CyberX Industrial Control System Security Demo

Solution Overview

Perimeter firewalls and conventional ICS/SCADA defenses — including outdated notions like “air-gapping” and “security by obscurity” — are no longer sufficient to protect IoT and ICS networks. Targeted attacks, sophisticated malware and insider and trusted third-party threats require different, more specialized protection. That’s why CyberX was purpose-built for IoT and ICS defense.

  • Delivers immediate insights about IoT/ICS assets, vulnerabilities, and threats — in less than an hour — without relying on rules or signatures, specialized skills or prior knowledge of the environment.
  • IoT/ICS-aware with deep embedded knowledge of IoT and ICS protocols, devices, vulnerabilities applications — and their behaviors.
  • Continuous monitoring and real-time alerting with minimal false positives.
  • Known and zero-day threats: CyberX detects both for complete cybersecurity.
  • Passive and non-intrusive: With zero impact on IoT/ICS networks and devices. The CyberX appliance (virtual or physical) connects to a SPAN port or network TAP and immediately begins collecting IoT/ICS network traffic via passive (agentless) monitoring.
  • Holistic: Reduces complexity with a single unified platform for asset management, risk and vulnerability management, and threat monitoring with incident response.
  • Heterogeneous and OT vendor-agnostic: With broad support for diverse IoT/ICS protocols and control system equipment from all IoT/ICS vendors.
  • Integrates with your existing SOC workflows and IT security stacks: Including SIEMs, SOAR, ticketing, CMDB, firewalls, NAC and privileged access management solutions.
  • Open architecture: Built from the ground-up with a rich API.

Goals & Objectives

This lab in its first module is designed to serve as a preconfigured environment for users to explore the CyberX interface and operations at their own direction. WWT can provide a guided demo of the solution as well as coordinate a deep dive session with CyberX upon email request to the listed lab owners and creators for this deployment.

CyberX monitors span port traffic to monitor the ICS network. The network has no security controls. All traffic generated in the network is monitored and analyzed by CyberX. CyberX provides insight into the hosts in the network, their roles and their communications. Once traffic is baselined, new hosts or traffic baseline deviations will generate an alert.

This lab demonstrates the following CyberX features:

  • Discover and identify ICS assets
  • Map ICS network
  • Baseline ICS traffic
  • Generate alerts related to ICS assets/traffic
  • Become acquainted with Dashboard and Reporting capabilities

Hardware & Software

WebUI/Sensor and monitored processes hosted on virtual ATC infrastructure