Detect Stealthy Cyber Attacks

Based on our ongoing network behavior analysis, Indegy’s Anomaly Detection engine establishes baselines of "normal" traffic patterns which absorb a combination of time-ranges, asset types, protocols usage, etc.

Deviations from these baselines trigger alerts that bring your security team’s attention to suspicious events in the network that require further analysis.

Network Traffic Baselining

Indegy's Anomaly Detection engine continuously "learns" normal network behavior, creates standard baselines, detects deviations and triggers alerts

Cyber Threat Hunting

Tailor-built engine focuses on activities indicative of ransomware or cyber-attack activity in the network, such as IP conflicts, port scans, ARP spoofing, etc.

OT Specific Reconnaissance

Detects the most clandestine APT reconnaissance activities using Indegy’s device classification capabilities and by understanding the context of ICS commands.

Stats Pattern
86%

Are engaged in threat hunting.

86% of IT professionals said their organizations engaged in threat hunting: “the use of threat intelligence, analytics, and security tools with old-fashioned human smarts”.
- SANS Institute Survey

Indegy’s Dual Threat Detection

Indegy's Threat Detection & Mitigation technology uniquely combines network anomaly detection with policy-based detection. By leveraging both statistical network behavior analysis and policy rules, our technology finds more threats and risks, faster, and with less false positives. The anomaly detection tool identifies stealthy deviations in network behavior from the statistical baseline. This capability is complemented by the policy detection engine, which strictly enforces deterministic rules based on the network security policy.

Deeper Analysis, Better Results

Grid Image
Context-rich alerts

Hunt and mitigate threats faster and more efficiently.

Screenshot with all events with detail of source of event

Context-rich alerts

When an anomalous event triggers a system alert, it is accompanied by meaningful detailed information and context as to what caused the alert.

Grid Image
We Speak OT

Awareness of SCADA and DCS specific commands and device classification enables deeper analysis.

Screenshot of control plane event_engineering station to controller

We Speak OT

By understanding and correlating the exact context and state of industrial communications in the network, the Anomaly Detection engine can detect early signs of cyber-attack reconnaissance in the network. For example, the Indegy Industrial Cyber Security Suite knows that an Historian or HMI server is not supposed to write configurations to specific areas on controllers. Identification of reading untypical data will raise an alert and let you begin hunting before the actual attack commences.

Grid Image
Discover Evasive Attacks

Sophisticated attacks perform extensive information gathering that creates unique patterns in ICS networks.

Screenshot of all events detected by the Indegy system

Discover Evasive Attacks

The most sophisticated attacks require the most data prior to attack execution. To evade detection, the attacker must understand the configuration of the environment, including details on assets and their configurations. The collection of this data creates a unique pattern that is abnormal in ICS environments. By detecting this anomalous traffic pattern, Indegy’s Anomaly Detection engine can alert you to the source of the deviation before any damage occurs.

Grid Image
Asset Map Integration

Configure and fine-tune baseline with visual tools for maximum protection with minimum alerts.

Screenshot of Indegy's asset map

Asset Map Integration

Indegy’s intuitive and informative asset map provides visual tools that you can use to set and fine-tune network traffic baselines. The asset map makes it easy to tailor the Anomaly Detection engine to your ICS network environment in the most effective manner. The baseline considers the pattern of traffic, typical communication throughput based on time of day, asset class types, specific protocols usage and more to ensure optimal coverage.

Screenshot of all events detected by the Indegy system

Do you know all the threats to your ICS?

If your ICS network devices are compromised, your company is vulnerable to operational disruptions and widespread damage.

Twin-Powered Threat Hunting

Feature Name
Feature Name
iMac Mockup
Indegy All Event Detail Screenshot
Twin-Powered Threat Hunting

Indegy's unmatched threat hunting capabilities are based on using Anomaly-based Detection in tandem with Policy-Based Detection. Our solution lets you detect more threats faster, keeping your industrial infrastructure safe.