APPLYING NETWORK DETECTION AND RESPONSE (NDR) IN INDUSTRY ENVIRONMENT: AN INNOVATIVE APPROACH AGAINST CYBER SECURITY THREATS: APPLYING NETWORK DETECTION AND RESPONSE (NDR) IN INDUSTRY ENVIRONMENT: AN INNOVATIVE APPROACH AGAINST CYBER SECURITY THREATS

Baioco, Gleison

doi:10.5151/2594-5335-40343

Anais do Seminário de Automação & TI

ISSN 2594-5335

25° Seminário de Automação e TI — vol. 25, num.25 (2023)

Título

APPLYING NETWORK DETECTION AND RESPONSE (NDR) IN INDUSTRY ENVIRONMENT: AN INNOVATIVE APPROACH AGAINST CYBER SECURITY THREATS

Autoria

10.5151/2594-5335-40343

Downloads

Baixar Artigo 11 Downloads

Resumo

CYBER THREATS ARE GROWING MORE AND MORE. WITH THE ADVENT OF DIGITAL TRANSFORMATION, INDUSTRIAL ENVIRONMENTS HAVE MOVED FROM AN ISOLATED SCENARIO AND HAVE BEEN INCREASINGLY CONNECTED WITH NEW TECHNOLOGIES, WHICH EXPOSES SUCH ENVIRONMENTS TO MAJOR THREATS. CONSIDERING THE CRITICALITY OF THESE ENVIRONMENTS, THE IMPACTS CAN RANGE FROM OPERATIONAL COSTS TO CATASTROPHES IN HEALTH AND SAFETY (E.G. EXPLOSION OF A POWER PLANT). THEREFORE, IT BECOMES NECESSARY TO ADOPT INNOVATIVE SOLUTIONS CAPABLE OF COMBATING INCREASINGLY ADVANCED THREATS, ESPECIALLY CONSIDERING THE PARTICULARITIES OF AN INDUSTRIAL ENVIRONMENT (HIGHLY LEGACY SYSTEMS, DESIGNED WITHOUT SECURITY CRITERIA, WITH HIGHLY PROPRIETARY PROTOCOLS). THE MAIN OBJECTIVE OF THIS SOLUTION IS TO CONTINUOUSLY MONITOR THE AUTOMATION ENVIRONMENT TO DETECT CYBERSECURITY THREATS AS WELL AS ANOMALOUS BEHAVIOR AND RESPOND TO THESE THREATS THROUGH NATIVE FEATURES OR BY INTEGRATING WITH OTHER CYBERSECURITY TOOLS. IN ADDITION, THE SOLUTION ALLOWS ASSET MANAGEMENT BY INVENTORYING ALL DEVICES CONNECTED TO THE NETWORK (INCLUDING PLC ETC). FINALLY, THE SOLUTION PROVIDES VULNERABILITY MANAGEMENT REPORTING THE WEAKNESSES OF EACH ASSET INVENTORIED. THE SOLUTION ADOPTED IS RECENT IN THE MARKET AND A PIONEER IN THE ARCELORMITTAL GROUP, REINFORCING THE ROLE OF ARCELORMITTAL FLAT CARBON LATIN AMERICA AT THE FOREFRONT OF TECHNOLOGICAL SOLUTIONS.

Cyber threats are growing more and more. With the advent of digital transformation, industrial environments have moved from an isolated scenario and have been increasingly connected with new technologies, which exposes such environments to major threats. Considering the criticality of these environments, the impacts can range from operational costs to catastrophes in health and safety (e.g. explosion of a power plant). Therefore, it becomes necessary to adopt innovative solutions capable of combating increasingly advanced threats, especially considering the particularities of an industrial environment (highly legacy systems, designed without security criteria, with highly proprietary protocols). The main objective of this solution is to continuously monitor the Automation environment to detect cybersecurity threats as well as anomalous behavior and respond to these threats through native features or by integrating with other cybersecurity tools. In addition, the solution allows asset management by inventorying all devices connected to the network (including PLC etc). Finally, the solution provides vulnerability management reporting the weaknesses of each asset inventoried. The solution adopted is recent in the market and a pioneer in the ArcelorMittal group, reinforcing the role of ArcelorMittal Flat Carbon Latin America at the forefront of technological solutions.

Palavras-chave

NDR; ANOMALY DETECTION; PROCESS AUTOMATION; CYBER SECURITY

Como citar

Baioco, Gleison. APPLYING NETWORK DETECTION AND RESPONSE (NDR) IN INDUSTRY ENVIRONMENT: AN INNOVATIVE APPROACH AGAINST CYBER SECURITY THREATS , p. 557-570. In: 25° Seminário de Automação e TI, São Paulo, 2023.
ISSN: 2594-5335 , DOI 10.5151/2594-5335-40343