Protection of IoT and industrial networks – a new reality for which we are prepared

Recently, as an IT integrator, we’ve focused especially on the dynamic increase in the number of unmanaged devices, both in companies and institutions in all industries. The most vulnerable group includes production companies, where every production line stoppage minute may have disastrous consequences for the entire operation, as well as companies from the medical industry. It is difficult to imagine a hospital shutting down due to a cyber attack, though today this could prove to be the reality.

Attention should be paid to the fact that protection must cover not only traditional devices, for instance laptops or smartphones, but most importantly unmanaged devices – smart TVs, security cameras, intelligent lighting systems, digital assistants, heating, ventilation and air conditioning systems, medical devices, production machinery and many more.

Their number is growing dynamically every year, exceeding the number of traditional IT infrastructure devices in institutions and companies several times. However, the most disturbing fact is that often these are unmanaged devices that cannot be updated nor monitored. Hence, traditional network access control system firewalls, EDR endpoint detection and removal systems are no longer sufficient.

And this is where Xcomp comes in!

Trust that was built on our competences, experience and, most importantly, commitment to your safety led us to search for a solution that would meet those needs. This was no easy task, as the requirements were very demanding:

  • detecting all devices in a wired and wireless network – managed, unmanaged, IoT and OT devices including, but not limited to webcams, printers; heating, ventilation and air conditioning control systems; PLC, HMI, SCADA industrial control systems; distributed control systems, buildings management systems, medical devices, as well as all devices that use Wi-Fi, Bluetooth and other Internet protocols in the corporate environment
  • obtaining comprehensive information concerning the detected devices, including: device manufacturer data, model, serial number, location, username, operating system, installed applications and communication history, as well as devices classification that helps compiling an inventory
  • monitoring device behavior in accordance with the latest analysis technologies related to the detected devices, feedback in the form of risk assessment that allows to detect security vulnerabilities
  • automated threat reaction process, integration with popular security systems such as firewall, NAC or SIEM, easy implementation, low current system maintenance complexity

Why did we start to cooperate with Armis and the only Polish Clico distribution for OT?

In response to the above-mentioned requirements, we have chosen a solution from the global leader with great experience in protecting OT industrial networks, IoT devices and medical devices. Below we present the most important technical assets of the solution that convinced us to initiate cooperation:

  1. Automation of activities – saving IT and OT departments working time
  2. Integration with current security systems, such as firewall, NAC, SIEM – greater safety, seizing the maximum capacity offered by the security measures implemented
  3. Agentless platform – the ability to work with all devices that cannot have an agent installed
  4. Comprehensive detection, resources cataloging, full visibility of equipment in the corporate network and its surroundings, also providing the connection type:
  • device name,
  • device category,
  • type of device,
  • device model,
  • device brand,
  • IP address,
  • MAC address,
  • location,
  • user,
  • operating system and version,
  • applications (name, version, activity date and time),
  • first device appearance date and time,
  • last device appearance date and time,
  • organizationally unique identifier (OUI),
  • reputation,
  • behavior.
  1. Full passive monitoring – no scanners that would cause additional network overload and expose sensitive medical devices or key operational infrastructure elements to interruptions or malfunctions:
  • Connections monitoring, including connections to other devices. We include the protocol used during the connection, connection date and time and connection duration, data volume transferred and information on the physical layer, such as the Wi-Fi channel used.
  • Alerts, including information describing each single alert, such as date, time, type, action that triggered the alert and alert severity level.
  • Services accessed by the device, together with related information such as date and time, service name, data volume transferred and transmission characteristics (e.g. latency).
  • Incoming and outgoing traffic associated with the device, including port and description.
  • Risk factors, including detailed information on each risk type, such as manufacturer reputation, cloud synchronization, connection security, stored data security, harmful domains visited, number of wireless protocols used, harmful behavior, number of open ports, user authentication, detected threats and history of security vulnerabilities.
  • Device software security vulnerabilities, including related information such as CVE ID (with details available), description, publication date, attack method, attack complexity and information whether user interaction is required.

Should you have any questions, feel free to contact us – our Sales Department is waiting to receive your message.

Follow us! Keep an eye out on our activities!