The SCADAfence Continuous Network Monitor (CNM) solution allows administrators to significantly increase their network’s security level, while ensuring the peace-of-mind that no unnecessary risks are added to the operational environment (ICS/SCADA network). The solution is software-based and is available either as a virtual appliance or as a network appliance. The installation process requires no downtime to the operational network, and system algorithms are automatically configured without any input from the user.

SCADAfence CNM offers full visibility of day-to-day operations and real-time detection of anomalous behavior, based on deviations from normal behavioral profiles. Once a deviation is detected, the user receives a real-time alert. The user can track alerts via the SCADAfence CNM dashboard or can receive instant messages and emails. The CNM solution can also be easily integrated with SIEM management systems, an existing SOC, or with IT/OT gateways/firewalls from Check Point and other vendors.

Key Benefits

Industrial Network and
Asset Visibility

Immediately following installation, SCADAfence CNM automatically discovers and digitizes the industrial asset inventory. Based on the inventory, SCADAfence CNM tracks all industrial network activity – including the usage of industrial protocols, such as EtherNet/IP, PROFINET and Modbus – and displays it on an interactive network map. Once an alert is produced, the SCADAfence CNM visibility tools significantly reduce response time, and help determine the root cause of events using advanced forensic analysis tools.

Detection of Cyber-Attacks
and Non-Malicious Threats

The SCADAfence CNM leverages the unique characteristics of operational environments to detect deviations from normal industrial behavior. The solution detects threats that most IT solutions are unable to detect, since they lack an understanding of these behaviors. SCADAfence CNM detects a variety of cyber-attacks, from known malware and exploits to sophisticated attack vectors. Furthermore, the solution detects non-malicious activities such as policy violations, misconfigurations and equipment malfunctions that can have the same impact as malicious activity.

Risk Management and
Predictive Alerts

SCADAfence CNM assists administrators not only when there is an ongoing breach, but also in improving the security level of their industrial (ICS/SCADA) networks and in reducing potential risks. The solution discovers security and architectural flaws, and helps the administrators analyze risks and prioritize their handling. In addition, the SCADAfence CNM solution provides predictive alerts that notify the administrator of potential non-malicious errors and malfunctions before they affect the system, and helps prevent them from occurring.

How It Works

Passive network monitoring via port mirroring

Deep packet inspection of industrial protocols

Adaptive behavioral profiling, no configuration needed

Integration with existing management systems

Want to see how it works?