- Products & Services
Security Updates
Security Products
Control Hardware
- Compliance
Mitigation Techniques
- Resources
- Company
- Contact
The goal of any critical control network administrator is to prevent unauthorized access and traffic. However, no security plan is fool-proof, so it is equally important to monitor and log activity in case a breach occurs. Two main classes of tools are available to aid with intrusion detection: host intrusion detection software (HIDS) for individual devices/clients and network intrusion detection systems (NIDS) for network level monitoring. The fundamental role of both of these security products is to monitor communication 24/7 to detect, alert, and (if configured to do so) block surreptitious traffic on a critical network.
No security plan is fool-proof, so it is equally important to monitor and log activity in case a breach occurs. Deploying HIDS and NIDS provides important protective measures and enables quicker responses and better forensic data for security events.
Host-based intrusion detection observes application behavior and system-specific settings, such as software calls, local security policies, physical port activity, and many other security-related events. HIDS must be configured on a per-machine basis and is a key part of a sound security strategy.
There are several modes a NIDS may use to analyze traffic on a network. Signature-based detection involves valid network data or signatures to analyze potentially unwanted traffic. Anomaly-based detection filters or alerts on network traffic that is abnormal or incorrect. Most control systems need to employ at least a few signatures in a NIDS library because proprietary industrial controller data transmitted between discreet devices will often be flagged in anomaly-based systems. Some NIDS may be configured to allow specific forms of traffic by authorizing the communication in the system's rule set. Or, the system may have the ability to “learn” network communication over a period of time then set into “active” mode to identify anything that was not stored and captured during the learning period.
Deploying HIDS and NIDS on critical control devices and networks provides important protective measures and enables quicker responses and better forensic data for security events. FoxGuard offers these solutions and provides validated updates and signatures as part of its DisPatch and DisPatch ProNet subscriptions so that they may be implemented in the most reliable method.