transferred to a separate network. This raw data is analyzed by the SigaPlatform smart AI engine providing real-time, totally reliable status of the critical end-devices of the OT network, and send smart notifications according to customer specs.
SigaPlatform™ benefits are:
- The SigaPlatform™ is the most reliable source of information about OT systems, as the information, in the form of electrical signals (physics) is coming directly from the end device/industrial asset in a communication medium which cannot be hacked, manipulated or circumvented.
- The SigaPlatform™ is completely out-of-band. The connection between the facility and the MSSP does not expose the client to any cyber threat gaining access to its IT networks, OT Networks or devices.
- The SigaPlatform™ enables a wide variety of notification options e.g. email, SMS and also allows direct encrypted integration to SIEM-SOC via Syslog, XML or REST API.
- In addition to monitoring OT assets, SIGA’s proprietary AI engine allows the MSSP to provide additional insights to the customer such as early failure detection and unsupervised machine learning.
- The SigaPlatform™ is equipment & system protocol agnostic.
- The SigaPlatform enables continuous operation even when the ICS/SCADA system is compromised or shut down.
- SigaPlatform’s implementation is quick, easy and cost-effective, does not demand additional investment by the end-user (i.e additional hardware) and no special skills from the MSSP
- SigaPlatform™ is intuitive and easy to operate, allowing tier-1 analysts at the SOC to service OT customers without additional, ICS/SCADA specific training
SigaPlatform™ is now available for MSSPs that are interested in offering additional, unique cybersecurity services dedicated to ICS/SCADA, thus complementing the security services they provide today, creating additional revenue streams, increasing their potential clientele and expanding the markets they serve.