Forescout Silent Defense Industrial Control System Security Demo

Solution Overview

SilentDefense is a non-intrusive network monitoring and situational awareness platform that provides in-depth visibility and cyber resilience for industrial control systems (ICS) and SCADA networks.

SilentDefense protects ICS/SCADA networks from a wide range of threats. It combines patented anomaly detection and deep packet inspection (DPI) with a library of over 2,400+ ICS-specific behavioral checks and a continuously growing library of 3,500+ IoCs to protect asset owners from advanced cyberattacks, network misconfigurations and operational errors.

SilentDefense natively interfaces with enterprise systems such as SIEM, firewalls, IT asset management, malware analysis, authentication servers and third-party platforms.

Goals & Objectives

This lab in its first module is designed to serve as a preconfigured environment for users to explore the Forescout Silent Defense product interface and operations at their own direction. WWT can provide a guided demo of the solution as well as coordinate a deep dive session with Forescout upon email request to the listed lab owners and creators for this deployment. 

Forescout Silent Defense monitors span port traffic to monitor the ICS network. The network has no security controls. All traffic generated in the network is monitored and analyzed by Silent Defense. Silent Defense provides insight into the hosts in the network, their roles and their communications. Once traffic is baselined, new hosts or traffic baseline deviations will generate an alert.

This lab demonstrates the following Silent Defense features:

  • Discover and identify ICS assets
  • Map ICS network
  • Baseline ICS traffic
  • Generate alerts related to ICS assets/traffic
  • Become acquainted with dashboard and reporting capabilities

Hardware & Software

WebUI/Sensor and monitored processes hosted on virtual ATC infrastructure