In this section we will cover the following topics:
- What is an IDS device?
- What are the different functionalities of IDS device ?
- Which are the top vendors in market ?
- Why cant we have an IPS device in OT network ?
What is an IDS device ?
An Intrusion Detection System (IDS) is a passive monitoring device that monitors network traffic, detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center (SOC) analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat. The key term here is IDS device will only detect never prevent anything based on detection.
There are few reasons why IDS devices are considered with high priority security solution in an OT security program:
- 100% passive monitoring
- Agentless: Absolutely agentless. We are not installing any agent or application in any of the OT device. Most of the manufacturing contains large number of legacy devices. Installing an agent may break some devices and can affect warranty provided by the vendor
What are the different functionalities of IDS device ?
An IDS is a crucial security tool that should be deployed in an OT network for threat detection. However, in an OT network, an IDS offers more than just threat detection.
The following are the core functionalities of an OT IDS device:
Asset Identification
When discussing asset identification, the phrase “You can’t protect what you can’t see” often comes to mind, and this holds especially true in cybersecurity. Many OT networks today lack a proper and updated asset inventory. For instance, plant managers often do not know the exact number of assets in their OT network. Some customers rely on Excel sheets with asset details, but such systems are not live and require manual updates.
An IDS device can automatically detect OT, IoT, and IoMT assets from network traffic. It doesn’t just identify these assets; it also gathers information such as the vendor and model. Whenever a new device connects to the network, the IDS can detect it through network traffic analysis.
Network visualization
