BATTLE-TESTED INDUSTRIAL CYBERSECURITY

SOLUTION BRIEF

CyberX.io

HIGHLIGHTSCYBERX IIoT & ICS THREAT MONITORING APP FOR SPLUNKDeliver OT Network Visibility and Security Alerts Into Your Corporate SOC

The Industrial Internet of Things (IIoT) is unlocking new levels of productivity, helping organiz-ations improve safety, increase output, and maximize revenue. At the same time, digitalization is driving deployment of billions of IIoT devices and increased connectivity between IT and Operational Technology (OT) networks, increasing the attack surface and risk of costly downtime and dangerous cyberattacks on industrial control systems.

Monitor and Respond from a “Single Pane of Glass” Industrial and critical infrastructure organizations are increasingly concerned about IIoT and ICS threats.

CyberX mitigates IIoT and ICS/SCADA risk with patented, ICS-aware self-learning engines that deliver immediate insights about ICS assets, vulnerabilities, and threats — in less than an hour — without relying on agents, rules or signatures, specialized skills, or prior knowledge of the environment.

To address lack of visibility into the security and resiliency of OT networks, CyberX developed the CyberX IIoT & ICS Threat Monitoring App for Splunk – a native integration between CyberX and Splunk that enables a unified approach to IT and OT security.

The integration of CyberX and Splunk via this native app reduces the time required for industrial and critical infrastructure organizations to detect, investigate, and act on cyber threats to their OT networks. By continuously monitoring wire data from OT networks and applying patented behavioral analytics to it, CyberX enables joint customers to obtain real-time intelligence about OT risk and correlate it with other threat information in their Splunk repositories.

• A unified view of all OT security alerts

•

•

Integration of OT security alerts with SplunkCorrelation of CyberX alerts with Splunk Enterprise Security Threat Intelligence

BENEFITS

• Accurately detect and prioritize IT and OT threats across the enterprise

• Choose which alerts appear based on severity level, anomaly type, and industrial protocol

• Reduce false positives

THE CYBERX PLATFORM

• Passive monitoring and/or selective probing (active component)

• Broadest and deepest understanding of IIoT and ICS protocols, devices, and applications

• Continuous ICS asset visibility, vulnerability management, and threat monitoring

SPLUNK PRODUCT

• Splunk Enterprise Security

2CyberX.io

SOLUTION BRIEF: CyberX IIoT & ICS Threat Monitoring App for Splunk

Multi-Dimensional Visibility Across OT Protocols and Devices

A Strategic Affiliation

The app provides SOC analysts with multidimensional visibility into the specialized OT protocols and IIoT devices deployed in industrial environments, along with ICS-aware behavioral analytics to rapidly detect suspicious or anomalous behavior. The app also enables both IT and OT incident response from within one corporate SOC — an important evolution given the ongoing convergence of IT and OT to support new IIoT initiatives such as smart machines and real time intelligence.

The graphical interface in the CyberX app allows Splunk administrators to analyze the OT alerts that CyberX sends and monitor the entire OT security deployment, including details such as:

CyberX worked closely with Splunk to ensure our App utilized the native Splunk API. The resulting application is Splunk certified and freely available to the security community through Splunkbase.

• Which of our 5 analytics engines detected the alert

• Which protocol generated the alert

• Which CyberX sensor generated the alert

• Severity level of the alert

• Source/destination of the communication

Screen shot of Splunk Enterprise showing details of CyberX alerts over time such as; which appliances sent the alert, which engine detected the anomaly, and which protocols were associated with the alerts in one dashboard

The Splunk SIEM identifies, prioritizes, and manages security events with event sequencing, alert management, risk scores, and customizable dashboards and visualizations. Customers using the Splunk SIEM can gather all the context they need in one view to perform rapid investigations and response. Further, they reduce risk with faster detection and incident response to existing and newly discovered threats.

Splunk Enterprise Security — Analytics-Driven SIEM

3CyberX.io

SOLUTION BRIEF: CyberX IIoT & ICS Threat Monitoring App for Splunk

Additional Details• Agentless technology operates in real-time with zero

impact on OT networks

• Patented ICS self-learning engines inventory and profileassets to detect OT network threats

• Does not rely on rules, signatures, specialized skills, orprior knowledge of the environment

• Broad & deep support for analyzing IIoT and ICSprotocols & services to identify vulnerabilities

• Passive monitoring (port mirroring)

• Selective Probing (active component)

• Multiple form factors: physical or virtual appliance

• Delivers insights in less than an hour

The CyberX PlatformThe CyberX platform is a continuous monitoring platform purpose-built for detecting and addressing OT network security risks. It generates actionable security intelligence that enables enterprises to respond faster to identified risks in their OT networks, thus strengthening the overall resiliency of their ICS environments.

We know what it takes.CyberX delivers the only industrial cybersecurity platform built by blue-team experts with a track record defending critical national infrastructure. That difference is the foundation for the most widely-deployed platform for continuously reducing IIoT and ICS risk and preventing costly production outages, safety failures, environmental incidents, and theft of sensitive intellectual property.

CyberX delivers the only IIoT & ICS security platform addressing all five requirements of the NIST CSF and all four requirements of Gartner’s Adaptive Security Architecture. CyberX is also the only IIoT & ICS security company to have been awarded a patent for its ICS-aware threat analytics and machine learning technology.

Notable CyberX customers include 2 of the top 5 US energy providers; a top 5 US chemical company; a top 5 global pharmaceutical company; and national electric and gas utilities across Europe and Asia-Pacific. Strategic partners include industry leaders such as Palo Alto Networks, IBM Security, Splunk, McAfee, Optiv Security, DXC Technology, and Deutsche-Telekom/T-Systems.

Customers choose CyberX because it’s the simplest, most mature, and most interoperable solution for auto-discovering their assets, identifying critical vulnerabilities and attack vectors, and continuously monitoring their ICS networks for malware and targeted attacks. What’s more, CyberX provides the most seamless integration with existing SOC workflows for unified IT/OT security governance.

For more information, visit Cyberx.io or follow @CyberX_Labs.

ABOUT CYBERX