Title

ESTABLISHING AN INTEGRATED IT/OT SOC SUPPORTED BY AN AI-POWERED NDR SOLUTION

ESTABLISHING AN INTEGRATED IT/OT SOC SUPPORTED BY AN AI-POWERED NDR SOLUTION

Authorship

BAIÔCO, GLEISON; PERDIGÃO, ANA PAULA; PEREIRA, FELIPE CARVALHO

BAIÔCO, GLEISON

I am this author

PERDIGÃO, ANA PAULA

I am this author

PEREIRA, FELIPE CARVALHO

I am this author

DOI

10.5151/2594-5335-41563

Downloads

Abstract

CYBER THREATS ARE GROWING MORE AND MORE. WITH THE ADVENT OF DIGITAL TRANSFORMATION, INDUSTRIAL ENVIRONMENTS HAVE MOVED FROM AN ISOLATED SCENARIO TO AN INCREASINGLY CONNECTED WITH NEW TECHNOLOGIES, WHICH EXPOSES SUCH ENVIRONMENTS TO MAJOR THREATS. CONSIDERING THE CRITICALITY OF THESE ENVIRONMENTS, THE IMPACTS CAN RANGE FROM OPERATIONAL COSTS TO CATASTROPHES IN HEALTH AND SAFETY (E.G. EXPLOSION OF A POWER PLANT). THEREFORE, IT BECOMES NECESSARY TO ADOPT INNOVATIVE SOLUTIONS CAPABLE OF COMBATING INCREASINGLY ADVANCED THREATS, ESPECIALLY CONSIDERING THE PARTICULARITIES OF AN INDUSTRIAL ENVIRONMENT (HIGHLY LEGACY SYSTEMS, DESIGNED WITHOUT SECURITY CRITERIA, WITH HIGHLY PROPRIETARY PROTOCOLS). THE MAIN OBJECTIVE OF THIS SOLUTION IS TO CONTINUOUSLY MONITOR THE AUTOMATION ENVIRONMENT TO DETECT CYBERSECURITY THREATS AS WELL AS ANOMALOUS BEHAVIOR AND RESPOND TO THESE THREATS THROUGH NOVEL FUNCTIONALITIES. FURTHERMORE, THE SOLUTION ALLOWS ASSET MANAGEMENT BY INVENTORYING ALL DEVICES CONNECTED TO THE NETWORK (INCLUDING PLC ETC). IN ADDITION, THE SOLUTION PROVIDES VULNERABILITY MANAGEMENT REPORTING THE WEAKNESSES OF EACH ASSET INVENTORIED. TO CONCLUDE, A SECURITY OPERATION CENTER IS ESTABLISHED BETWEEN THE CORPORATE AND INDUSTRIAL ENVIRONMENTS, CREATING AN INTEGRATED CYBERSECURITY ECOSYSTEM.

CYBER THREATS ARE GROWING MORE AND MORE. WITH THE ADVENT OF DIGITAL TRANSFORMATION, INDUSTRIAL ENVIRONMENTS HAVE MOVED FROM AN ISOLATED SCENARIO TO AN INCREASINGLY CONNECTED WITH NEW TECHNOLOGIES, WHICH EXPOSES SUCH ENVIRONMENTS TO MAJOR THREATS. CONSIDERING THE CRITICALITY OF THESE ENVIRONMENTS, THE IMPACTS CAN RANGE FROM OPERATIONAL COSTS TO CATASTROPHES IN HEALTH AND SAFETY (E.G. EXPLOSION OF A POWER PLANT). THEREFORE, IT BECOMES NECESSARY TO ADOPT INNOVATIVE SOLUTIONS CAPABLE OF COMBATING INCREASINGLY ADVANCED THREATS, ESPECIALLY CONSIDERING THE PARTICULARITIES OF AN INDUSTRIAL ENVIRONMENT (HIGHLY LEGACY SYSTEMS, DESIGNED WITHOUT SECURITY CRITERIA, WITH HIGHLY PROPRIETARY PROTOCOLS). THE MAIN OBJECTIVE OF THIS SOLUTION IS TO CONTINUOUSLY MONITOR THE AUTOMATION ENVIRONMENT TO DETECT CYBERSECURITY THREATS AS WELL AS ANOMALOUS BEHAVIOR AND RESPOND TO THESE THREATS THROUGH NOVEL FUNCTIONALITIES. FURTHERMORE, THE SOLUTION ALLOWS ASSET MANAGEMENT BY INVENTORYING ALL DEVICES CONNECTED TO THE NETWORK (INCLUDING PLC ETC). IN ADDITION, THE SOLUTION PROVIDES VULNERABILITY MANAGEMENT REPORTING THE WEAKNESSES OF EACH ASSET INVENTORIED. TO CONCLUDE, A SECURITY OPERATION CENTER IS ESTABLISHED BETWEEN THE CORPORATE AND INDUSTRIAL ENVIRONMENTS, CREATING AN INTEGRATED CYBERSECURITY ECOSYSTEM.

Keywords

Cyber Security; Generative AI; Network Detection and Response; Security Operation Center

Cyber Security; Generative AI; Network Detection and Response; Security Operation Center.