SCADAfence provides visibility and control for industrial and critical infrastructure networks. The SCADAfence Platform monitors the network, offering automatic asset discovery and inventory management, threat detection and risk management. The SCADAfence Platform is software based, non-intrusive, highly scalable and simple to deploy (automatic learning of the network behavior that doesn't require complex configuration).
Once a security incident is detected by the SCADAfence Platform, an alert is raised. On such an occurrence, the integration enables triggering a corrective measure in a managed and documented manner, and the ability to manage the entire incident life cycle from detection to enforcement in a secure and documented way.
What does this pack do?
The pack implements the integration with the SCADAfence Platform: it enablies importing the asset inventory, related network traffic and real time alerts of incidents and anomalies.
The playbook included demonstrates the capability to trigger a playbook upon detecting a potential infection in an OT related asset. The SCADAfence Platform provides rich information to enable risk analysis - full asset details, communications to other devices and alerts on suspicious behavior. This information is then used to calculate the probablity of infection and enable the SOC operator to take informed manual action to mitigate the threat (such as block listing the infected IP).
For more information, visit the SCADAfence website
