ISSN 2594-5335
26º Seminário de Automação e TI — vol. 26, num.26 (2024)
Título
DOI
Downloads
Resumo
CYBER THREATS ARE GROWING MORE AND MORE. WITH THE ADVENT OF DIGITAL TRANSFORMATION, INDUSTRIAL ENVIRONMENTS HAVE MOVED FROM AN ISOLATED SCENARIO TO AN INCREASINGLY CONNECTED WITH NEW TECHNOLOGIES, WHICH EXPOSES SUCH ENVIRONMENTS TO MAJOR THREATS. CONSIDERING THE CRITICALITY OF THESE ENVIRONMENTS, THE IMPACTS CAN RANGE FROM OPERATIONAL COSTS TO CATASTROPHES IN HEALTH AND SAFETY (E.G. EXPLOSION OF A POWER PLANT). THEREFORE, IT BECOMES NECESSARY TO ADOPT INNOVATIVE SOLUTIONS CAPABLE OF COMBATING INCREASINGLY ADVANCED THREATS, ESPECIALLY CONSIDERING THE PARTICULARITIES OF AN INDUSTRIAL ENVIRONMENT (HIGHLY LEGACY SYSTEMS, DESIGNED WITHOUT SECURITY CRITERIA, WITH HIGHLY PROPRIETARY PROTOCOLS). THE MAIN OBJECTIVE OF THIS SOLUTION IS TO CONTINUOUSLY MONITOR THE AUTOMATION ENVIRONMENT TO DETECT CYBERSECURITY THREATS AS WELL AS ANOMALOUS BEHAVIOR AND RESPOND TO THESE THREATS THROUGH NOVEL FUNCTIONALITIES. FURTHERMORE, THE SOLUTION ALLOWS ASSET MANAGEMENT BY INVENTORYING ALL DEVICES CONNECTED TO THE NETWORK (INCLUDING PLC ETC). IN ADDITION, THE SOLUTION PROVIDES VULNERABILITY MANAGEMENT REPORTING THE WEAKNESSES OF EACH ASSET INVENTORIED. TO CONCLUDE, A SECURITY OPERATION CENTER IS ESTABLISHED BETWEEN THE CORPORATE AND INDUSTRIAL ENVIRONMENTS, CREATING AN INTEGRATED CYBERSECURITY ECOSYSTEM.
CYBER THREATS ARE GROWING MORE AND MORE. WITH THE ADVENT OF DIGITAL TRANSFORMATION, INDUSTRIAL ENVIRONMENTS HAVE MOVED FROM AN ISOLATED SCENARIO TO AN INCREASINGLY CONNECTED WITH NEW TECHNOLOGIES, WHICH EXPOSES SUCH ENVIRONMENTS TO MAJOR THREATS. CONSIDERING THE CRITICALITY OF THESE ENVIRONMENTS, THE IMPACTS CAN RANGE FROM OPERATIONAL COSTS TO CATASTROPHES IN HEALTH AND SAFETY (E.G. EXPLOSION OF A POWER PLANT). THEREFORE, IT BECOMES NECESSARY TO ADOPT INNOVATIVE SOLUTIONS CAPABLE OF COMBATING INCREASINGLY ADVANCED THREATS, ESPECIALLY CONSIDERING THE PARTICULARITIES OF AN INDUSTRIAL ENVIRONMENT (HIGHLY LEGACY SYSTEMS, DESIGNED WITHOUT SECURITY CRITERIA, WITH HIGHLY PROPRIETARY PROTOCOLS). THE MAIN OBJECTIVE OF THIS SOLUTION IS TO CONTINUOUSLY MONITOR THE AUTOMATION ENVIRONMENT TO DETECT CYBERSECURITY THREATS AS WELL AS ANOMALOUS BEHAVIOR AND RESPOND TO THESE THREATS THROUGH NOVEL FUNCTIONALITIES. FURTHERMORE, THE SOLUTION ALLOWS ASSET MANAGEMENT BY INVENTORYING ALL DEVICES CONNECTED TO THE NETWORK (INCLUDING PLC ETC). IN ADDITION, THE SOLUTION PROVIDES VULNERABILITY MANAGEMENT REPORTING THE WEAKNESSES OF EACH ASSET INVENTORIED. TO CONCLUDE, A SECURITY OPERATION CENTER IS ESTABLISHED BETWEEN THE CORPORATE AND INDUSTRIAL ENVIRONMENTS, CREATING AN INTEGRATED CYBERSECURITY ECOSYSTEM.
Palavras-chave
Cyber Security; Generative AI; Network Detection and Response; Security Operation Center
Cyber Security; Generative AI; Network Detection and Response; Security Operation Center.
Como citar
BAIÔCO, GLEISON;
PERDIGÃO, ANA PAULA;
PEREIRA, FELIPE CARVALHO.
ESTABLISHING AN INTEGRATED IT/OT SOC SUPPORTED BY AN AI-POWERED NDR SOLUTION
,
p. 688-700.
In: 26º Seminário de Automação e TI,
São Paulo, Brasil,
2024.
ISSN: 2594-5335
, DOI 10.5151/2594-5335-41563