April 27th, 2022
Cynalytica is now extending and integrating the power of the SerialGuard® AnalytICS Platform for Industrial IoT/OT customers with Splunk®. This new partnership means that Splunk® users can now easily and securely capture real-time serial data from the lowest layers of the ICS network via the SerialGuard® AnalytICS Platform and leverage Splunk’s world-class AI and machine learning capabilities to gain automated contextual threat detection, actionable operational insights, and unified threat intelligence across their OT and IT networks.
What does this mean for the Operator and for Industrial Control Systems Monitoring and Protection?
With the addition of the Cynalytica Industrial Control Systems (ICS) Monitoring Add-On for Splunk®, customers are now able to easily ingest complex PLC to Fieldbus device data for a more complete awareness of their operational environments. SerialGuard® is a serial data collection device that provides both completely passive and fail-safe data collection, enabling the use of modern cyber-physical data analysis and machine learning techniques for industrial control operations without introducing operational risk or requiring significant additional resources.
SerialGuard encapsulates passively captured serial communications data into an encrypted TCP data packet, which is sent out over TCP/IP to the AnalytICS Engine. This ensures safer capture, collection and integration of critical data than has been historically provided The AnalytICS Engine operates as baselining, behavioral monitoring, and intrusion detection system (IDS), providing deep packet inspection (DPI) capabilities for serial communications. The SerialGuard AnalytICS Platform can help operators learn, identify, and alert on anomalies that may be indicative of a cyber-physical event or operational issue.
With the Cynalytica ICS Add-on operators can create and integrate customized Splunk® dashboards to include Level 0 & Level 1 ICS Protocol Data:
As well as build integrated alerts based on operational needs or requirements.
The Cynalytica ICS Monitoring Add-On for Splunk helps users of Splunk® Enterprise integrate ICS Safe tools for the acquisition of data from critical OT assets and helps provide ICS protocol aware network traffic visibility for monitoring, alerting, and forensics analysis applying a Zero Trust architecture approach.
“ICS and OT security operations are persistently and significantly challenged with a lack of resources and security defenders who understand ICS protocols. Integrating the Cynalytica AnalytICS Engine Platform Add-on with Splunk helps directly address these critical challenges”, states Richard Robinson, CEO & Founder of Cynalytica.
The current proliferation of increasingly more sophisticated cyber-attacks, directed at Industrial Control Systems and Critical Infrastructure, combined with the pressure to implement new cyber security guidelines, requirements, and regulations to enforce better monitoring of Critical Infrastructure network environments makes this integration capability very timely for operators and very straightforward for Splunk® users.
Download the Cynalytica ICS Monitoring Add-On for Splunk now on Splunkbase.
Reach out to firstname.lastname@example.org to get started and mention the Splunk add-on.